John-Mark Gurney 4bc041af66 | 4 years ago | |
---|---|---|
fixtures | 4 years ago | |
images | 4 years ago | |
.gitignore | 5 years ago | |
LICENSE.txt | 6 years ago | |
Makefile | 4 years ago | |
NOTES.txt | 6 years ago | |
README.md | 4 years ago | |
addinfo.sh | 5 years ago | |
maxcol.awk | 4 years ago | |
mksnapidx.awk | 4 years ago | |
snapaid.sh | 4 years ago | |
snapwrap.sh | 4 years ago | |
splitbody.py | 6 years ago |
This is a utility that will make it easier to find and download the correct snapshot. It will also fetch and verify the GPG signature and hash of the snapshot to ensure that you are getting the correct file.
The only file needed for this is the snapaid.sh script. The other files are used for generating the index.
$wget https://www.funkthat.com/gitea/jmg/snapaid/raw/branch/master/snapaid.sh
$chmod 755 snapaid.sh
$./snapaid.sh find
This repository will be signed by my FreeBSD GPG key. It is available at: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/pgpkeys/pgpkeys-developers.html#pgpkey-jmg
Now that snapaid has migrated from GitHub to Gitea, you will see the verified lock icon with the commits. This is because unlike GitHub, Gitea won’t falsely show a commit as verified unless it was signed by and only by the user’s PGP key.
NOTE: The xz vs non-xz versions of some of the images are not able to be differentiated. Currently sorting rules should always put the xz version before the non-xz version.
NOTE: Only snapshots that have SHA512 hashes are included. This excludes most snapshots from 2015 and before. The tool could be updated to include SHA256, but not a priority currently, and most/all are not available for download.
The backend is just a simple text file which indexes all the published snapshots. It is built from the emails to the freebsd-snapshot list. After verification of the email’s signature, the SHA512 entry lines are extracted, the file name is parsed, and added to the complete index. The message-id of the email is in the index so that the frontend can d/l the original email and verify the GPG signature locally. The complete index is used for verifying a snapshot that has already been downloaded. Another index is also maintained which only contains the currently available to d/l snapshots. This may contain snapshots that no longer exist, as it is only updated/checked when a new snapshot is released.
The procmail rc lines that I use:
:0c
* Delivered-To: (freebsd-)?announce@([^@\.]*\.)*freebsd.org
| $HOME/bin/snapwrap.sh
:0
* Delivered-To: (freebsd-)?snapshots@([^@\.]*\.)*freebsd.org
{
:0c
ml/snapshots
:0
| $HOME/bin/snapwrap.sh
}
The first rule is used for RELEASE announcements. They are copied (c
)
so that a later rule can file them in the proper mailbox. The second rule
is for the snapshots, and smiilarly organized, but the mailbox filing
happens here.
The snapwrap.sh script is included in the repo, but the command to deploy
the database to the FreeBSD.org servers has been deleted, but it is a
simple: tar -cf - <files> | ssh freefall tar -xf -
type command.