Google Summer of Code: Encrypted branch/repository format status
Robert Collins
robertc at robertcollins.net
Fri Aug 3 01:51:16 BST 2007
Theres another possibility now that may make Bogdano's project easier.
I have pack based repositories up and running. They have a much leaner
interface, true write-once (no appending) to their files, and *may* be
more suitable for doing crypto on. They don't expose file ids or any
internal information as part of the file names within the repository.
A pack based repository has:
a collection of packs (bzrlib.pack). The interfaces that need to work
for this are:
- write the pack - a series of records are added one at a time
- read the pack (streaming) - the pack is read end to end.
- read the pack (readv) - selected records from within the pack are
read.
A collection of indices for each pack. Each index has the following
interfaces:
- create the index - add records in arbitrary order, then when finished
'finish()' is called and a bytestream for the index is returned.
- use the index - queries are made and the index object can read some
or all of the index - its up to the index object to decide whats
appropriate, and how much to read.
Concretely, we might have 0.pack, and 0.tix, 0.iix, 0.six, 0.rix - the
pack and the 4 indices for it.
So for crypto one way to do this would be to write a per-pack key for
each (pack + indices), encrypting that key with the repository main key
(this lets you move a pack to a different repository without reencypting
the pack - just rencrypt the key). Then use a block cipher for the
index, with the cipher block size some even divisor of the page size
that the index is read in. (so that you can always read an entire page).
For the .pack file, a block cipher started fresh on each record will
work well, as the overhead is only a few bytes, and the data mapping
code is now able to handle the size being written to the pack not
matching the size actually written - the size written gets returned to
the caller.
Bogdano - what do you think of this?
-Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20070803/f920c35e/attachment.pgp
More information about the bazaar
mailing list