Project · gcp-mcp-standalone · ADRs

0005 — Pinned, verified installs (no curl | sh, no floating latest)

type adrstatus activesecurity · supply-chain · ansible

Status

Accepted (2026-07-02)

Context

The bootstrap originally ran curl https://tailscale.com/install.sh | sh as root, and Ansible fetched cloudflared from GitHub's releases/latest with no checksum — both install whatever the remote serves on the day, unverifiable after the fact. The failure mode: a compromised or MITM'd download executes as root on the box that fronts every connector credential.

Decision

  • Tailscale: install from Tailscale's signed apt repo (pinned keyring in /usr/share/keyrings, repo list from pkgs.tailscale.com); apt verifies package signatures thereafter.
  • cloudflared: pin an explicit release (2026.6.1) and verify the .deb sha256 in Ansible's get_url before install; version + checksum are updated together, taken from the GitHub release notes.

Consequences

  • Deploys are reproducible; a tampered artifact fails the checksum instead of installing.
  • Upgrading cloudflared is now a deliberate two-line change rather than automatic drift.
  • Residual trust: the initial keyring fetch trusts Tailscale's HTTPS origin once.
Compiled from wiki/projects/gcp-mcp-standalone/adr/0005-pinned-supply-chain.md · git is the source of truth