Code Monkey home page Code Monkey logo

vib-fsguard's Introduction

vib-fsguard

Vib plugin that sets up fsguard and generates a filelist.

This plugin requires that minisign is installed in the image, this can be easily done with a nested module

Module Structure

- name: fsguard
  type: fsguard
  CustomFsGuard: false
  FsGuardLocation: "/usr/bin/"
  GenerateKey: true
  FilelistPaths: ["/usr/bin/"]
  modules:
    - name: minisign
      type: apt
      sources:
        packages:
            - "minisign"

If GenerateKey is set to false, KeyPath has to be specified, pointing to a location in the container (e.g. added through includes.container) which contains already existing minisign keys:

- name: fsguard
  type: fsguard
  CustomFsGuard: false
  FsGuardLocation: "/usr/bin/"
  GenerateKey: false
  KeyPath: "/etc/minisign/"
  FilelistPaths: ["/usr/bin/"]
  modules:
    - name: minisign
      type: apt
      sources:
        packages:
            - "minisign"

Note that the keys must be named minisign.pub (public) and minisign.key (private) in this example the minisign keys would be in includes.container/etc/minisign/, which translates to `/etc/minisign** in the build environment

Keep in mind that the minisign key cannot be password protected, as there is no way for the user to type in the password during building (which is why always generting a random key through GenerateKey is recommended)

In the case that FsGuard has to be manually built (due to a configuration change or similiar), the CustomFsGuard option has to be set to True, this stops the module from fetching a prebuilt FsGuard and instead allows the user to manually build FsGuard, it does however expect the FsGuard binary to be at /sources/FsGuard

vib-fsguard's People

Contributors

axtloss avatar kbdharun avatar matbme avatar mirkobrombin avatar taukakao avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

kbdharun taukakao

vib-fsguard's Issues

bug: investigate "/usr/bin/python3: can't find '__main__' module in '/sources/fsguard/genfilelist.py'" error

We need to investigate why this error is caused in the current version of the vib-fsguard plugin.

The full error log can be found at: https://github.com/Vanilla-OS/custom-image/actions/runs/9576449836/job/26404344197

Related PR: Vanilla-OS/custom-image#18

Release References

  1. https://github.com/Vanilla-OS/vib-fsguard/releases/tag/v1.5
  2. https://github.com/Vanilla-OS/Vib/releases/tag/v0.7.1
  3. https://github.com/Vanilla-OS/vib-gh-action/releases/tag/v0.7.1

Integrity check fails on first boot when Orchid is installed.

Issue Description

Testing has been done on VirtualBox with Linux and Windows hosts, KVM on a linux host, and hyper-v on a Windows host.

VirtualBox on Linux failed to install for unrelated reasons with incredibly unstable graphics drivers and the inability of the installer to read the drive.

All the other hypervisors, Vanilla installed "correctly" but failed integrity check. Upon further investigation, the FsGuard executable is replaced with what appears to be log data, which would explain the IC failure.

Steps to Reproduce

-- disregard first two steps, this appears to not be exclusive to VMs
~~- Load a hypervisor (IE: Virtualbox, Hyper-V)

  • Create a new VM (I used an 80GB drive, 8GB of ram, and 4 CPU cores, all other settings were tested first as default but changing them had no visible effect.)~~

  • Install VanillaOS with the fairly obvious procedure

  • Reboot when prompted and load current state (A)

  • Observe IC fail. Bypassing IC boots correctly and seems to work, but attempting a forced update to fix the FsGuard executable unequivocally breaks both partitions, preventing Xorg or Wayland from launching in a current or previous state.

On what version of Vanilla OS this happens?

Orchid, latest as of 2024/07/02

Additional Information

The aforementioned issue with VirtualBox on Linux may be related to an issue discussed on the discord relating to the i915 drivers as the i915 chipset is used by default by VirtualBox on Linux hosts.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.