Supervisor 3.3 (new one) is ready to download. After upgrade all is ok, no errors
That has always been possible:
ha security options --help
Content trust is not new.
Thanks for your work!
Can you help me understand what I did wrong because I have always had core_security
(and addon_pwned
) disabled.
However, despite core_security
being disabled, my system was marked Unsupported/Unhealthy after it failed to validate with Code Notary.
Shouldn’t disabling core_security
(which I believe is the --content-trust
option) have skipped validation via Code Notary?
Or is it governed by the --force-security
option? (I don’t understand the difference between those two options.)
Just so we’re clear - Home Assistant, an open-source home automation tool that prides itself on being local and controlled by the user, has a dependency on a 3rd party cloud system which checks to make sure that people aren’t running anything they want on their own home automation platform.
Do I need to point out how crazy several of those things are? Why do we need a nanny to tell us if we’re running “approved” code on an open source and locally-run automation platform? Why does that nanny need to be in the cloud and run by a 3rd party? What exact information is my “local” system sending to that 3rd party?
Better still - how can I disable all of these things?
Can you help me understand what I did wrong because I have always had
core_security
(andaddon_pwned
) disabled.
This is about content trust.
Look at it the way you want. Codesigning is a security feature, which ensures the stuff you are running is what is shipped by the creator in this case. This is a fairly common process, even in open source (e.g., all Linux distributions sign their packages). You are free to ignore it if you like.
I see that as positive and reassuring personally. If you rather run possibly unsigned code because you feel like you are being nannied (even though nobody is watching), please, feel free to do so. Nobody is stopping you.
Got it; this disabled it:
ha security options --content-trust=False
Now it reports the system is unsupported (because Content Trust is disabled) but that’s a reasonable compromise.
The answer I was looking for, thanks @123! My system is now unsupported, which I guess means I can no longer call the Nabu Casa support line. I think I can live with this compromise (and also allow my system to boot when some cloud service isn’t online).
I am glad the feature is there, however, the documentation basically says you probably got hacked and should rebuild it.
This made me think I had been compromised and restored a backup. Other people may have not been so lucky as they may have started over. It may be beneficial to include more information on the documentation outlining that it could be a false positive and resources people can check before they pull the plug and start over.
First I want to be clear that I <3 HA and I really admire the work you’ve done personally on this project. However, your answer didn’t actually answer any individual question I raised. Linux (and many other projects) does offer signed code, but it doesn’t need a 3rd party cloud service to make that happen, nor does this answer actually address the questions.
@123 was kind enough to answer one of my major questions (how do I disable this feature) so that one is handled.
I’ll restate because I think this is the important question: exactly what information is being sent to this 3rd party?
If you encounter a bug, re-enable content-trust
. If the bug persists then it’s unlikely that disabling content-trust
had anything to do with the bug and your system is back to being supported.
Hmm, Got the Detected untrusted content message last night. Also got failed to install of 2022.3.3 supervisor message as I tried to install, thinking it might fix the error. Wasted time looking around and now the system says all is well and I’m running 2022.3.3, which earlier it said it was able to install. I guess it all had to do with the Code Notary cloud implantation. The approach does need to be updated. A warning that the system can no longer talk with code notary might be more appropriate when that’s what happened. Using the same error message that indicates you’ve we believe you’ve been hacked isn’t a good selection of messages. This also bring up an interesting question. What’s the recommended approach to just re-install all the HA code/containers while keeping your configuration details. That is assuming your backups are contaminated with what ever causes HA to publish the error?
I’m joining the question because it’s bothering me. I would also like to know what my data is sent to third parties?
Without a detailed explanation of this point, building a home security system is questionable to me using HA.