Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make signed scrypt binary available to Qubes users for emergency backup recovery #4047

Closed
andrewdavidwong opened this issue Jul 1, 2018 · 2 comments
Closed

Make signed scrypt binary available to Qubes users for emergency backup recovery #4047

andrewdavidwong opened this issue Jul 1, 2018 · 2 comments
Assignees
@andrewdavidwong
Labels
C: doc P: major Priority: major. Between "default" and "critical" in severity.
Milestone
Non-release

Comments

@andrewdavidwong
Copy link
Member

I've just updated Emergency Backup Recovery without Qubes - format version 4 to strongly recommend that Qubes users store a copy of the scrypt utility with their 4.x backups, since it is required in order to access the data in those backups (see QubesOS/qubes-doc@bb26173 and, for background, #971).

@marmarek and I previously agreed that it would be a good idea to make a signed binary available to Qubes users so that all Qubes users don't have to compile it from source themselves.

One thing to think about is whether the signed binary should also be included in Qubes itself (e.g., in dom0) or just as a web download.
@andrewdavidwong andrewdavidwong added this to the Ongoing milestone Jul 1, 2018
@andrewdavidwong andrewdavidwong added the P: major Priority: major. Between "default" and "critical" in severity. label Jul 1, 2018
@marmarek
Copy link
Member

marmarek commented Jul 1, 2018

We already have signed rpm package with the binary. You can easily extract binary (rpmdev-extract tool) from there and treat rpm as a signed container. Alternatively we could put just a binary with a detached signature somewhere. Obviously the first option if far less work, as it is already done: https://yum.qubes-os.org/r4.0/current/vm/fc28/rpm/scrypt-1.2.1-1.fc28.x86_64.rpm (you can also choose older Fedora version, to have it linked with older libraries - useful for usage on non-Fedora systems)

@andrewdavidwong
Copy link
Member Author

Ok, I'll document the procedure.

andrewdavidwong pushed a commit to QubesOS/qubes-doc that referenced this issue Jul 1, 2018
Update emergency backup restore documentation
1cf8e83 
- Add instructions for obtaining scrypt binary
- Use shorter notation for backup format versions
- Use reference-style links
- Fix numbering
- Clarify backup_id step
- Make language more consistent

Closes QubesOS/qubes-issues#4047
@andrewdavidwong andrewdavidwong mentioned this issue Jul 1, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewdavidwong andrewdavidwong

Labels
C: doc P: major Priority: major. Between "default" and "critical" in severity.
Projects
None yet
Milestone
Non-release
Development

No branches or pull requests
2 participants
@marmarek @andrewdavidwong