-
Notifications
You must be signed in to change notification settings - Fork 53
Optional checksum for images #103
Comments
Unfortunately there's not really any way to do this without downloading the On Thursday, September 3, 2015, Jesse Endahl notifications@github.com
Samuel Keeley |
One way to get around that is to read the file in 128 byte chunks, putting less strain on available storage, something like this (swap md5 with sha256): http://stackoverflow.com/a/4213255 |
Whipped up something that should work to checksum an image without needing local storage: bruienne@8b23f2a |
Make it work and I'll merge it in. Although most people seem to keep their config plist and images on the same server, so not sure how much safer this will be. |
@bruienne's solution downloads the image one for checksumming, then a second time by
Personally I like the |
If we can get the HTTP proxy to work reliably, then I like that idea, because it works around ASR and hdiutil's other limitations (no SSL verification and no auth off the top of my head), |
@grahamgilbert: Just being pedantic, so others are clear about it: you are ok with the idea that the error might not come until we have already laid down 90%+ of the image? What should happen with the broken volume? Erase it? And is there any objection to me writing this in |
Imaging is a destructive task anyway. If something goes wrong with ASR we On 26 January 2016 at 19:34, Karl Kuehn notifications@github.com wrote:
|
With the RAM disk option being implemented as of Imagr 1.4, this is possible now, though hasn't been coded. |
It would be great if imagr had an option for verifying checksums of images before serving them to clients, such that an image that has been tampered with won't get served to clients.
This is useful in an attack scenario where the web server where you're serving imagr images from has been compromised and the attacker has replaced your legit images with backdoored ones, but your imagr server has not been compromised. In this scenario, the imagr server could alert you that the remote image has been tampered with because the image hash doesn't match what you've specified in your imagr_config.plist.
This would have the additional benefit of protecting imagr from SSL/TLS MITM attacks if you're pulling images over HTTP.
I imagine something like this:
You might be able to easily reuse some code from Munki for this:
https://github.com/munki/munki/blob/master/code/tools/pkginfo_hash_updater.py
The text was updated successfully, but these errors were encountered: