[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is there a way to dump the checksums from a svn repo?

From: Thorsten Schöning <tschoening_at_am-soft.de>
Date: Thu, 29 Nov 2012 08:59:02 +0100

Guten Tag olli hauer,
am Mittwoch, 28. November 2012 um 22:45 schrieben Sie:

> Someone hacks one of the additional mirrors, modifies a revision and adjust the
> checksum (as described on many places how-to fix a corrupt repo) so it looks OK
> even with svnadmin verify.

Sounds interesting, but if the mirrors not under your full control
already have been hacked how can you trust the locally produced
checksums by svnadmin? You can't as you can't trust the mirror in any
way, svnadmin could be manipulated, too, you would need to get the
data to a trustful environment again and check it from there.

You solution wouldn't even scale as you had to recalculate all
checksums and compare all revisions all over again, you wouldn't have
any point in time where you could say that the first million revisions
are totally OK and could rely on that in the future.

I would think in another direction and use digital signatures to be
able to detect changes to revisions after the approval that there in a
consistent state with the master. Get unsigned revisions from the
mirrors, compare them file by file using hashes with the revisions
you trust and if everything is ok sign them. Depending on your
mirrors and the security you need you wouldn't even need to copy the
data, just make it accessible for read access during ssh or whatever.

The benefit is you could use already available tools and would only
need to check unsigned revisions, but can check the integrity of the
already signed revisions really fast and whenever you like. The
signature information for each revision file or checked block, however
you would implement such an approach, can even be stored on the
untrustful mirrors, nor problem as nobody else than you and however
you trust is able to create valid signatures.

Just an idea, as signatures were exactly made for such purposes were
one has to detect data manipulation in any way. Besides that, maybe
have look at the mirroring products of WanDisco, it's possible that
they already have a solution.

Mit freundlichen Grüßen,

Thorsten Schöning

-- 
Thorsten Schöning       E-Mail:Thorsten.Schoening_at_AM-SoFT.de
AM-SoFT IT-Systeme      http://www.AM-SoFT.de/
Telefon...........05151-  9468- 55
Fax...............05151-  9468- 88
Mobil..............0178-8 9468- 04
AM-SoFT GmbH IT-Systeme, Brandenburger Str. 7c, 31789 Hameln
AG Hannover HRB 207 694 - Geschäftsführer: Andreas Muchow
Received on 2012-11-29 08:59:36 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.