diff options
| -rw-r--r-- | todo.org | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -616,13 +616,17 @@ Parse package warnings and repo metadata to catch upcoming deprecations proactiv :END: Identify attack vectors, what's mitigated, what remains -** TODO [#B] Verify package signature verification not bypassed by --noconfirm +** DONE [#B] Verify package signature verification not bypassed by --noconfirm +CLOSED: [2026-06-23 Tue] :PROPERTIES: :LAST_REVIEWED: 2026-05-21 :END: -Packages installed with ~--noconfirm~ may skip signature checks -AUR had issues previously requiring --noconfirm workaround - verify this doesn't compromise security -Ensure package signatures are still verified despite --noconfirm flag +Audited 2026-06-23. =--noconfirm= does not bypass signature verification — it only auto-answers interactive prompts. Signature checking is governed by =SigLevel= in =/etc/pacman.conf=, which archsetup leaves at the Arch default (=Required DatabaseOptional=): its only pacman.conf edits are ParallelDownloads, Color, and enabling multilib (=archsetup:913,917=), none of which touch =SigLevel=. So every repo package stays signature-verified regardless of =--noconfirm=. + +One real integrity bypass exists, and it is not =--noconfirm=: =archsetup:2403= runs =yay -S --noconfirm --mflags --skipinteg python-lyricsgenius=, where =--skipinteg= skips makepkg's checksum and PGP-signature checks for that one AUR package (a documented workaround for an expired-signature issue upstream). It's scoped to a single package, not global. Tracked for periodic re-check below. + +** TODO [#C] Re-check python-lyricsgenius --skipinteg workaround :solo: +=archsetup:2403= installs =python-lyricsgenius= with =--mflags --skipinteg=, skipping makepkg integrity + PGP checks — a workaround for an expired-signature issue upstream (surfaced by the 2026-06-23 --noconfirm audit). Periodically test whether the upstream issue has cleared: if a plain =aur_install python-lyricsgenius= builds without complaint, drop the =--skipinteg= workaround. Removal needs a real AUR build to confirm, so it isn't a blind change. ** TODO [#B] Test each modernization thoroughly before replacing :PROPERTIES: @@ -749,11 +753,12 @@ Parse yay errors and provide specific, actionable fixes instead of generic error ** TODO [#D] Improve progress indicators throughout install Enhance existing indicators to show what's happening in real-time -** TODO [#C] Teach archsetup to stow the host tier :solo: +** DONE [#C] Teach archsetup to stow the host tier :solo: +CLOSED: [2026-06-23 Tue] :PROPERTIES: :LAST_REVIEWED: 2026-06-11 :END: -Phase 5 of the per-host overrides spec, deferred from the 2026-06-11 implementation: the installer's stow calls in =user_customizations()= stow =common= + the DE package only. Add the host tier (=$(cat /etc/hostname)= at install time, or a conf key) guarded so a host without a tier is skipped with a message — same semantics as the dotfiles Makefile. Matters only for fresh installs of ratio/velox-named machines; the post-install =make stow= path already handles it. +Already implemented in =user_customizations()= (=archsetup:1049-1058=): after stowing =common= + the DE package, it derives =host_tier="$(cat /etc/hostname 2>/dev/null || uname -n)"= and stows that package when =$dotfiles_dir/$host_tier= exists, else prints "no host tier for '<host>' — skipping". The =/etc/hostname=-first detection is the right call for install time (=uname -n= still reports the ISO's name until reboot), and it's the same skip-if-absent semantics as the dotfiles Makefile. Verified by reading the installer 2026-06-23; no code change needed. ** TODO Manual testing and validation *** velox per-host env applies after Hyprland restart |