Anonymous user
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying: Difference between revisions
Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying (view source)
Revision as of 23:09, 23 February 2012
, 12 years agono edit summary
imported>Paulproteus No edit summary |
imported>Paulproteus No edit summary |
||
Line 1:
'''Pre-requisites''': ?
'''Learning objectives''': Know how to download a tarball and apply a patch. Understand what a patch file looks like. Understand the idea of "-p0" "-p1" fiddling. Understand how to verify a tarball against a SHA1 checksum, and why it matters. Understand how to use GPG to verify a SHA1SUMS file! Understand the basic idea of why version control could be useful, and know how to create a patch file.
* Begin by showing the web page for some program that has a tarball (e.g. nano)
* Download it, compile it, and run it.
* Look at its ChangeLog, and show that different people were involved.
* Ask the question aloud: How can we verify that this is the ''real'' GNU nano?
** Use http://ftp.gnu.org/gnu/nano/nano-2.2.6.tar.gz.sig to verify it
* Create a new, customized GNU nano where "New Buffer" in the title bar is replaced with "Be careful, this file is not yet saved!"
** modify src/winio.c and rebuild
** also make a patch!
** Roll up a new tarball, and then try to verify it with the GPG signature.
** Rebuild the Debian package with the patch added
* More about verifying tarballs
***
** Explain why they're not adequate, without GPG
* Case study: Explain signing in Debian
▲** Why authenticity is desirable
▲*** Example: Linux driver with a uid=0 vs. uid == 0 bug introduced
▲** md5sum + sha1sum
▲** Quick introduction to the web of trust
* Are tarballs and patches enough?
**
** You can check if your patch is in the main tree or not
**
**
* Quick mention of packaging systems
Line 26 ⟶ 39:
* Quick introduction to installing build dependencies
* Have students go through the
*
* Provide a download link for students, with a few tarballs and SHA1SUM files, and identify which ones do not verify.
'''Assessment elements'''
Line 35 ⟶ 49:
* The training missions includes their own assessments.
=== Note ===
* We should test that this works great on Windows and Mac, and make sure that they have the dependencies they need to make it work.
|