[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sum proposal

Manoj Srivastava <srivasta@debian.org> writes:

> Hi,
> >>"Goswin" == Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de> writes:

>  >> This also has more complicated issues than just generating md5sums (find
>  >> | xargs will do that for you). In particular making sure your list of
>  >> md5sums isn't equally vulnerable as your main system is difficult. Signing
>  >> them in any useful way requires keeping your private key on removable
>  >> media, (or on a separate secured/firewalled/somethinged computer).
> 
>         You mean you do not keep your private key on a removable media
>  on a non-networked computer? Why are you worrying about security at
>  all then?

My comp is not on the network, except the local net inside my room. If 
somebody hacks into my net, he can just steal the harddrive or boot
with a rescue disk. What do I care about security. :)
I find it far more usefull to use md5sum fields to generate
binary.diff.deb files or to check the system for corrupted files after 
a crash.
>...
>  Goswin> Thats the main use for it, as I see it. But not only for recovery, but 
>  Goswin> also for backup. You only need to backup files that have a different
>  Goswin> md5sum compared to the deb files on CD.
> 
>         Why only .deb files? And the md5sums included in packages can
>  not accomodate conf files in /etc legitimately changed by the
>  sysadmin.

??? If you change any file, be it a config file or a script, its
md5sum will differ and thus it will be backuped.
> 
>         If this is the onl;y legitimate use of the sums files, why
>  bloat the packaging mechanism with them? Why not work on a program
>  that is flexible enough to look at any and all files on the system,
>  as directed by the user.

For backup/recovery purposes packages don't need md5sums, but then it
would be nice if one could tell dpkg to generate them during
installation and keep them somewhere, otherwise one will forget to
generate md5sums sometimes when installing new stuff.

>         I figure we need a program that
>  a) Takes a list of dir tree roots to consider (so I can add
>     /usr/local/etc or /home/srivasta/Backups
>  b) Applies exclusion reg expressions to the files in the tree
>  c) Applies inclusion regexps (optionally) to the files excluded
>  d) Looks at targets of links
>  e) looks at uid and gid of files
>  f) looks at md5sums of files
>  g) creates its databse under a single dir, so it may be mounted on
>     removeable media (like a CD-RW or zip/jazz drive)

Well, doing a backup it pretty easy:

tar -cIvvf /mnt/backup/back.tar.bz2 `cruft` /var/lib/dpkg

This might not quite work straight out of the box, but with a bit of
mangling you get all files backuped.

May the Source be with you.
			Goswin
Reply to: