[arch-general] Is it secure to just sign repository databases?
Manuel.Spam at nurfuerspam.de
Mon Jun 17 16:38:29 UTC 2019
On 17.06.19 18:18, Eli Schwartz via arch-general wrote:
> That being said, it's possible to configure sudo to run makechrootpkg,
> but only makechrootpkg, as root. Or run SUDO_USER=... SUDO_UID=...
I've tried several times to just launch makechrootpkg with root
privileges directly. As makechrootpkg drops to a unprivileged user
inside the chroot, this should be perfectly safe.
But I always ran into errors saying that makepkg is not allowed to be
run as root.
Does your SUDO_USER=... SUDO_UID=... command line allow to directly
launch as root without needing sudo at all? This is what I would need to
make my autobuild work.
> Yes -- do all signing locally, after the package leaves the build VM. If
> something goes wrong on the VM, you can remove the relevant packages
> without, say, revoking your key, so the security issue is less drastic.
This would also be a possible way. Sign packages where the signature is
outdated, delete signatures that don't belong to packages and finally
repo-add the whole stuff after deleting the db file.
Is there a better tool as repo-add/repo-remove? I've been searching for
some "repo-update" tool for quite a while now. A smart tool which
doesn't recreate stuff and just updates a DB file would be pretty handy.
More information about the arch-general