docs(app-store): hardening + signed catalogue; whole-site sitemap#23
Merged
Conversation
…temap - docs/app-store: add a Security model & hardening section covering the signed catalogue (fail-closed verification + rotation), broker authorization (exposes + ipc.call grants), supervisor hardening (TOCTOU re-verify, exponential backoff, RLIMIT_AS/NOFILE, audit log rotation), and bounded extension hooks; document sign-catalogue in the publishing flow and the three integrity layers. - sitemap: rewrite as a filesystem-glob over all pages so the whole site is covered automatically (was a hand-maintained list missing /app-store and the dynamic /for/setups/* pages). Excludes error pages, dynamic templates, and the /plain text mirror; expands setups slugs; keeps blog lastmod. 207 URLs, verified via astro build.
|
🚀 Preview deployed to Cloudflare Pages
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the app-store hardening + signed-catalogue work in the docs, and
replaces the hand-maintained sitemap with a complete, self-maintaining one.
Docs:
/docs/app-storeNew Security model & hardening section covering:
before any entry is trusted; build-time key rotation.
exposesgate (an app's only callablesurface) and cross-app
ipc.callgrants.sha256), capped exponential backoff, crash-loop suspension,
RLIMIT_AS/RLIMIT_NOFILE, and multi-generation audit-log rotation.registration cap.
Also documents
pilotctl appstore sign-cataloguein the publishing flowand updates the integrity model to three layers (catalogue sig → tarball
sha → binary sha).
Sitemap: whole-site coverage
Rewrote
sitemap.xml.tsfrom a hand-maintained list (which missed/app-storeand every dynamic/for/setups/*page) to a filesystem globover
src/pages/**. It now covers the whole site automatically as pagesare added, while excluding error pages, dynamic templates, and the
non-canonical
/plaintext mirror; it expands the dynamic setups slugs andpreserves per-post blog
lastmod.Testing
npm run build— 299 pages built, sitemap endpoint renders.dist/sitemap.xml: 207 URLs, well-formed XML, now includes/app-store, all 32 docs, 56/for/setups/*;/plain/*and/404,/500correctly excluded.