On 2004-08-18 14:25, "Thordur Ivar B." <thib@mi.is> wrote: > But still, you can only be sure if you trust you CVS checkout. > I have found it rather annyoing not have'ing checksums of each and > every file in /usr/src. And having a "secure" (man-in-the-middle > attack, etc comes in mind) way of optaining the checksum file.( A good > shell script could verify the checkout and you could sleep easy ;) > > Do correct me about the checksums if I'm wrong. Would something like this work for you? # mount /mnt/floppy # mtree -c -K cksum,flags -p . | \ bzip2 -9c - > /mnt/floppy/src.dist.bz2 # umount /mnt/floppy Then you can mount the floppy disk and check the /usr/src tree against the checksums saved by mtree with: # mount /mnt/floppy # bunzip2 -cd /mnt/floppy/src.dist.bz2 | \ mtree -u -f - # umount /mnt/floppy Any differences of the files since your last CVSup should be easy to catch with this little trick. I've just tested this on my -CURRENT installation and the bzip2'd spec file generated by the first mtree invocation is a little less than 600 KB for /usr/src. It fits nicely in a single floppy disk :-) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"