CodeMirror/itpol
1
0
Fork 0
mirror of synced 2024-05-16 10:22:34 +12:00
Code Issues Projects Releases Wiki Activity
94 commits 1 branch 0 tags 314 KiB
Commit graph

94 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ANISH M 7cf9c97e3c
Merge 69451f0aab into 0e769e1426 2022-07-27 12:27:55 +02:00
Konstantin Ryabitsev 0e769e1426
Merge pull request #44 from Tachi107/patch-1 
protecting-code-integrity: fix typo in subtitle
 2022-07-26 13:54:44 -04:00
Andrea Pappacoda 1e6e85aebb
protecting-code-integrity: fix typo in subtitle 
cerification -> certification

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
 2022-07-26 19:32:41 +02:00
ANISH M 69451f0aab
Update AppArmor status of Debian 
Debian has Apparmor Mandatory Access Control enabled by default since Debian 10 buster release.
 2021-07-20 21:16:57 +05:30
Konstantin Ryabitsev e536c34df0
Merge branch 'master' of https://github.com/mricon/itpol into mricon-master 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 15:12:38 -04:00
Konstantin Ryabitsev bc0503d8bf
Update the code integrity guide for 2021 
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
  bad analogy and that terminology isn't used anywhere in GnuPG docs

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 12:41:52 -04:00
salah3x f879c68248 Add a table of contents to each guide 
Signed-off-by: salah3x <salah.loukili@gmail.com>
 2021-05-13 10:33:07 -04:00
Trevor Bramwell 19b027f63a Fix Broken links to Announcement 
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.

Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
 2021-05-13 10:32:37 -04:00
Alexey Kopytko 4ca8b99e0b Update protecting-code-integrity.md 
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.

From the developer:

http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
 2021-05-13 10:32:37 -04:00
Konstantin Ryabitsev 6ff6fdad73 Use -o instead of stdout redirect with paperkey 
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 10:32:33 -04:00
Konstantin Ryabitsev 31afef433d
Remove kernel-developer-pgp-guide 
This document is now part of the official kernel documentation found
here:

https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2021-05-13 10:27:24 -04:00
Andrew Grimberg 6c293acc00
Merge pull request #34 from salah3x/master 
Add a table of contents to each guide
 2020-05-11 09:13:28 -07:00
salah3x 11ed0bf162 Add a table of contents to each guide 
Signed-off-by: salah3x <salah.loukili@gmail.com>
 2020-05-10 07:14:30 +00:00
Andrew Grimberg d6737c777e
Merge pull request #30 from bramwelt/master 
Fix Broken links to Announcement
 2019-04-16 09:19:05 -07:00
Trevor Bramwell 180a2fd99f
Fix Broken links to Announcement 
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.

Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
 2019-04-15 11:37:35 -07:00
Konstantin Ryabitsev ff92fae080
Merge pull request #29 from sanmai/patch-1 
Remove reset code instructions (erroneous info)
 2019-04-08 13:03:31 -04:00
Alexey Kopytko 6e27a0f9ae
Update protecting-code-integrity.md 
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.

From the developer:

http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
 2019-04-08 16:49:49 +09:00
Konstantin Ryabitsev 51026930ef
Use -o instead of stdout redirect with paperkey 
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-31 20:40:03 -05:00
Konstantin Ryabitsev 51be7788df
Minor wording tweaks 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-26 11:59:28 -05:00
Konstantin Ryabitsev 2158dc39b2
Rework free software/audience paragraph 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 16:23:43 -05:00
Konstantin Ryabitsev 319a4729a3
Wording on the kernel guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 12:04:31 -05:00
Konstantin Ryabitsev 6747fadc24
Finish up the kernel developer PGP guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev 7b5b243a37
Almost done on the kernel guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-24 17:23:23 -05:00
Konstantin Ryabitsev 85ae656965
Start work on kernel-specific guide 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-23 16:13:43 -05:00
Konstantin Ryabitsev 9ebcdf3b75
Minor tweaks and take out of BETA 
Protecting code integrity is ready to go production.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev 1d3b58d17a
Tweak some wording 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev 7c7477f20c
What is git PGP integration trying to solve? 
Per question in #28, explain why git and pgp integration are useful.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev 126e4f0b5d
Add a note that cp on sockets will fail, but is ok 
Per issue #25.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev 8a9d547d3e
Explain why master key is 4096 bits 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev d859f24c82
Merge pull request #26 from henrich/master 
Add GPG4Win installation for Windows Platform
 2017-12-18 08:15:17 -05:00
Hideki Yamane f302bf3478
Add GPG4Win installation for Windows Platform 2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev e836303976
Merge pull request #24 from ftheile/patch-1 
Use `--homedir` consistently
 2017-12-15 13:53:54 -05:00
Frank Theile 1c36837f07
Use --homedir consistently 2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev 304cd46a38
Merge pull request #23 from ftheile/patch-2 
Master key backup: use consistent mount point in all examples
 2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev eaf82430cd
Merge pull request #22 from ftheile/patch-1 
Always use `~` instead of `$HOME` for consistency
 2017-12-15 09:20:01 -05:00
Frank Theile 3162817e7c
Master key backup: use consistent mount point in all examples 2017-12-15 08:53:25 +01:00
Frank Theile 6c208d9583
Always use ~ instead of $HOME for consistency 2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev 790759787e
Typo and wording fixes 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev e44163234d
Add TRANSLATIONS file 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev 1501d8869d
Set status CURRENT/BETA/OUTDATED 
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev eafaf6ccc1
Tweak verbiage 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev 501e4ceb88
Remove the zh_CN translation 
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev 3148a35dda
Add U2F section and tweak wks-security doc 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev 34233e9d81
Move to protecting-coide-integrity 
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.

We need at least a basic workstation security guide for the Mac systems.

Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev 9d61a13f1c
Edits and a privacy note for keyservers 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev f35667dddc
Add large chunk of git+pgp content 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev 62815ea38e
Largely finish the PGP/smartcard section 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev a93d12f80a Add more GnuPG bits 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev c51f664e8e
More base PGP work 
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
 2017-12-05 16:37:05 -05:00