search

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers
http://www.sysdig.com/
Other
7.73k stars 729 forks source link

Prevent tampering with s3 downloaded modules? gpg signature? #739

Open juju4 opened 7 years ago

juju4 commented 7 years ago

Hello,

when looking at sysdig-probe-loader, when it fails building locally, it retrieves pre-compiled modules from cloud/amazon s3

URL=$(echo https://s3.amazonaws.com/download.draios.com/$SYSDIG_REPOSITORY/sysdig-probe-binaries/$SYSDIG_PROBE_FILENAME | sed s/+/%2B/g)

echo "* Trying to download precompiled module from $URL"
if curl --create-dirs -f -s -o ~/.sysdig/$SYSDIG_PROBE_FILENAME $URL; then
        echo "Download succeeded, loading module"
        insmod ~/.sysdig/$SYSDIG_PROBE_FILENAME
        exit $?
else

would it be possible to add a gpg signature and a gpg --verify in order to validate files has not been tampered on server? Else, an option to disable cloud download would be nice.

Thanks

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.