The goal of this document is to describe the desired user experience for the next generation of "sig" and it's predecessor "git-signatures"
These were useful prototypes but significant improvement is needed before widespread use.
The goal of this document is to describe the desired user experience for the next generation of "sig" and it's predecessor "git-signatures"
These were useful prototypes but significant improvement is needed before widespread use.
[{ | |
name: "release-engineers", | |
min: 1, | |
members: ['fingerprint1', 'fingerprint2'], | |
metadata: { | |
thoroughness: { min: 2 }, | |
understanding: { min: 4 }, | |
rating: { present: true } | |
} | |
}, |
--- | |
- name: Check if Previously Run | |
stat: | |
path: /var/log/ansible.log | |
register: ansible_logfile | |
- name: Enable FileVault2 | |
filevault: enabled=true | |
become_user: root |
func generatePassword(length int) string { | |
const CharSetIAMPassword = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012346789!@#$%^&*()_+-=[]{}|'" | |
charSetLength := len(CharSetIAMPassword) | |
rand.Seed(time.Now().UTC().UnixNano()) | |
result := make([]byte, length) | |
for i := 0; i < length; i++ { | |
result[i] = CharSetIAMPassword[rand.Intn(charSetLength)] | |
} | |
return string(result) | |
} |
#!/bin/bash | |
set -e | |
export LC_ALL= | |
export LANGUAGE=en | |
function gpg_env(){ | |
GNUPGHOME=$(mktemp -d -p /dev/shm/); export GNUPGHOME | |
echo "pinentry-mode loopback" >> "$GNUPGHOME/gpg.conf" |
This document seeks to outline a broad set of requirements for crypto-asset custodians based on lessons learned from historical failures to understand and remove attack surface.
It will also assume that not everyone has equal resources or equal risk and as such four incrementally harder security levels to that effect, depending on
--- | |
- name: Check if Previously Run | |
stat: | |
path: /var/log/ansible.log | |
register: ansible_logfile | |
- name: Enable FileVault2 | |
filevault: enabled=true | |
become_user: root |
dd if=/dev/zero of="disk.raw" bs=512 count=102400 | |
mformat -i disk.raw@@1024K -h 32 -t 32 -n 64 -c 1 | |
mmd -i disk.raw@@1024K ::EFI | |
mmd -i disk.raw@@1024K ::EFI/BOOT | |
mcopy -i disk.raw@@1024K /out/boot.efi ::EFI/BOOT/BOOTX64.EFI | |
dd if=/dev/zero of="root.raw" bs=512 count=307199 | |
mkfs.ext4 -N 0 main.raw | |
cat root.raw >> disk.raw | |
truncate -s "+850M" disk.raw | |
parted disk.raw \ |
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init | |
index 1369ed1..f576a8e 100755 | |
--- a/initrd/bin/gui-init | |
+++ b/initrd/bin/gui-init | |
@@ -13,21 +13,26 @@ first_pass=true | |
mount_boot() | |
{ | |
- | |
+ |