Ask the user consent to unlock the pkg manager feature of ABRoot
mirkobrombin opened this issue · comments
The purpose of this issue is to explicitly ask the user agreement to let them use the abroot pkg
command. We used to rely on that for installing packages from the first-setup application, but since we now have dedicated images for each use case (nvidia and vm, soon for the latter) but that was actually something which breaks the authenticity of the image. Even if all the changes are tracked and reproducible, that feature makes the system not deterministic, reducing the trustworthiness of the system. Thus, we've decided to address this concern by explicitly seeking user agreement before granting access to the abroot pkg command, ensuring they are aware of the potential implications of using this command and acknowledges the potential non-deterministic nature it introduces to the system.
Being said so, the abroot status
command will display this agreement, so when the user provides the dump generated by issuing abroot status --dump
, we can keep in mind that the system got untrusted changes. We already notice that by checking the list of packages in the dump already, but that's still such a convenient information to have easily displayed.