X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=README.adoc;h=94f279248a4c2aa7fb3239e1ce9f93233a866fe7;hb=12cc10aa34b77855b1dccec4dbc9183cf03fa9af;hp=f4a34feb91c2e259f25e2f3408e9fe6afb9659d4;hpb=4ce09b6e6f7056883af10c3207aed6866657f9f9;p=safcm%2Fsafcm.git diff --git a/README.adoc b/README.adoc index f4a34fe..94f2792 100644 --- a/README.adoc +++ b/README.adoc @@ -25,8 +25,10 @@ simplicity and safety in the following principles: injection attacks; each host only receives its own configuration and no data from other hosts - *safety and security*: create files with "write to temporary file", "sync", - "rename", "sync directory" for atomicity and durability; guard against - symlink and other TOCTOU attacks; extensive test suite + "rename", "sync directory" for atomicity and durability; implemented in a + memory safe language and using a simple synchronization protocol to prevent + attacks on the local host; guard against symlink and other TOCTOU attacks; + extensive test suite == Overview @@ -58,9 +60,10 @@ service names of the remote operating system. Commands are shell commands passed to `/bin/sh`. When files with the same path are present in multiple groups of a host, an -explicit _group order_ must be configured to resolve the conflict. Conflicts -do not apply to packages and services which are simply merged from all groups. -Commands are appended so that the same command can be executed multiple times. +explicit _group priority_ must be configured to resolve the conflict. +Conflicts do not apply to packages and services which are simply merged from +all groups. Commands are appended so that the same command can be executed +multiple times. To sync the configuration to a remote host, the local `safcm` binary connects to it via `ssh`. It then copies a _remote helper_ binary to `/tmp` on the @@ -95,14 +98,14 @@ future, others are due to the design of safcm. - Commands are executed with `/bin/sh -c` on the remote host which might leak sensitive information to other users via the command line (unless `/proc` is - mounted with `hidepid=`). Store sensitive data in a file and execute or - source it as a workaround. + mounted with `hidepid=` on GNU/Linux systems). Store sensitive data in a + file and execute or source it as a workaround. - Permissions of existing files and directories will be overwritten with the default (root/root, 0644 for files, 0755 for directories) unless manually configured via `permissions.yaml`. This includes important paths like `/root` which often have strict permissions by default, so carefully check - the diff output for unwanted changes. + the output for unwanted changes. - The full file content of all files is sent to the remote during synchronization. This makes it impractical to synchronize large files with @@ -123,7 +126,7 @@ future, others are due to the design of safcm. == Requirements - to build the `safcm` binary and remote helper: - * Go >= 1.16 + * Go >= 1.16 (for `go:embed`, `io/fs`) * GNU make - local host: @@ -147,6 +150,14 @@ future, others are due to the design of safcm. Adding support for other operating systems (e.g. BSDs) or distributions including package managers (e.g. Arch, Gentoo) is easy. Please send patches. +At the moment the remote helper is built for the following operating systems +($GOOS) and architectures ($GOARCH). To add more architectures simply edit +`cmd/safcm-remote/build.sh`. + + - freebsd: amd64 + - linux: amd64, armv7 + - openbsd: amd64 + == Authors