No description
Find a file
Ivan Bushchik debff608d2
Remove runner from workspace
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
2024-02-21 20:15:36 +03:00
runner Remove runner from workspace 2024-02-21 20:15:36 +03:00
src 0.3.2: display manifest hashsum on index 2024-02-04 07:28:53 +03:00
.gitignore Initial commit 2023-12-16 08:05:45 +03:00
.rustfmt.toml Initial commit 2023-12-16 08:05:45 +03:00
API.md Fix missing "Request" 2024-02-01 20:56:28 +03:00
Cargo.toml Remove runner from workspace 2024-02-21 20:15:36 +03:00
LICENSE Initial commit 2023-12-16 08:05:45 +03:00
README.md 0.3.1: ARGS for args and back to sh 2024-02-03 22:31:40 +03:00
web.sh web.sh: fixing shellcheck warnings 2024-02-18 13:10:49 +03:00

BinHost

HTTP server to easily serve (prebuilt) binaries for any (UNIX-like) platform with authenticity check

Installation

cargo install --git https://github.com/ivabus/binhost

Server usage

List options with --help

Make sure to use proxy with rate limiter in prod.

Directory structure

Directory, passed to binhost --dir option (defaults to ./bin) should look like (for hello binary)

Note: list of binaries will be refreshed every 5 minutes (by default, see --refresh option)

bin
└── hello
    ├── Darwin
    │   ├── arm64
    │   │   └── hello
    │   └── x86_64
    │       └── hello
    └── Linux
        └── aarch64
            └── hello

Runners

Runner is a (necessary) subprogram, that checks ED25519 signature of a binary file and needs to be statically compiled for every platform, that could use binaries from binhost server.

Directory, passed to binhost --runners-dir option (defaults to ./runners) should look like (for Linux-x86_64, Linux-aarch64 and Darwin-arm64 compiled runners)

runners
├── runner-Darwin-arm64
├── runner-Linux-aarch64
└── runner-Linux-x86_64

Client usage

Execute specific binary with manifest validity check

Manifest validity check provides a fully-secured binary distribution chain.

curl ADDRESS:PORT/<bin> | KEY=... sh

KEY first few symbols from hex representation of SHA256 sum of manifest (printed to stdout on binhost startup).

Additional arguments are set with ARGS environment variable

Only this option should be considered as secure.

Execute specific binary without validity check

curl ADDRESS:PORT/<bin> | sh

Download and reuse script

curl ADDRESS:PORT/<bin> -o script.sh
./script.sh # Execute preloaded bin configuration
BIN=<newbin> ./script.sh # Execute newbin (download)
BIN=<newbin> EXTERNAL_ADDRESS=<newaddress> ./script.sh # Execute newbin from newaddress

API

See full HTTP API in API.md

License

This project is licensed under MIT License