blob: 392191db320bdfa2920cc01d9914e7dcc78de0e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Secure CI/CD
============
Could build on two or more (independent, diverse) systems. The "main"
CI/CD system should build last and get a hash from the other systems.
If the final build artefact does not match the hash, it is discarded
and the build is considered as failed.
The other system(s) should also download the artefact and verify that
the hash is the expected one. Preferably from a different IP (which
should be rotated, e.g. an dynamic IP, a rotating VPN IP, TOR, or
similar).
By independent systems I mean:
* Not connected to the same account, and
* Not remote-managed from the same account or device, and
* Preferably not operated by the same person.
* Source code verified before building.
By diverse I mean:
* Running different CPU ISA (e.g. x86 vs ARM).
* Running different OS (e.g. Linux vs BSD, or even FreeDOS or Ultibo).
* Running different libc (e.g. glibc vs musl or no-libc).
Note that "remote-managed" is different from remote-triggered. The build
jobs can of course triggered from the same device (or automatically), but
the parameters, configuration, etc. may not be remotely controlled from
the same device.
|
