Feature #8507
Evaluate how safe our usage of di-netboot-assistant is
0%
Description
It lives in the libvirt::host::di_netboot_assistant
class and libvirt::host::di_netboot_assistant::distribution
defined resource in https://git-tails.immerda.ch/puppet-libvirt.
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-08-25 |
History
#1 Updated by bertagaz 2015-01-18 15:37:03
If the process to update the installer pxe files is to remove the old ones and run puppet agent again for the recipe to download the new installer, then we might lack a bit of authenticity verification.
di-netboot-assistant doesn’t seem to verify by itself the installer files it downloads (according to http://anonscm.debian.org/cgit/d-i/netboot-assistant.git/tree/di-netboot-assistant).
#2 Updated by intrigeri 2015-01-18 17:52:17
> di-netboot-assistant doesn’t seem to verify by itself the installer
> files it downloads
Is there an upstream bug for that?
#3 Updated by BitingBird 2015-01-18 23:02:47
If i found the right page, then the answer is no: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=di-netboot-assistant
#4 Updated by bertagaz 2015-01-21 13:00:22
- Type of work changed from Audit to Debian
Reported to Debian in bug 775904
#5 Updated by intrigeri 2015-08-15 03:53:21
di-netboot-assistant 0.39’s changelog reads:
* Implement the inclusion of debian-installer packages. Add
instructions to the README and a warning when installing insecurely.
… which should solve our concerns.
#6 Updated by intrigeri 2015-08-25 01:45:06
- related to
Bug #10092: Use di-netboot-assistant in a safer way added
#7 Updated by intrigeri 2015-08-25 01:45:41
- Status changed from Confirmed to Resolved
Evaluation completed, next step is Bug #10092.
#8 Updated by BitingBird 2015-08-25 11:24:29
- Target version set to Tails_1.6