Anonymous user
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying: Difference between revisions
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying (view source)
Revision as of 15:16, 15 September 2012
, 11 years agono edit summary
imported>Paulproteus No edit summary |
imported>Stump No edit summary |
||
(4 intermediate revisions by one other user not shown) | |||
Line 7:
* Begin by showing the web page for some program that has a tarball (e.g. nano)
* Download it, compile it, and run it.
* Ask the question aloud: How can we verify that this is the ''real'' GNU nano?
Line 14 ⟶ 12:
* Create a new, customized GNU nano where "New Buffer" in the title bar is replaced with "Be careful, this file is not yet saved!"
** Use 'grep "New Buffer" src/*.c' to find the string (in src/winio.c)
** modify src/winio.c and rebuild
** also make a patch!
** Roll up a new tarball, and then try to verify it with the GPG signature.
** Rebuild the Debian package with the patch added
** Notice that, once the new package is installed, the string change takes effect.
* More about verifying tarballs
** Explain why authenticity is desirable
*** Possible example: Linux driver with a uid=0 vs. uid == 0 bug introduced (
** Provide an example of md5sum or sha1sum
** Explain why they're not adequate, without GPG
Line 29:
* Quick introduction to the web of trust
* Are tarballs and patches enough? Explain why people use version control
** You can check if your patch is in the main tree or not
** Version control tools make it easy to create patches
Line 38 ⟶ 37:
* Quick introduction to installing build dependencies
* Dissect a small patch submission, such as https://bugs.freedesktop.org/show_bug.cgi?id=51883
=== Individual work ===
|