PTU5KAS/README.rst
Jan Kiszka d85adb9b93 README: Leave notice on inherit integrity weaknesses of repo fetches
Neither git nor hg currently provide a production-ready replacement for
weak SHA-1 commit IDs. Furthermore, kas mixes commit IDs and symbolic
commit names in refspec. This permits attackers who gained control over
a repository that kas fetches from to present manipulated content
without kas noticing this.

Aditya Sirish A Yelgundhalli recently reported one potential attack
scenario, using branches that shadow commit IDs. While trying to
mitigate this particular case, it became clear that there is no simple
solutions with the given tools and interfaces.

For now, warn prominently that only trusted sources should be used.
There are extensions planned to address the issue at its root, likely by
introducing content checksums.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2023-02-13 07:18:29 +01:00

43 lines
1.6 KiB
ReStructuredText

Setup tool for bitbake based projects
=====================================
+--------------------+
| Build Status |
+====================+
| |workflow-master|_ |
+--------------------+
| |workflow-next|_ |
+--------------------+
.. |workflow-master| image:: https://github.com/siemens/kas/workflows/master/badge.svg
.. _workflow-master: https://github.com/siemens/kas/actions?query=workflow%3Amaster
.. |workflow-next| image:: https://github.com/siemens/kas/workflows/next/badge.svg
.. _workflow-next: https://github.com/siemens/kas/actions?query=workflow%3Anext
This tool provides an easy mechanism to setup bitbake based
projects.
The OpenEmbedded tooling support starts at step 2 with bitbake. The
downloading of sources and then configuration has to be done by
hand. Usually, this is explained in a README. Instead kas is using a
project configuration file and does the download and configuration
phase.
Key features provided by the build tool:
- clone and checkout bitbake layers
- create default bitbake settings (machine, arch, ...)
- launch minimal build environment, reducing risk of host contamination
- initiate bitbake build process
See the `kas documentation <https://kas.readthedocs.io>`_ for further details.
SECURITY NOTICE
---------------
At this stage, kas does not validate the integrity of fetched repositories.
Make sure to only pull from trusted sources to ensure that the selected
revisions are the expected ones, specifically when using mirrors. Later
versions of kas may introduce integrity validation mechanisms such as
cryptographic checksums to strengthen supply chain security.