What the final goal is: Install a given package securely for a series of servers.
We have servers running on different cloud data centers.
We install our app on them as deb
file.
Currently we upload the updates as deb
files via an ansible script.
This is slow as the "master" node needs to update all the machines.
We think it would be nicer if we could just issue sudo apt update <package>
for every node.
But what about security? The repo server would need to be on the internet.
Thus, we would need to make sure that the package installs securely.
deb
files can be signed, but afaik dpkg-verify
only verifies that the signature is correct. Thus a malicious but correctly signed package would pass the verify check.
So could we
- Install from an https repo server
- Install only signed packages signed with a specific key only (for our app
deb
only)
Another approach is acceptable as long as security is not compromised.