forgottenbeast: > >> 1. The size of the docker images. The debian base image is > 100MB. >> Downloading this would increase both the service installation time and >> the requirements on the system's RAM. > > This problem can easily be circumvented by using alpine based images: > the alpine base image itself is around 4mb and many packages already > exist for alpine based systems for this reason.
Ok, that's good to know. I was indeed able to find alpine-based docker images for the use cases that are already implemented in Tails Server. > For those that do not exist I agree that the whole repackaging process > could be a pain AND involve a security risk (one would need to be able > to audit the whole process and ascertain that the repackaged application > has not been modified in any way) Agreed. >> 2. The lack of trustworthy sources. For many services there are "public" >> images available, which, IIUC, can be created and maintained by anyone. > > https://docs.docker.com/engine/security/trust/content_trust/#content-trust-operations-and-keys > outlines the way the docker developers envisioned their image trust model. So this allows verification of the image publisher, but my problem is that I don't trust the image publishers. > Since docker images uses a pretty standard key hierarchy scheme (offline > root key and repository tagging keys to sign tags) it shouldn't be hard > to verify the signatures of every image that is downloaded and only run > those that have a verifiable chain of trust. > > I can see two ways to do this: > > 1. Trust everyone that sign and warn the user every time the certificate > chain does not have a Tails signing key in it. Double warning (or demand > a specific manipulation a la persistent packages) to run an unsigned image.> > 2. Set up a linux tails registry containing audited and signed base > images to build from as well as pre-built, audited and signed service > images. Both of these options would require us to create and maintain docker images ourselves, which I don't want to do, because it is too much work. So I prefer using the Debian packages instead. Cheers _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
