SiegfriedSiegert/PTU5KAS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Fork of https://github.com/siemens/kas.git
603 Commits 1 Branch 0 Tags 806 KiB
Python 85%
Shell 12.9%
Dockerfile 2.1%
d85adb9b93
Go to file
Jan Kiszka d85adb9b93 README: Leave notice on inherit integrity weaknesses of repo fetches 
Neither git nor hg currently provide a production-ready replacement for
weak SHA-1 commit IDs. Furthermore, kas mixes commit IDs and symbolic
commit names in refspec. This permits attackers who gained control over
a repository that kas fetches from to present manipulated content
without kas noticing this.

Aditya Sirish A Yelgundhalli recently reported one potential attack
scenario, using branches that shadow commit IDs. While trying to
mitigate this particular case, it became clear that there is no simple
solutions with the given tools and interfaces.

For now, warn prominently that only trusted sources should be used.
There are extensions planned to address the issue at its root, likely by
introducing content checksums.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-13 07:18:29 +01:00
.github ci: Update docker actions 2023-01-13 18:11:00 +01:00
contrib Dockerfile: Carry oe-git-proxy locally 2021-08-30 21:56:04 +02:00
docs doc: Fix description of bblayers_conf_header and local_conf_header 2023-02-01 08:57:07 +01:00
image-tests image-tests: Update to recent Yocto and Isar revisions 2022-08-26 15:12:20 +02:00
kas Release 3.2.1 2023-02-02 08:41:17 +01:00
scripts scripts: Add an update reminder for readthedocs 2023-01-17 18:27:08 +01:00
tests tests: Clean up remaining temporary directory setups 2023-02-12 13:55:23 +01:00
.dockerignore .dockerignore: Update 2022-08-26 14:39:41 +02:00
.flake8 flake8: Ignore obsolete warning W503 2020-11-13 20:54:20 +01:00
.gitignore Add release artifact to .gitignore 2020-11-20 12:05:51 +01:00
.readthedocs.yaml readthedocs: Add configuration file 2021-11-22 19:20:14 +01:00
CHANGELOG.md Release 3.2.1 2023-02-02 08:41:17 +01:00
container-entrypoint container: Add copyright headers and improve comments 2023-02-07 10:38:39 +01:00
CONTRIBUTING.md CONTRIBUTING: Drop reference to non-existing maintainer list 2020-12-17 18:13:19 +01:00
Dockerfile container: Add copyright headers and improve comments 2023-02-07 10:38:39 +01:00
kas-container kas-container: Make sure privileged podman will find sbin tools 2023-02-12 13:45:12 +01:00
kas-docker rename kas-docker to kas-container, leave symlink in place 2020-09-29 08:30:10 +02:00
LICENSE Correct grammar, spelling and copyright year in files 2018-09-05 12:46:35 +02:00
pyproject.toml Provide a pyproject.toml 2021-11-25 09:14:21 +01:00
README.rst README: Leave notice on inherit integrity weaknesses of repo fetches 2023-02-13 07:18:29 +01:00
run-kas Correct grammar, spelling and copyright year in files 2018-09-05 12:46:35 +02:00
SECURITY.md Add a SECURITY.md 2023-02-04 14:03:00 +01:00
setup.py setup.py: bundle kas-container script 2022-03-29 09:24:37 +02:00

README.rst 

Setup tool for bitbake based projects
=====================================

+--------------------+
|    Build Status    |
+====================+
| |workflow-master|_ |
+--------------------+
| |workflow-next|_   |
+--------------------+

.. |workflow-master| image:: https://github.com/siemens/kas/workflows/master/badge.svg
.. _workflow-master: https://github.com/siemens/kas/actions?query=workflow%3Amaster
.. |workflow-next| image:: https://github.com/siemens/kas/workflows/next/badge.svg
.. _workflow-next: https://github.com/siemens/kas/actions?query=workflow%3Anext

This tool provides an easy mechanism to setup bitbake based
projects.

The OpenEmbedded tooling support starts at step 2 with bitbake. The
downloading of sources and then configuration has to be done by
hand. Usually, this is explained in a README. Instead kas is using a
project configuration file and does the download and configuration
phase.

Key features provided by the build tool:

- clone and checkout bitbake layers
- create default bitbake settings (machine, arch, ...)
- launch minimal build environment, reducing risk of host contamination
- initiate bitbake build process

See the `kas documentation <https://kas.readthedocs.io>`_ for further details.

SECURITY NOTICE
---------------

At this stage, kas does not validate the integrity of fetched repositories.
Make sure to only pull from trusted sources to ensure that the selected
revisions are the expected ones, specifically when using mirrors. Later
versions of kas may introduce integrity validation mechanisms such as
cryptographic checksums to strengthen supply chain security.