使用木偶在巧克力中自动化可信包
Automation of trusted packages in chocolatey using puppet
我们的任务是使用 puppet 在 openstack 中部署一个基础设施,它只安装来自 chocolatey 的受信任的包。我们面临的问题是实现一种安全的方法来检查包是否受信任并将其应用于我们的人偶代码,以便我们的包在有新的受信任包时自动更新。
我们发现检查包是否可信的最好方法是 运行 "choco info 'NAMEOFPACKAGE' " 并编写一个脚本来检查字符串 "Package approved as a trusted package on" 是否出现在 choco info 的输出中.
感觉这不是一种检查包是否可信的安全方法,我们希望以更好的方式做到这一点。
$name="default"
$lines = choco $name | Select-String "Package approved as a trusted package" | Measure-Object -Line
if ($lines = 1) {
"****This found only 1 line****"
else {"*Found 0 or more*"}
根据 chocolatey.org 上的 documentation,从组织的突出来看,您不能真正信任来自 chocolatey.org
的任何包裹
As an organization, you want 100% reliability (or at least that potential), and you may want full trust and control as well. This is something you can get with internally hosted packages, and you are unlikely to achieve from use of the Community Package Repository. If your use of Chocolatey is for an organization/business, you likely have a low tolerance for production breakages and/or low trust for the greater internet. You likely would not want to give control of your infrastructure over to community members and volunteers. Organizational use of the community repository is not recommended.
因此,我建议您遵循此 guide 如何设置 Chocolatey 供内部组织使用。这样,您绝对可以信任所有正在使用的包,因为您已经通过一个单独的过程将这些包引入内部。
我们的任务是使用 puppet 在 openstack 中部署一个基础设施,它只安装来自 chocolatey 的受信任的包。我们面临的问题是实现一种安全的方法来检查包是否受信任并将其应用于我们的人偶代码,以便我们的包在有新的受信任包时自动更新。
我们发现检查包是否可信的最好方法是 运行 "choco info 'NAMEOFPACKAGE' " 并编写一个脚本来检查字符串 "Package approved as a trusted package on" 是否出现在 choco info 的输出中.
感觉这不是一种检查包是否可信的安全方法,我们希望以更好的方式做到这一点。
$name="default"
$lines = choco $name | Select-String "Package approved as a trusted package" | Measure-Object -Line
if ($lines = 1) {
"****This found only 1 line****"
else {"*Found 0 or more*"}
根据 chocolatey.org 上的 documentation,从组织的突出来看,您不能真正信任来自 chocolatey.org
的任何包裹As an organization, you want 100% reliability (or at least that potential), and you may want full trust and control as well. This is something you can get with internally hosted packages, and you are unlikely to achieve from use of the Community Package Repository. If your use of Chocolatey is for an organization/business, you likely have a low tolerance for production breakages and/or low trust for the greater internet. You likely would not want to give control of your infrastructure over to community members and volunteers. Organizational use of the community repository is not recommended.
因此,我建议您遵循此 guide 如何设置 Chocolatey 供内部组织使用。这样,您绝对可以信任所有正在使用的包,因为您已经通过一个单独的过程将这些包引入内部。