Changes between Version 1 and Version 2 of Potential risks and mitigations


Ignore:
Timestamp:
04/30/25 10:49:45 (3 weeks ago)
Author:
enno
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Potential risks and mitigations

    v1 v2  
    1 = Potential risks
     1= Potential risks and mitigations
    22
    3 == Mitigation strategies
     3== Security Risks in an Air-Gapped Guix Workflow
    44
    5 Recommendations specific to Guix in air-gapped, classified use
    6 
    7 === Security Risks in an Air-Gapped Guix Workflow
    8 
    9 ==== Supply Chain Attacks via Source Code
     5=== Supply Chain Attacks via Source Code
    106
    117Even though you're building from source, the upstream source code (tarballs, Git repos) may be maliciously modified.
     
    2218* Use content scanning tools (e.g., static analyzers) on all .tar.gz and Git checkouts.
    2319
    24 ==== Compromise via Channel Updates
     20=== Compromise via Channel Updates
    2521
    2622Your Guix package definitions come from Git channels (e.g., guix.git, or your own).
     
    3834* Use guix time-machine to avoid rolling updates.
    3935
    40 ==== Media Transfer Risks (USB, SD cards)
     36=== Media Transfer Risks (USB, SD cards)
    4137
    4238USB drives used for transferring .nar files or source archives can be a vector for malware, even in an air-gapped setup.
     
    5046* Prefer hash verification of transferred files (sha256sum sources.nar) using offline-known-good hashes.
    5147
    52 ==== Build Environment Leakage
     48=== Build Environment Leakage
    5349
    5450If the build process writes temporary files or outputs data to places outside the Guix store, secrets or traces of sensitive data could leak or persist.
     
    6460* Consider full-disk encryption for the build system.
    6561
    66 ==== Tampered Nar Archives
     62=== Tampered Nar Archives
    6763
    6864.nar archives imported into your air-gapped server could be tampered with in transit.
     
    7874* Store all .nar imports in a sealed append-only log for auditing.
    7975
    80 == High-Security Recommendations for Guix in Classified Environments
     76= High-Security Recommendations for Guix in Classified Environments
    8177
    8278|| '''Concern''' || '''Recommendation''' ||
     
    9086|| User separation || Separate users for import, build, audit, and deployment tasks ||
    9187
    92 == Final Thoughts
     88= Final Thoughts
    9389
    9490Guix offers an excellent foundation for secure, reproducible software environments.