Open Source Comes to Campus/Curriculum/Saturday/Getting modifying and verifying
Pre-requisites: ?
Learning objectives: Know how to download a tarball and apply a patch. Understand what a patch file looks like. Understand the idea of "-p0" "-p1" fiddling. Understand how to verify a tarball against a SHA1 checksum, and why it matters. Understand how to use GPG to verify a SHA1SUMS file! Understand the basic idea of version control, and know how to create a patch file against code stored in two common VCSs.
Group discussion
- Question: Where do tarballs come from?
- Answer: Someone takes a snapshot of a directory. But how did things get in there?
- Quick overview of a patch file
- Verifying tarballs
- Why authenticity is desirable
- Example: Linux driver with a uid=0 vs. uid == 0 bug introduced
- md5sum + sha1sum
- verifying md5sum + sha1sum lists with gpg
- Quick introduction to the web of trust
- Why authenticity is desirable
- Why people use version control
- You can check if your patch is in the main tree or not
- It makes it super easy to create patches
- It is easy to jump between versions
- Quick mention of packaging systems
- Quick introduction to installing build dependencies
Individual work
- Have students go through the git training mission.
- Have students download a few tarballs and identify which ones do not verify.
Assessment elements
- The training missions includes their own assessments.
Possible problems
- ?