ubuntu-cloud template: use simplestreams to add integrity verification
Bug #1182458 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Medium
|
Scott Moser |
Bug Description
Currently we wget the ubuntu-cloud template without any integrity verification. We then proceed to execute binaries like /bin/passwd while still in the ubuntu-cloud template (in a chroot, but without any effective containment). We should be verifying that the image we download has not been tampered with.
Changed in lxc (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Scott Moser (smoser) |
To post a comment you must log in.
The current donwload template model to download those images does do both https and gpg validation.