Re: [gNewSense-users] gNewSense Servers Safe

[Matthew Flaschen]

Karl Goetz wrote:
> On Thu, 01 Jan 2009 20:18:05 -0500
> Ted Smith <address@hidden> wrote:
> 
>> On Fri, 2009-01-02 at 11:27 +1030, Karl Goetz wrote:
>>> On Thu, 01 Jan 2009 16:31:26 -0500
>>> Matthew Flaschen <address@hidden> wrote:
>>>
>>>> Ted Smith wrote:
>>>>> On Thu, 2009-01-01 at 17:49 +0800, Koh Choon Lin wrote:
>>>>>>>> I noted in recent times, servers for distro like Fedora and
>>>>>>>> Debian were compromised by hackers. Are there some measures
>>>>>>>> taken for gNewSense after those incidents?
>>>>>> I actually meant to ask how the servers hosting gNewSense are
>>>>>> protected to insure against rootkits being inserted into the
>>>>>> distribution stream.
>>>>> Well, all packages are PGP-signed, the preferred distribution
>>>>> method of the LiveCDs is BitTorrent (which is un-rootkitable),
>>>>> and the liveCD's available for direct download are MD5sum'd
>>>>> (and the MD5sums are PGP-signed).
>>>> I agree.  The only things that really matter are:
>>>>
>>>> 1. Using a secure hash (e.g. SHA-256).
>>> Moving from MD5SUM to SHA???SUM would be < 10 line patch to Builder,
>>> IIRC.
>>> kk
>> That should be done ASAP. MD5 has been broken for a while and now it's
>> getting to the point of being really ridiculous. It could be there
>> still for people that are uncomfortable using SHA, but we definitely
>> need to have options more secure than MD5.
> 
> I'm sure Brian will accept patches.
> kk

Okay, patch attached.  It uses sha256sum in place of md5sum, and changes
the file name to SHA256SUMS accordingly.  Also, it uses a detached GPG
signature, which I think is better because it is less redundant; the
command also uses --output to avoid a mv.

Matt Flaschen

Index: stage-cd
===================================================================
--- stage-cd    (revision 222)
+++ stage-cd    (working copy)
@@ -30,9 +30,8 @@
        tar -cf  $DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar 
$DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION
        cd $REPODST/cdimage
        mv $LIVECDDIR-src/$DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar .
-       sed -i "/ $DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar$/d" 
MD5SUMS
-       md5sum $DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar >> MD5SUMS
+       sed -i "/ $DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar$/d" 
SHA256SUMS
+       sha256sum $DISTRONAME_L-cdsource-$RELEASE-$LIVECD_VERSION.tar >> 
SHA256SUMS
 fi
 cd $REPODST/cdimage
-gpg -u $SIGNINGKEY --clearsign MD5SUMS
-mv MD5SUMS.asc MD5SUMS.gpg
+gpg -u $SIGNINGKEY --detach-sign --armor --output SHA256SUMS.gpg SHA256SUMS
Index: gen-livecd
===================================================================
--- gen-livecd  (revision 222)
+++ gen-livecd  (working copy)
@@ -190,5 +190,5 @@
 # Here we stage the cd image
 cd $REPODST/cdimage
 btmakemetafile.bittornado http://torrent.$DOMAIN:6969/announce --announce_list 
"$BITTORRENT_ANNOUNCE_LIST" 
$LIVECD_ISO_PREFIX-livecd-$RELEASE-$LIVECD_VERSION.iso
-sed -i "/ $LIVECD_ISO_PREFIX-livecd-$LIVECD_VERSION.iso$/d" MD5SUMS || true  # 
Might not exist yet
-md5sum $LIVECD_ISO_PREFIX-livecd-$RELEASE-$LIVECD_VERSION.iso >> MD5SUMS
+sed -i "/ $LIVECD_ISO_PREFIX-livecd-$LIVECD_VERSION.iso$/d" SHA256SUMS || true 
 # Might not exist yet
+sha256sum $LIVECD_ISO_PREFIX-livecd-$RELEASE-$LIVECD_VERSION.iso >> SHA256SUMS