Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vanilla-os/vib-fsguard
A vib plugin that sets up fsguard and generates the filelist
https://github.com/vanilla-os/vib-fsguard
vanilla-os vib vib-plugin
Last synced: about 1 month ago
JSON representation
A vib plugin that sets up fsguard and generates the filelist
- Host: GitHub
- URL: https://github.com/vanilla-os/vib-fsguard
- Owner: Vanilla-OS
- License: gpl-3.0
- Created: 2024-01-03T11:20:00.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2024-08-13T12:19:59.000Z (4 months ago)
- Last Synced: 2024-08-13T15:13:42.057Z (4 months ago)
- Topics: vanilla-os, vib, vib-plugin
- Language: Go
- Homepage:
- Size: 46.9 KB
- Stars: 1
- Watchers: 5
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vib-fsguard
[Vib](https://github.com/vanilla-os/vib) plugin that sets up fsguard and generates a filelist.
This plugin requires that `minisign` is installed in the image, this can be easily done with a nested module
## Module Structure
```yaml
- name: fsguard
type: fsguard
CustomFsGuard: false
FsGuardLocation: "/usr/bin/"
GenerateKey: true
FilelistPaths: ["/usr/bin/"]
modules:
- name: minisign
type: apt
sources:
packages:
- "minisign"
```If `GenerateKey` is set to false, `KeyPath` has to be specified, pointing to a location in the container (e.g. added through includes.container) which contains already existing minisign keys:
```yaml
- name: fsguard
type: fsguard
CustomFsGuard: false
FsGuardLocation: "/usr/bin/"
GenerateKey: false
KeyPath: "/etc/minisign/"
FilelistPaths: ["/usr/bin/"]
modules:
- name: minisign
type: apt
sources:
packages:
- "minisign"
```Note that the keys must be named `minisign.pub` (public) and `minisign.key` (private) in this example the minisign keys would be in `includes.container/etc/minisign/`, which translates to `/etc/minisign** in the build environment
Keep in mind that the minisign key **cannot** be password protected, as there is no way for the user to type in the password during building (which is why always generting a random key through GenerateKey is recommended)
In the case that FsGuard has to be manually built (due to a configuration change or similiar), the `CustomFsGuard` option has to be set to True, this stops the module from fetching a prebuilt FsGuard and instead allows the user to manually build FsGuard, it does however expect the FsGuard binary to be at `/sources/FsGuard`