How does Alpine handle repository security?
#1
Tue, 2016-01-12 20:55
the_sentinel
-
- Offline
- 2 years 2 months ago
- 2016-01-12
Is there any information on how the Alpine repository secures its keys against malicious access? Obviously, any security lapse would be concerning because it could allow an attacker to gain access to the repository's keys, allowing them to sign trojaned binaries. I'd assume the Alpine repositories use grsec/PaX and other hardening features present on the Alpine distribution, but do they take any other security measures? Are the keys stored in a hardware security module or a keycard, for example?
Hello the_sentinel,
Here is how an Alpine repository works.
You decide to build a package, you will first need to generate an RSA key pair.
Then you will use the private key to sign the built package.
You will share the public key, so people can install the key to
/etc/apk/keys/(it is your responsibility to secure this directory, so malicious users don't add public keys to malicious repositories/packages).Then you will add the package to alpine, or host the package on a repo.
Unless the private key of main alpine repo is leaked, or someone adds malicious package (public) keys to your alpine, everything should be great and secure.
When I build APK packages, my private key never leaves the build system, only the packages and the public get get published. I assume that alpine follows a similar process.