[Reproducible-builds] uploading .buildinfo files… (from Debian reproducible builds…)
Holger Levsen
holger at layer-acht.org
Fri Mar 18 14:00:48 UTC 2016
Hi Linus,
(added the Debian reproducible builds lists to cc:)
On Fri, Mar 18, 2016 at 11:36:56AM +0100, Linus Nordberg wrote:
> Do once (per host you're going to submit from):
>
> alias curl-tor='curl -A "" -x socks4a://127.0.0.1:9050/'
that has an result I understand…
> curl-tor -O https://www.ct.nordu.net/gaol.ct.nordu.net.pem
> curl-tor -O https://www.ct.nordu.net/gaol.ct.nordu.net.pem.asc
> gpg --verify gaol.ct.nordu.net.pem.asc
but this is rather incomplete or meaningless? ;-) Or I don't see the
point as that certificate aint used anywhere?
> Do once per .buildinfo file:
>
> printf "{\"blob\": \"$(cat file | base64)\"}" | \
> curl-tor --data @- \
> http://mvkhztpvqcxpdbn3.onion/open/gaol/v1/add-blob
ok, seems easy enough.
So I just did:
printf "{\"test-h01ger\": \"$(cat /etc/motd | base64)\"}" | curl -A "" \
-x socks4a://127.0.0.1:9050/ --data @- \
http://mvkhztpvqcxpdbn3.onion/open/gaol/v1/add-blob
Did the log receive that? If so, it's trivial to send them all to your
log…
> NOTE0: If the size of your submissions (after base64 encoding) exceeds
> ~2MB they will fail.
ok, that's fine. currently the biggest .buildinfo file we have
(gcc-5-cross-ports_7_amd64.buildinfo) is 120K which transforms into 162k
base64 encoded.
> NOTE1: All data may disappear at any time (but i'll try hard to avoid
> that).
ok, noted.
> NOTE2: The format for submitted data might change, most likely adding a
> requirement for a "sig" field with a signature over "blob"
ok, please just tell us.
> NOTE3: you might want to put something in "blob" that makes it easy for
> you to select your entries from the log
I guess the filename of the .buildinfo file will do. What if I reuse the
"blob" value?
--
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160318/d64a1699/attachment.sig>
More information about the Reproducible-builds
mailing list