diff --git a/docs/add-ons/configuration.md b/docs/add-ons/configuration.md index f41c48de..b0a446e2 100644 --- a/docs/add-ons/configuration.md +++ b/docs/add-ons/configuration.md @@ -183,6 +183,7 @@ Note: Avoid the use of this filename for anything other than add-on configurati | `backup_pre` | string | | Command to execute in the context of the add-on before the backup is taken. | `backup_post` | string | | Command to execute in the context of the add-on after the backup was taken. | `backup_exclude` | list | | List of file/path (with glob support) that are excluded from backups. +| `codenotary` | email | | Email address of the signer of this image used by Codenotary CAS. | `advanced` | bool | `false` | Set this to `true` to require the user to have enabled "Advanced" mode for it to show. | `stage` | string | `stable` | Flag add-on with follow attribute: `stable`, `experimental` or `deprecated`. Add-ons set to `experimental` or `deprecated` will not show up in the store unless the user enables advanced mode. | `init` | bool | `true` | Set this to `false` to disable the Docker default system init. Use this if the image has its own init system (Like [s6-overlay](https://github.com/just-containers/s6-overlay)). *Note: Starting in V3 of S6 setting this to `false` is required or the addon won't start, see [here](https://developers.home-assistant.io/blog/2022/05/12/s6-overlay-base-images) for more information.* diff --git a/docs/add-ons/security.md b/docs/add-ons/security.md index f7eb89f9..00a0bb3b 100644 --- a/docs/add-ons/security.md +++ b/docs/add-ons/security.md @@ -18,6 +18,10 @@ For access to Supervisor API you need to define a role or you run in default mod | `manager` | Is for Add-ons that run CLIs and need extended rights | | `admin` | Have access to every API call. That is the only one they can disable/enable the Add-on protection mode | +## Codenotary CAS + +You can sign your images and also verify our base image which you build from to provide a full chain of trust. This feature us supported by our [Builder](https://github.com/home-assistant/builder) and the [build config](/docs/add-ons/configuration#add-on-extended-build). For enable this feature on the Supervisor for your Add-on, you simple need add your email address to the Add-on configuration `codenotary`. + ## Protection Default, all add-ons run in protection enabled mode. This mode prevents the add-on from getting any rights on the system. If an add-on requires more rights, you can disable this protection via the API add-on options for that add-on. But be careful, an add-on with disabled protection can destroy your system! @@ -30,6 +34,7 @@ As a developer, follow the following best practices to make your add-on secure: - Create an AppArmor profile - Map folders read only if you don't need write access - If you need any API access, make sure that you do not grant permission that aren't needed +- Sign the image with [Codenotary CAS](https://cas.codenotary.com/) ## Use Home Assistant User backend diff --git a/docs/api/supervisor/endpoints.md b/docs/api/supervisor/endpoints.md index a117dea2..d0f36393 100644 --- a/docs/api/supervisor/endpoints.md +++ b/docs/api/supervisor/endpoints.md @@ -13,14 +13,13 @@ To see more details about each endpoint, click on it to expand it. ### Addons -Return overview information about add-ons and add-on repositories. +Return overview information about installed add-ons. **Payload:** | key | type | description | | ------------ | ---- | -------------------------------------------------- | | addons | list | A list of [Addon models](api/supervisor/models.md#addon) | -| repositories | list | A list of [Repository models](api/supervisor/models.md#repository) | **Example response:** @@ -45,15 +44,6 @@ Return overview information about add-ons and add-on repositories. "icon": false, "logo": false } - ], - "repositories": [ - { - "slug": "12345678", - "name": "Awesome repository", - "source": "https://github.com/awesome/repository", - "url": null, - "maintainer": "Awesome maintainer " - } ] } ``` @@ -155,6 +145,7 @@ Get details about an add-on | video | boolean | `true` if video is enabled | | watchdog | boolean | `true` if watchdog is enabled | | webui | string or null | The URL to the web UI for the add-on | +| signed | boolean | True if the image is signed and trust | **Example response:** @@ -233,7 +224,8 @@ Get details about an add-on "version": "1.0.0", "video": false, "watchdog": true, - "webui": "http://[HOST]:1337/xy/zx" + "webui": "http://[HOST]:1337/xy/zx", + "signed": false } ``` @@ -1535,13 +1527,12 @@ Returns information about available updates **Returned data:** | key | type | description | --- | -- | -- -update_type | string | `addon`, `os`, `core` or `supervisor` -name | string | Returns the name (only if the `update_type` is `addon`) -icon | string | Returns the path for the icon if any (only if the `update_type` is `addon`) -version_latest | string | Returns the available version -panel_path | string | Returns path where the UI can be loaded - +| -- | -- | -- | +| update_type | string | `addon`, `os`, `core` or `supervisor` | +| name | string | Returns the name (only if the `update_type` is `addon`) | +| icon | string | Returns the path for the icon if any (only if the `update_type` is `addon`) | +| version_latest | string | Returns the available version | +| panel_path | string | Returns path where the UI can be loaded | @@ -2442,7 +2433,6 @@ Returns information about the supervisor | debug | bool | Debug is active | | debug_block | bool | `true` if debug block is enabled | | diagnostics | bool or null | Sending diagnostics is enabled | -| addons | list | A list of installed [Addon models](api/supervisor/models.md#addon) | | addons_repositories | list | A list of add-on repository URL's as strings | **Example response:** @@ -2463,19 +2453,6 @@ Returns information about the supervisor "debug": false, "debug_block": false, "diagnostics": null, - "addons": [ - { - "name": "Awesome add-on", - "slug": "7kshd7_awesome", - "description": "Awesome description", - "repository": "https://example.com/addons", - "version": "1.0.0", - "installed": "1.0.0", - "icon": false, - "logo": true, - "state": "started" - } - ], "addons_repositories": ["https://example.com/addons"] } ```