You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NixOS is already committed to using Git, and signature (GPG/PGP/SSH) verification is one of the features of Git. Simplest case: when an attacker gets access to the repository, he can push malicious changes to all the hosts that have autoupgrade enabled.
Currently system.autoUpgrade does not implement signature verification option. Right now I use a simple custom systemd service that performs checks before switching:
In the example above I already have a git configured system-wide to use my public key for verification. As a possibility, new option should allow specifying and checking public key instead of relying on system-wide configuration.
This allows to block any unsigned automatic changes to the hosts. In the worst case of losing the key it is still possible to access the host by other means to run a switch manually.
NixOS is already committed to using Git, and signature (GPG/PGP/SSH) verification is one of the features of Git. Simplest case: when an attacker gets access to the repository, he can push malicious changes to all the hosts that have autoupgrade enabled.
Currently
system.autoUpgrade
does not implement signature verification option. Right now I use a simple custom systemd service that performs checks before switching:In the example above I already have a git configured system-wide to use my public key for verification. As a possibility, new option should allow specifying and checking public key instead of relying on system-wide configuration.
This allows to block any unsigned automatic changes to the hosts. In the worst case of losing the key it is still possible to access the host by other means to run a switch manually.
Feel free to ask me any questions.
Add a 👍 reaction to issues you find important.
The text was updated successfully, but these errors were encountered: