cryptops issueshttps://code.greenhost.net/open/cryptops/-/issues2020-05-06T08:23:34Zhttps://code.greenhost.net/open/cryptops/-/issues/11Adding ssh keys may break `authorized_keys`2020-05-06T08:23:34ZArie PetersonAdding ssh keys may break `authorized_keys`Adding an ssh key via `ssh keys add $key` can break the format of the `authorized_keys` file, depending on the state it was in before. In case it breaks, this prevents ssh access to the initrd using some or all of the ssh keys, making th...Adding an ssh key via `ssh keys add $key` can break the format of the `authorized_keys` file, depending on the state it was in before. In case it breaks, this prevents ssh access to the initrd using some or all of the ssh keys, making the system unavailable barring a manual rescue operation.
Details: the routine that adds a new ssh key, adds the given string to the `authorized_keys` file, appending a newline. In particular it doesn't prepend a newline, instead assuming that the file already ended in a newline. If that assumption fails, the last ssh key that was already present gets concatenated with the new one on a single line, breaking both of them. As long as keys are added via the cryptops system this doesn't happen, but the initial `authorized_keys` file might not have the trailing newline.
This should be fixed by adding the extra newline if necessary – or perhaps always: empty lines are allowed in `authorized_keys`.Arie PetersonArie Petersonhttps://code.greenhost.net/open/cryptops/-/issues/12Switch to docker for build environment2020-04-29T14:38:34ZArie PetersonSwitch to docker for build environmentWe currently have a Vagrantfile for creating a virtual machine to build the project in. We may switch to docker instead, as it's more lightweight, and easier to make reproducible.We currently have a Vagrantfile for creating a virtual machine to build the project in. We may switch to docker instead, as it's more lightweight, and easier to make reproducible.Arie PetersonArie Petersonhttps://code.greenhost.net/open/cryptops/-/issues/9Add notes on what's *not* encrypted to documentation2018-01-16T10:34:18ZMaarten de WaardAdd notes on what's *not* encrypted to documentationDuring the presentation we were asked what was not encrypted (especially because of the words "full disk encryption", this might be unclear). Document that the following are saved on an unencrypted partition:
- Authorized keys: SSH keys...During the presentation we were asked what was not encrypted (especially because of the words "full disk encryption", this might be unclear). Document that the following are saved on an unencrypted partition:
- Authorized keys: SSH keys of the people with access to the CryptOps initrd
- Boot partition: In contrast to some laptop setups, this does not include an encrypted boot partition. Mostly because with virtualisation enabled, it is possible that the boot images (like the kernel and initrd) are not saved on a partition that will be mounted on the booted machine eventually.Maarten de WaardMaarten de Waardhttps://code.greenhost.net/open/cryptops/-/issues/10Automatically deploy documentation to cryptops.com2018-01-04T14:56:46ZMaarten de WaardAutomatically deploy documentation to cryptops.comMaarten de WaardMaarten de Waardhttps://code.greenhost.net/open/cryptops/-/issues/8Add link to 34C3 presentation to cryptops documentation2018-01-04T14:28:38ZMaarten de WaardAdd link to 34C3 presentation to cryptops documentationConvert maarten/cryptops-presentation to open/cryptops-presentations and add a link to that repository to the documentation so people can find the slides.
Also add that link to the 34C3 wiki page about the tea house presentation.Convert maarten/cryptops-presentation to open/cryptops-presentations and add a link to that repository to the documentation so people can find the slides.
Also add that link to the 34C3 wiki page about the tea house presentation.Maarten de WaardMaarten de Waardhttps://code.greenhost.net/open/cryptops/-/issues/2Write API documentation2018-01-04T14:19:00ZMaarten de WaardWrite API documentationDocument all API endpoints. Check ulfius's auto documentation supportDocument all API endpoints. Check ulfius's auto documentation supporthttps://code.greenhost.net/open/cryptops/-/issues/7Write documentation on some (security) aspects2017-12-21T16:10:07ZArie PetersonWrite documentation on some (security) aspectsArie PetersonArie Petersonhttps://code.greenhost.net/open/cryptops/-/issues/1Setup documentation in Sphinx2017-10-23T08:19:29ZMaarten de WaardSetup documentation in SphinxStart Sphinx documentation on the API and the Client and include them in this repository.
Optionally:
Deploy documentation to cryptops.comStart Sphinx documentation on the API and the Client and include them in this repository.
Optionally:
Deploy documentation to cryptops.comMaarten de WaardMaarten de Waard