HalogenOS/image-builder
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update Development

August 2025-09-11 15:00:00 -04:00
parent 5f8a313b1f
commit 544c9cddb4
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Development.md

@ -25,9 +25,9 @@ HalogenOS OTA updates are designed to function regardless of who is building and
An example URL scheme might look like this: An example URL scheme might look like this:
`https://example.com/halogenOS/$ARCH/$DE/` `https://example.com/halogenOS/$ARCH/$IMAGE_ID/`
The `$ARCH` and `$DE` variables will remain as `x86_64` and `KDE` for the time being- they serve as placeholders for now. The `$ARCH` and `$IMAGE_ID` variables will remain as `x86_64` and `desktop` for the time being- they serve as placeholders for now.
At the root of this directory, there must be a file titled `manifest.env`. It should define a few variables, like so: At the root of this directory, there must be a file titled `manifest.env`. It should define a few variables, like so:
@ -46,6 +46,8 @@ Furthermore, the server must contain within that directory, a separate subdirect
- A `.tar.gz` archive generated by the build script. The filename must be solely the version number and the `.tar.gz` extension. - A `.tar.gz` archive generated by the build script. The filename must be solely the version number and the `.tar.gz` extension.
- A valid PGP signature of the tarball. The filename must be the name of the tarball file, appended with `.pgp`. - A valid PGP signature of the tarball. The filename must be the name of the tarball file, appended with `.pgp`.
Optionally, there may be subdirectories named after the release channels (`stable`, `beta`, `alpha`), which are symbolic links to the versions in those channels.
## Security ## Security
Public-key cryptography is used to ensure that system images are not tampered with in transit, and to increase assurance that kernel modules are authorized to run on the system. The image distribution key must be consistent across releases, or else the system will be unable to update to any other version. Kernel keys should preferably remain the same across versions, but kernel modules must include their kernel target versions to ensure incorrect versions cannot be loaded. Public-key cryptography is used to ensure that system images are not tampered with in transit, and to increase assurance that kernel modules are authorized to run on the system. The image distribution key must be consistent across releases, or else the system will be unable to update to any other version. Kernel keys should preferably remain the same across versions, but kernel modules must include their kernel target versions to ensure incorrect versions cannot be loaded.