[Yum] idea for system verification via python+rpm
Dmitry S. Makovey
dmitry at athabascau.ca
Tue Aug 12 15:23:43 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On August 11, 2003 11:53 pm, seth vidal wrote:
> Hi,
> The idea is this rpm -V is a great utility to check files vs your rpmdb
> knowledge of the files - but it falls apart for serious security checks
> b/c a cracker could just change your rpmdb and fool rpm -V.
>
> So let's try this out.
> You have a large set of rpm headers on a remote, trusted, secure site.
> They are keyed on name-epoch-version-release-architecture.
That's exactly what we're trying to implement! :)
Unfortunately I don't have enough time to finish tuning yum to be our "package
management utility", so we're stuck for awhile with our home-built perl
system.
I've been trying to implement remote checks of rpmdb etc. but stuck with RH7.2
and rpm4.0.4 because latter doesn't want to perform
rpm -Uvh --dbpath /somehere/on/secure/site --justdb x.rpm
I found some people were complaining about it long time ago, but no receipie
or fix was released :(
- --
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/OQZ/yDrVuGfS98QRAg07AKCL34yYhIpxJHH1pGpTrYOUXd5xuACgh47w
xVc8/yVYnrjR8iClXbX5ahA=
=er5K
-----END PGP SIGNATURE-----
More information about the Yum
mailing list