I only wish that package maintainers (outside of OS distro) installed directly directly into /usr/local/bin but instead they wanted “in” on the /usr/bin placement. So, We lost there as this would have facilitated secondary signing of non-OS packages by OS distro.
— Althou, systemd designer seems to disagree with this LFS approach. (IMHO, he needs to look deeper into the overall aspects of package signing architecture by OS-distros, and not just for Fedora) https://www.freedesktop.org/wiki/Software/systemd/TheCaseFor...
Now if Debian would just arrest the slide into a singular binary directory, all would be good.
Linux Distros are about to be ignoring this future need of multi-island/multi-signing of encryption/immutability.
No embedded Linux distro should want to be Windowized, much less the desktop Linux, unless they too seek this single island approach for immutably-verified/encrypted binaries of OS, vendors, and customers.
The problem is: where is the line drawn? Everything (and I mean everything) in many Linux distros (including Fedora) is just a package. There’s no base system, unlike in most BSDs.
Further, each of those packages can (and often are) updated independently of each other, confounding somewhat attempts at signing the root of that hierarchy. macOS signs the whole base system, but that also means that updating a single bit in it is a big lift (not that that’s bad, but it’s certainly different).
Personally, I agree that have some signed base system is valuable, but I also struggle to find attack vectors it prevents that a signed initrd (in a sense, it’s a base system) doesn’t.
We know that package containerization (a la Apple, or NixOS) didn’t expand well either for the vendors/maintainers who want to include their products into multiples of OS distros.
And currently this probably would be very difficult to implement a signed-immutable binaries with regard to multi-OS distros vs multi-vendors.
So, the nice sweet convergence is probably hovering around hardware/OS/vendor grouping somewhere.
Doesn’t help when Fedora started muddling (merging) /bin and /usr/bin. So, secondary signing for non-OS vendors just went out the window. https://freedesktop.org/wiki/Software/systemd/separate-usr-i...
Even systemd is just now complaining about that during boot up (if the /usr partition somehow got invalidated during bootup).
This multi-tiered */bin is that hallmark of Unix (and continuously the (Linux Filesystem Standard https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.pdf ).
— Althou, systemd designer seems to disagree with this LFS approach. (IMHO, he needs to look deeper into the overall aspects of package signing architecture by OS-distros, and not just for Fedora) https://www.freedesktop.org/wiki/Software/systemd/TheCaseFor...
Now if Debian would just arrest the slide into a singular binary directory, all would be good.
Linux Distros are about to be ignoring this future need of multi-island/multi-signing of encryption/immutability.
No embedded Linux distro should want to be Windowized, much less the desktop Linux, unless they too seek this single island approach for immutably-verified/encrypted binaries of OS, vendors, and customers.