[elbe-devel] [PATCH 0/1] new validation
John Ogness
john.ogness at linutronix.de
Wed Nov 22 22:25:06 CET 2017
Hi,
Bene presented the idea of a new validation scheme based on:
1) Check for "dists/$DIST/InRelease"
2) Download if exists. Goto 9
3) Check for "dists/$DIST/Release"
4) Download if exists. Goto 6
5) Abort with error "Not a Debian Repo"
6) Check for "dists/$DIST/Release.gpg"
7) Download if exists. Goto 9
8) Abort "Not a signed Repo"
9) Validate InRelease/Release
10) Parse InRelease/Release for arch/source-specific content files
11) Check if files exists. Goto 13
12) Abort "Debian mirror misses some files"
13) Simple validation succeded.
I have partially implemented and tested this. In my implementation,
steps 6-9 are NOPs, i.e. there is no key checking. But this
implementation may serve as basis for that as well as solve the current
validation and redirect service issues.
I tested validation for the primary mirror, extra binaries mirrors, and
extra source mirrors. I did _not_ test if proxy validation is correct,
although I expect it will as long as passman.add_password() correctly
passes the dictionary item by reference.
Note: I am not a python guy. Hopefully my use of dictionaries and string
searches isn't too painful to see.
John Ogness
More information about the elbe-devel
mailing list