README: multiple improvements

diff --git a/README.adoc b/README.adoc
index 6d85d51bb297dd8ce9abd085f5c198b26a26a191..94f279248a4c2aa7fb3239e1ce9f93233a866fe7 100644 (file)
--- a/README.adoc
+++ b/README.adoc
@@ -25,8 +25,10 @@ simplicity and safety in the following principles:
   injection attacks; each host only receives its own configuration and no data
   from other hosts
 - *safety and security*: create files with "write to temporary file", "sync",
   injection attacks; each host only receives its own configuration and no data
   from other hosts
 - *safety and security*: create files with "write to temporary file", "sync",

-  "rename", "sync directory" for atomicity and durability; guard against
-  symlink and other TOCTOU attacks; extensive test suite
+  "rename", "sync directory" for atomicity and durability; implemented in a
+  memory safe language and using a simple synchronization protocol to prevent
+  attacks on the local host; guard against symlink and other TOCTOU attacks;
+  extensive test suite

 
 
 == Overview
 
 
 == Overview


@@ -96,14 +98,14 @@ future, others are due to the design of safcm.
 
 - Commands are executed with `/bin/sh -c` on the remote host which might leak
   sensitive information to other users via the command line (unless `/proc` is
 
 - Commands are executed with `/bin/sh -c` on the remote host which might leak
   sensitive information to other users via the command line (unless `/proc` is

-  mounted with `hidepid=`). Store sensitive data in a file and execute or
-  source it as a workaround.
+  mounted with `hidepid=` on GNU/Linux systems). Store sensitive data in a
+  file and execute or source it as a workaround.

 
 - Permissions of existing files and directories will be overwritten with the
   default (root/root, 0644 for files, 0755 for directories) unless manually
   configured via `permissions.yaml`. This includes important paths like
   `/root` which often have strict permissions by default, so carefully check
 
 - Permissions of existing files and directories will be overwritten with the
   default (root/root, 0644 for files, 0755 for directories) unless manually
   configured via `permissions.yaml`. This includes important paths like
   `/root` which often have strict permissions by default, so carefully check

-  the diff output for unwanted changes.
+  the output for unwanted changes.

 
 - The full file content of all files is sent to the remote during
   synchronization. This makes it impractical to synchronize large files with
 
 - The full file content of all files is sent to the remote during
   synchronization. This makes it impractical to synchronize large files with


@@ -124,7 +126,7 @@ future, others are due to the design of safcm.
 == Requirements
 
 - to build the `safcm` binary and remote helper:
 == Requirements
 
 - to build the `safcm` binary and remote helper:

-  * Go >= 1.16
+  * Go >= 1.16 (for `go:embed`, `io/fs`)

   * GNU make
 
 - local host:
   * GNU make
 
 - local host:


@@ -148,6 +150,14 @@ future, others are due to the design of safcm.
 Adding support for other operating systems (e.g. BSDs) or distributions
 including package managers (e.g. Arch, Gentoo) is easy. Please send patches.
 
 Adding support for other operating systems (e.g. BSDs) or distributions
 including package managers (e.g. Arch, Gentoo) is easy. Please send patches.
 

+At the moment the remote helper is built for the following operating systems
+($GOOS) and architectures ($GOARCH). To add more architectures simply edit
+`cmd/safcm-remote/build.sh`.
+
+    - freebsd: amd64
+    - linux: amd64, armv7
+    - openbsd: amd64
+

 
 == Authors
 
 
 == Authors