Anonymous user
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying: Difference between revisions
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying (view source)
Revision as of 15:16, 15 September 2012
, 11 years agono edit summary
imported>Paulproteus No edit summary |
imported>Stump No edit summary |
||
| (5 intermediate revisions by one other user not shown) | |||
Line 7:
* Begin by showing the web page for some program that has a tarball (e.g. nano)
* Download it, compile it, and run it.
* Ask the question aloud: How can we verify that this is the ''real'' GNU nano?
Line 14 ⟶ 12:
* Create a new, customized GNU nano where "New Buffer" in the title bar is replaced with "Be careful, this file is not yet saved!"
** Use 'grep "New Buffer" src/*.c' to find the string (in src/winio.c)
** modify src/winio.c and rebuild
** also make a patch!
** Roll up a new tarball, and then try to verify it with the GPG signature.
** Rebuild the Debian package with the patch added
** Notice that, once the new package is installed, the string change takes effect.
* More about verifying tarballs
** Explain why authenticity is desirable
*** Possible example: Linux driver with a uid=0 vs. uid == 0 bug introduced (
** Provide an example of md5sum or sha1sum
** Explain why they're not adequate, without GPG
Line 29:
* Quick introduction to the web of trust
* Are tarballs and patches enough? Explain why people use version control
** You can check if your patch is in the main tree or not
** Version control tools make it easy to create patches
Line 38 ⟶ 37:
* Quick introduction to installing build dependencies
* Dissect a small patch submission, such as https://bugs.freedesktop.org/show_bug.cgi?id=51883
=== Individual work ===
Line 51 ⟶ 52:
=== Note ===
* We should test that this works great on Windows and Mac, and make sure that they have the dependencies they need to make it work. (Or declare that some of this work is best-done using the shared Linux server.)
| |||