thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions

docs: resync package docs, AGENTS, and kernel-catalog with current code

Browse source 
Four drift fixes from a doc sweep.

internal/daemon/doc.go
  Replace the capability-hook description that still said "Hook
  methods take *Daemon; VMService reaches them through a
  capabilityHooks seam." Current reality: every capability is a
  plain struct carrying its own service pointers
  (workDiskCapability{vm,ws,store}, dnsCapability{net},
  natCapability{vm,net,logger}); wireServices builds the default
  list; no hook reaches *Daemon.

internal/daemon/ARCHITECTURE.md
  The VMService field list still claimed guestWaitForSSH and
  guestDial were "per-instance fields." Those were deleted as
  refactor residue. Update the note to say the seams live on
  *Daemon (reached by WorkspaceService via closures wired at
  construction) and document the vsockHostDevice field that
  replaced the old package-global vsockHostDevicePath.

AGENTS.md
  Drop the "experimental web UI" mention (removed) and the
  `session` subpackage (removed). Mention banger-vsock-agent as
  the third cmd/ binary while we're here — AGENTS hadn't listed
  it.

docs/kernel-catalog.md
  The trust-model section still read as if upstream kernel sources
  were fetched by HTTPS alone. Add a paragraph covering the PGP
  verification make-generic-kernel.sh now does against the
  detached .tar.sign and the three kernel.org release signing keys.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Thales Maciel 2026-04-22 13:01:11 -03:00
parent 88bc466d58
commit 80ae4d6667
No known key found for this signature in database
GPG key ID: 33112E6833C34679
4 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/kernel-catalog.md
View file

@ -109,8 +109,16 @@ on R2 without also pushing a banger release.
It does **not** protect against a compromise of the banger source repo
itself — an attacker who can land a commit can change both the catalog
SHA256 and the tarball. GPG/sigstore signing is deferred until banger is
public and the threat model justifies the operational overhead.
SHA256 and the tarball. GPG/sigstore signing of the published catalog
tarballs is deferred until banger is public and the threat model
justifies the operational overhead.
Upstream kernel sources *are* verified: `scripts/make-generic-kernel.sh`
fetches the detached PGP signature alongside the tarball from
kernel.org and rejects the build if gpg can't verify it against one
of the three known release signing keys (Greg KH / Linus / Sasha
Levin). So a compromised kernel.org mirror can't slip a backdoored
tarball past a maintainer rebuilding the kernel locally.
## Hosting