Can we digitally sign the solutions registry files so that the client can verify they was created by us?
Christopher On Mon, Apr 20, 2020 at 16:37 Gregg Vanderheiden RTF < [email protected]> wrote: > Is Github secure enough that we want production code to be downloading > from there? > > I guess if the URL for downloading is in the siteconfig - we can easily > move it later. > > *gregg* > > ——————————— > Professor, University of Maryland, College Park > Director , Trace R&D Center, UMD > Co-Founder Raising the Floor. http://raisingthefloor.org > And the Global Public Inclusive Infrastructure (GPII) http://GPII.net > > > > > On Apr 20, 2020, at 2:09 PM, Joseph Scheuhammer <[email protected]> > wrote: > > All, but mostly Stepan, Alfredo, and Sergey (dev-ops), > > The goal of GPII-4273[i] is to provide a means by which the Morphic > client can fetch its platform's latest solutions registry from github. > In this case "latest" is defined by the version of gpii-universal > running in the cloud. > > I've modified the solutions registry datasource (SRDS) subcomponent of > the local flow manager (LFM) to construct an url to github for the > appropriate solutions registry and make a GET request to download it. > An example of such an url is, assuming Morphic is running on Windows: > > https://raw.githubusercontent.com/GPII/universal/bd992f03313acd9a35b81f00fc63922540292255/testData/solutions/win32.json5 > > I have modified the production tests to test the new LFM and its SRDS. > The production tests involve running docker containers built from an > image of gpii-universal that provide the main components of the GPII cloud. > > The production tests also run in GCP in dev and stg. Here a > "productiontests" container is run in which the production tests are > executed as a one-shot job. > > Given that background: will the security within GCP allow the LFM/SRDS > within the productiontests container to make the outgoing GET request to > github? I suspect not, but I will test with my dev cluster. > > i. https://issues.gpii.net/browse/GPII-4273 > > -- > ;;;;joseph. > > 'The only reason for time is so that everything doesn't happen all at > once.' > - B. Banzai - > > _______________________________________________ > Architecture mailing list > [email protected] > https://lists.gpii.net/mailman/listinfo/architecture > > > _______________________________________________ > Architecture mailing list > [email protected] > https://lists.gpii.net/mailman/listinfo/architecture >
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
