mirror of
https://github.com/home-assistant/developers.home-assistant.git
synced 2025-07-13 04:16:29 +00:00
Add CAS Codenotary & cleanup old stuff (#1213)
* Add CAS Codenotary * Update docs/add-ons/security.md Co-authored-by: Joakim Sørensen <joasoe@gmail.com> Co-authored-by: Joakim Sørensen <joasoe@gmail.com>
This commit is contained in:
parent
0d4a63a449
commit
9cc60fa935
@ -183,6 +183,7 @@ Note: Avoid the use of this filename for anything other than add-on configurati
|
||||
| `backup_pre` | string | | Command to execute in the context of the add-on before the backup is taken.
|
||||
| `backup_post` | string | | Command to execute in the context of the add-on after the backup was taken.
|
||||
| `backup_exclude` | list | | List of file/path (with glob support) that are excluded from backups.
|
||||
| `codenotary` | email | | Email address of the signer of this image used by Codenotary CAS.
|
||||
| `advanced` | bool | `false` | Set this to `true` to require the user to have enabled "Advanced" mode for it to show.
|
||||
| `stage` | string | `stable` | Flag add-on with follow attribute: `stable`, `experimental` or `deprecated`. Add-ons set to `experimental` or `deprecated` will not show up in the store unless the user enables advanced mode.
|
||||
| `init` | bool | `true` | Set this to `false` to disable the Docker default system init. Use this if the image has its own init system (Like [s6-overlay](https://github.com/just-containers/s6-overlay)). *Note: Starting in V3 of S6 setting this to `false` is required or the addon won't start, see [here](https://developers.home-assistant.io/blog/2022/05/12/s6-overlay-base-images) for more information.*
|
||||
|
@ -18,6 +18,10 @@ For access to Supervisor API you need to define a role or you run in default mod
|
||||
| `manager` | Is for Add-ons that run CLIs and need extended rights |
|
||||
| `admin` | Have access to every API call. That is the only one they can disable/enable the Add-on protection mode |
|
||||
|
||||
## Codenotary CAS
|
||||
|
||||
You can sign your images and also verify our base image which you build from to provide a full chain of trust. This feature us supported by our [Builder](https://github.com/home-assistant/builder) and the [build config](/docs/add-ons/configuration#add-on-extended-build). For enable this feature on the Supervisor for your Add-on, you simple need add your email address to the Add-on configuration `codenotary`.
|
||||
|
||||
## Protection
|
||||
|
||||
Default, all add-ons run in protection enabled mode. This mode prevents the add-on from getting any rights on the system. If an add-on requires more rights, you can disable this protection via the API add-on options for that add-on. But be careful, an add-on with disabled protection can destroy your system!
|
||||
@ -30,6 +34,7 @@ As a developer, follow the following best practices to make your add-on secure:
|
||||
- Create an AppArmor profile
|
||||
- Map folders read only if you don't need write access
|
||||
- If you need any API access, make sure that you do not grant permission that aren't needed
|
||||
- Sign the image with [Codenotary CAS](https://cas.codenotary.com/)
|
||||
|
||||
## Use Home Assistant User backend
|
||||
|
||||
|
@ -13,14 +13,13 @@ To see more details about each endpoint, click on it to expand it.
|
||||
### Addons
|
||||
|
||||
<ApiEndpoint path="/addons" method="get">
|
||||
Return overview information about add-ons and add-on repositories.
|
||||
Return overview information about installed add-ons.
|
||||
|
||||
**Payload:**
|
||||
|
||||
| key | type | description |
|
||||
| ------------ | ---- | -------------------------------------------------- |
|
||||
| addons | list | A list of [Addon models](api/supervisor/models.md#addon) |
|
||||
| repositories | list | A list of [Repository models](api/supervisor/models.md#repository) |
|
||||
|
||||
**Example response:**
|
||||
|
||||
@ -45,15 +44,6 @@ Return overview information about add-ons and add-on repositories.
|
||||
"icon": false,
|
||||
"logo": false
|
||||
}
|
||||
],
|
||||
"repositories": [
|
||||
{
|
||||
"slug": "12345678",
|
||||
"name": "Awesome repository",
|
||||
"source": "https://github.com/awesome/repository",
|
||||
"url": null,
|
||||
"maintainer": "Awesome maintainer <awesome@example.com>"
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
@ -155,6 +145,7 @@ Get details about an add-on
|
||||
| video | boolean | `true` if video is enabled |
|
||||
| watchdog | boolean | `true` if watchdog is enabled |
|
||||
| webui | string or null | The URL to the web UI for the add-on |
|
||||
| signed | boolean | True if the image is signed and trust |
|
||||
|
||||
**Example response:**
|
||||
|
||||
@ -233,7 +224,8 @@ Get details about an add-on
|
||||
"version": "1.0.0",
|
||||
"video": false,
|
||||
"watchdog": true,
|
||||
"webui": "http://[HOST]:1337/xy/zx"
|
||||
"webui": "http://[HOST]:1337/xy/zx",
|
||||
"signed": false
|
||||
}
|
||||
```
|
||||
|
||||
@ -1535,13 +1527,12 @@ Returns information about available updates
|
||||
**Returned data:**
|
||||
|
||||
| key | type | description |
|
||||
-- | -- | --
|
||||
update_type | string | `addon`, `os`, `core` or `supervisor`
|
||||
name | string | Returns the name (only if the `update_type` is `addon`)
|
||||
icon | string | Returns the path for the icon if any (only if the `update_type` is `addon`)
|
||||
version_latest | string | Returns the available version
|
||||
panel_path | string | Returns path where the UI can be loaded
|
||||
|
||||
| -- | -- | -- |
|
||||
| update_type | string | `addon`, `os`, `core` or `supervisor` |
|
||||
| name | string | Returns the name (only if the `update_type` is `addon`) |
|
||||
| icon | string | Returns the path for the icon if any (only if the `update_type` is `addon`) |
|
||||
| version_latest | string | Returns the available version |
|
||||
| panel_path | string | Returns path where the UI can be loaded |
|
||||
|
||||
</ApiEndpoint>
|
||||
|
||||
@ -2442,7 +2433,6 @@ Returns information about the supervisor
|
||||
| debug | bool | Debug is active |
|
||||
| debug_block | bool | `true` if debug block is enabled |
|
||||
| diagnostics | bool or null | Sending diagnostics is enabled |
|
||||
| addons | list | A list of installed [Addon models](api/supervisor/models.md#addon) |
|
||||
| addons_repositories | list | A list of add-on repository URL's as strings |
|
||||
|
||||
**Example response:**
|
||||
@ -2463,19 +2453,6 @@ Returns information about the supervisor
|
||||
"debug": false,
|
||||
"debug_block": false,
|
||||
"diagnostics": null,
|
||||
"addons": [
|
||||
{
|
||||
"name": "Awesome add-on",
|
||||
"slug": "7kshd7_awesome",
|
||||
"description": "Awesome description",
|
||||
"repository": "https://example.com/addons",
|
||||
"version": "1.0.0",
|
||||
"installed": "1.0.0",
|
||||
"icon": false,
|
||||
"logo": true,
|
||||
"state": "started"
|
||||
}
|
||||
],
|
||||
"addons_repositories": ["https://example.com/addons"]
|
||||
}
|
||||
```
|
||||
|
Loading…
x
Reference in New Issue
Block a user