non port: ports-mgmt/poudriere/files/MANIFESTS/amd64-amd64-10.0-RELEASE |
Number of commits found: 1 |
Tuesday, 16 Feb 2016
|
15:45 cperciva
Add MANIFEST files from (9|10).*-RELEASE. These files are installed in
/usr/local/share/poudriere/MANIFESTS, where poudriere (as of version
3.1.11) checks for pre-distributed MANIFEST files before fetching them
from the ftp/http/https server.
This allows poudriere to ensure that the bits it is downloading and
installing really match the bits provided by the release engineering
team, and have not been subtly trojanned in transit. (Note that this
does not apply if poudriere is creating a jail from -STABLE or -CURRENT
since we cannot pre-distribute those MANIFESTs.)
The MANIFEST files were obtained by
(a) finding the GPG-signed announcements for 9.0 and later releases;
(b) verifying those signatures against the GPG keys in the FreeBSD
documentation repository;
(c) downloading all of the relevant bootonly ISOs;
(d) verifying the ISOs against the hashes listed in the signed release
announcements; and
(e) extracting the MANIFEST files from those ISOs.
Reviewed by: bdrewery
Security: If someone could trick you into building packages in a
world which they tampered with, they could do all sorts
of nasty things to those packages...
|
Number of commits found: 1 |