Skip to content

Add 'no-resolved-manifest' option#406

Closed
GeorgesStavracas wants to merge 1 commit intoflatpak:masterfrom
GeorgesStavracas:gbsneto/no-resolved-manifest
Closed

Add 'no-resolved-manifest' option#406
GeorgesStavracas wants to merge 1 commit intoflatpak:masterfrom
GeorgesStavracas:gbsneto/no-resolved-manifest

Conversation

@GeorgesStavracas
Copy link
Copy Markdown
Member

@GeorgesStavracas GeorgesStavracas commented Jul 24, 2021

Some applications have security tokens passed by their build system. In these cases, having the resolved manifest file distributed with the sandbox is a security issue.

Add an option to not create the resolved manifest file.

@GeorgesStavracas GeorgesStavracas marked this pull request as draft July 24, 2021 21:30
@GeorgesStavracas GeorgesStavracas force-pushed the gbsneto/no-resolved-manifest branch from e2e2eda to b702deb Compare July 24, 2021 21:41
@GeorgesStavracas
Copy link
Copy Markdown
Member Author

GeorgesStavracas commented Jul 24, 2021

I really don't know if this is enough to prevent the creation of /app/manifest.json...

@GeorgesStavracas GeorgesStavracas force-pushed the gbsneto/no-resolved-manifest branch from b702deb to a26168c Compare July 24, 2021 21:43
@GeorgesStavracas
manifest: Add 'no-resolved-manifest' option
eb1d03d 
Some applications have security tokens passed by their build
system. In these cases, having the resolved manifest file
distributed with the sandbox is a security issue.

Add an option to not create the resolved manifest file.
@GeorgesStavracas GeorgesStavracas force-pushed the gbsneto/no-resolved-manifest branch from a26168c to eb1d03d Compare July 24, 2021 21:44
@GeorgesStavracas GeorgesStavracas mentioned this pull request Jul 24, 2021
Merged
6 tasks
@TingPing
Copy link
Copy Markdown
Member

TingPing commented Jul 25, 2021

I think this is a bit heavy handed disabling the entire manifest.

Maybe we could just have a secrets-env property that isn't copied to the manifest but everything else remains?

@refi64
Copy link
Copy Markdown
Contributor

refi64 commented Jul 25, 2021

Would some sort of "secret sources" have a slightly lower risk of ending up embedded inside? (I'd hope random build tasks aren't embedding the entire environment, but I have unfortunately seen that before...)

@GeorgesStavracas
Copy link
Copy Markdown
Member Author

GeorgesStavracas commented Jul 26, 2021

Maybe we could just have a secrets-env property that isn't copied to the manifest but everything else remains?

Hm, could you please expand this idea? Specifically, how would it be propagated to the compile flags of a specific module?

@TingPing
Copy link
Copy Markdown
Member

TingPing commented Jul 26, 2021

Hm, could you please expand this idea? Specifically, how would it be propagated to the compile flags of a specific module?

Well its an env var, so --foo=$BAR.

Obviously you still need to have secure build infra that doesn't leak build logs and such.

@tytan652 tytan652 mentioned this pull request Aug 10, 2021
Merged
@GeorgesStavracas GeorgesStavracas deleted the gbsneto/no-resolved-manifest branch September 21, 2021 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@GeorgesStavracas @TingPing @refi64