[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Thomas Zander |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 8 Dec 2003 18:01:51 +0100 |
User-agent: |
KMail/1.5.4 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 08 December 2003 17:49, Tom Lord wrote:
> 1) Can signing be made an essential property of all (present and
> future) arch archives, including "smart server" archives and
> the like?
> 2) Can signing be made an implicit property, essentially hidden
> from the bulk of the code in arch, of all existing "dumb-fs"
> arch archive implementations?
...
> To satisfy the immediate needs of Savannah, the FSF, and really the
> free software community generally, I'm looking for an answer to
> question (2).
*nod*
> For question (2), signing the actual tar bundles seems
> like a pragmatic choice. The trick is to do (2) without hosing the
> architecture of arch (by leaking knowledge of signing into too much
> of the internal interfaces of libarch).
Right, this basically means that to satisfy (2) in a short timespan you will
ignore (1) for now.
As you know I am not deeply knowledgable on the structures tla has. So allow
me to show the solution I think is going to satisfy (1) and (2), and I'll
let you be the judge if it can be done.
The solution I proposed has an extra entry somewhere in the compressed tar
that is the generated signature of the rest of the tar.
It is likely to be the last file in the tar, and likely to be a standard
length (which is nice to know when you use streaming protocols).
The way it works is that you create a tar (via make_tmp_tar_archive() for
example) and print the output to stdOut. You split that stream to run it
through a gzip and through gpg at the same time.
When tar is done you take the output from gpg and add that to the tar/gzip
stream as well.
And you have a tar/gz that is signed.
With shell its not so easy; but it can be used to illustrate the point, so
please remember that this can be done better and with less overhead from
the examples I show here.
tar c myDir | tee tmpFile1 | gpg --yes -bao ++sig
tar rf tmpFile1 ++sig
gzip tmpFile1
The only _if_ I see is that tla should not bark over a file being added to
that tar, I hope that won't be a problem.
- --
Thomas Zander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/1K6ACojCW6H2z/QRAjfuAKCKURv1u3CTQy5tV1pxfxdzchW9IwCg9dty
u+wx41iNbKrr712eSw66cVw=
=PG+H
-----END PGP SIGNATURE-----
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Charles Duffy, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Thomas Zander <=
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Mraz, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07