Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upMake signed scrypt binary available to Qubes users for emergency backup recovery #4047
Comments
andrewdavidwong
added
C: other
task
labels
Jul 1, 2018
andrewdavidwong
added this to the Ongoing milestone
Jul 1, 2018
andrewdavidwong
assigned
marmarek
Jul 1, 2018
andrewdavidwong
added
the
P: major
label
Jul 1, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Jul 1, 2018
Member
We already have signed rpm package with the binary. You can easily extract binary (rpmdev-extract tool) from there and treat rpm as a signed container. Alternatively we could put just a binary with a detached signature somewhere. Obviously the first option if far less work, as it is already done: https://yum.qubes-os.org/r4.0/current/vm/fc28/rpm/scrypt-1.2.1-1.fc28.x86_64.rpm (you can also choose older Fedora version, to have it linked with older libraries - useful for usage on non-Fedora systems)
|
We already have signed rpm package with the binary. You can easily extract binary ( |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Ok, I'll document the procedure. |
andrewdavidwong commentedJul 1, 2018
I've just updated Emergency Backup Recovery without Qubes - format version 4 to strongly recommend that Qubes users store a copy of the
scryptutility with their 4.x backups, since it is required in order to access the data in those backups (see QubesOS/qubes-doc@bb26173 and, for background, #971).@marmarek and I previously agreed that it would be a good idea to make a signed binary available to Qubes users so that all Qubes users don't have to compile it from source themselves.
One thing to think about is whether the signed binary should also be included in Qubes itself (e.g., in dom0) or just as a web download.