cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update

This commit is contained in:
Joey Hess 2014-11-18 18:58:47 -04:00
parent 7299cd7320
commit 95fda710cb
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/security.mdwn
View File

@ -6,13 +6,13 @@ The only trusted machine is the laptop where you run `propellor --spin`
to connect to a remote host. And that one only because you have a ssh key to connect to a remote host. And that one only because you have a ssh key
or login password to the host. or login password to the host.
Since the hosts propellor deploys are not trusted by the central git Since the hosts propellor deploys do not trust the central git repository,
repository, they have to use git:// or http:// to pull from the central and it doesn't trust them, it's normal to use git:// or http:// to pull
git repository, rather than ssh://. from the central git repository, rather than ssh://.
So, to avoid a MITM attack, propellor checks that any commit it fetches Since propellor doesn't trust the central git repository, it checks
from origin is gpg signed by a trusted gpg key, and refuses to deploy it that any commit it fetches from it is gpg signed by a trusted gpg key,
otherwise. and refuses to deploy it otherwise.
That is only done when privdata/keyring.gpg exists. To set it up: That is only done when privdata/keyring.gpg exists. To set it up: