Verifying a subversion checkout
Trond Endrestøl
Trond.Endrestol at fagskolen.gjovik.no
Tue Feb 11 07:41:32 UTC 2014
On Tue, 11 Feb 2014 08:26+0100, C. P. Ghost wrote:
> Hello,
>
> is there a way to automatically verify that the checkout
> of a random subversion revision of /usr/src hasn't been
> tampered with?
>
> I'm worried about the possibility of
> 1/ an MitM attack while fetching the sources
HTTPS would be the best option, compared to pure SVN and HTTP access.
> 2/ changes to the local /usr/src for whatever reasons
Look into the svn status command. See svn --help status for all
possible options.
Otherwise, a complete new checkout would hopefully eliminate any
wrongdoing.
Protecting, handholding and keeping your own local svn mirror updated
might be another option.
> 2/ isn't so critical; there's always the possibility to check
> them from another machine, provided checksums were
> created immediately after the svn update. It's 1/ that's
> bothering me.
>
> Or, asked differently, does SVN protocol support some
> kind of authentication that thwarts man-in-the-middle
> attacks?
>
> Of course, at release points, we always have checksums
> for the ISO images. That's security-wise the only point
> where I'm sure that I'm running from genuine sources.
> It's what's in-between releases that I'm asking about.
>
> Thanks,
> -cpghost.
--
+-------------------------------+------------------------------------+
| Vennlig hilsen, | Best regards, |
| Trond Endrestøl, | Trond Endrestøl, |
| IT-ansvarlig, | System administrator, |
| Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
| tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
| sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
+-------------------------------+------------------------------------+
More information about the freebsd-questions
mailing list