Comments (4)
Thanks for reporting this. We are working on fixing this.
from walinuxagent.
Hi @waldiTM,
We have recently deployed secure transport for delivery of Virtual Machine Extensions. The newly deployed versions of Virtual Machine Extensions are delivered to the virtual machines over TLS (https). Over time, we will be fully transitioning to TLS.
From your example above, it appears like your virtual machine is running a 2.0 version of the LinuxDiagnostic extension. The latest version is 2.3.9. If you specify the extension as 2.*
while you are deploying (or "autoUpgradeMinorVersion":true
in ARM templates), the newer versions of the extension should be delivered via TLS to your VM.
Thanks for reporting the problem and sorry for the inconvenience.
from walinuxagent.
It must check the signature of the binary after downloading. Just using TLS is not adequate.
from walinuxagent.
@waldiTM Fair point. Currently, the storage medium providing the Virtual Machine Extension packages is the same highly-protected storage bucket providing the Virtual Machine Images as well. They are subject to the same security audits and scans.
The Virtual Machine Extension packages are published not only by Microsoft, but other approved independent software vendors (such as Chef, Puppet Labs, ESET) as well. This makes it somewhat challenging to get the right set of keys to the Virtual Machines.
While these are just technical challenges, Extension Signing is certainly on our list and we are hoping to come back and improve.
from walinuxagent.
Related Issues (20)
- [BUG] DNS issue where deprovisioning sets the hostname to localhost.localdomain HOT 1
- Running collect-logs HOT 2
- Log collection: Memory limit HOT 1
- [BUG] CPU credits drain on B1ls after update to 2.10.0.3 HOT 16
- Issue with extensions when Lib.Dir is modifiend in /etc/waagent.conf HOT 6
- How to disable Azure Portal to automatically install OmsAgentForLinux on my VM? HOT 2
- [BUG] the agent go offline randomly. ERROR ExtHandler ExtHandler Error fetching the goal state in waagent.log HOT 1
- [BUG] WALinuxAgent not updating to latest on Ubuntu HOT 3
- [BUG] VMAccess does not work for FreeBSD HOT 1
- [BUG] Ubuntu versions >= 18.04 checking for dhclient lease files
- [BUG] Flatcar Linux 3602.2.1 Boot Errors HOT 2
- [BUG] udev path mappings for data disks broken in Rocky Linux 9.1 image HOT 2
- [BUG] OpenBSD Deployment Failed HOT 1
- [BUG] Ubuntu22: MonitorHostname does not update iDNS
- [BUG] Ubuntu 2204 & Azure Linux v2: v2.9.1.1 fails to assign IP address for IB interface HOT 1
- [RHEL8] chrony service fails to start at boot on Azure VMs if udev has not finished creating /dev/ptp_hyperv symbolic link HOT 3
- [BUG] AlmaLinux 8 support HOT 7
- whitelist extensions and prevent them from being removed HOT 1
- waagent deplets all available inodes HOT 2
- [BUG] Missing disk operation metrics HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from walinuxagent.