Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying

Pre-requisites: ?

Learning objectives: Know how to download a tarball and apply a patch. Understand what a patch file looks like. Understand the idea of "-p0" "-p1" fiddling. Understand how to verify a tarball against a SHA1 checksum, and why it matters. Understand how to use GPG to verify a SHA1SUMS file! Understand the basic idea of version control, and know how to create a patch file against code stored in two common VCSs.

Group discussion


 * Question: Where do tarballs come from?
 * Answer: Someone takes a snapshot of a directory. But how did things get in there?
 * Quick overview of a patch file


 * Verifying tarballs
 * Why authenticity is desirable
 * Example: Linux driver with a uid=0 vs. uid == 0 bug introduced
 * md5sum + sha1sum
 * verifying md5sum + sha1sum lists with gpg
 * Quick introduction to the web of trust


 * Why people use version control
 * You can check if your patch is in the main tree or not
 * It makes it super easy to create patches
 * It is easy to jump between versions


 * Quick mention of packaging systems


 * Quick introduction to installing build dependencies

Individual work


 * Have students go through the git training mission.
 * Have students download a few tarballs and identify which ones do not verify.

Assessment elements


 * The training missions includes their own assessments.

Possible problems