msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.02.644.2025.05.31
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 29s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-05-31 01:25:15 +02:00
parent 03f9ca44c6
commit 2b0794e00f
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -40,8 +40,13 @@ Check out more:
* [CenturionMeet](https://talk.e2ee.li/) * [CenturionMeet](https://talk.e2ee.li/)
* [Contact the author](https://coresecret.eu/contact/) * [Contact the author](https://coresecret.eu/contact/)
> Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. ## 1.1. Notes
> The next step is to move to a room-gapped environment.
### 1.1.1 HSM
Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. The next step is to
move to a room-gapped environment. ^^
### 1.1.2 HSTS and DNSSEC
Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers: Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers:
````nginx configuration pro ````nginx configuration pro
@@ -50,7 +55,7 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo
```` ````
Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md) Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
## 1.1. Immutable Source-of-Truth System ## 1.2. Immutable Source-of-Truth System
This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static
source-code definitions. All configurations, system components, and installation routines are embedded during build time and source-code definitions. All configurations, system components, and installation routines are embedded during build time and