deblob-* scripts are now signed

Alexandre Oliva lxoliva at fsfla.org
Wed Jan 28 03:31:02 UTC 2015 

litan on IRC mentioned the deblob scripts in our releases/ tree were not
signed, making it risky to download and run them, since they might have
been corrupted (intentionally or not) in the server or in transit.

I've just verified all of the deblob-* scripts in there to make sure
that they matched the corresponding file in our svn repository.  There
were about 10 files that did not match: nearly all of them were
deblob-check scripts modified within a stable cycle, with cherry-picked
patches that I manually verified against the corresponding patch in the
svn tree.

Two others were deblob-<kver> from -rc releases, that were different
from the svn file of the same vintage in that the svn file had
extra=0--, to indicate a pre-release, whereas the script used to clean
up the -rc release did not.  When that script was used in the final
release, it was checked into svn, but in case the script underwent
changes, no exact match would be found in the repository.  So, I had to
check those by hand.

The only other exception was 2.6.28.10-gnu1/deblob-2.6.28, that started
with 's#!/bin/sh'.  Presumably some failed C-x C-s that somehow failed
to fail right away.  I seem to have noticed the error a couple of days
later, because 2.6.28-gnu1/deblob-2.6.28 was fixed then, but the other
file remained broken.  I have replaced the broken file with a hard link
to the then-fixed script.

I also checked the per-release links to the COPYING file in that tree,
as well as a few README* files in there, to make sure they had not been
corrupted.

Once I was happy with all the checking, I signed all of the files, and
then verified that they still matched the hashes I had computed before
starting it all.

So, from now on, all files within releases/ will be signed.


Now, I'm working on creating tags/ dirs for each release that had
changes to the deblobbing scripts, and branches/ dirs with the change
history of each tree.

-- 
Alexandre Oliva, freedom fighter    http://FSFLA.org/~lxoliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist|Red Hat Brasil GNU Toolchain Engineer

More information about the linux-libre mailing list