Status
Accepted (2026-07-02)
Context
The bootstrap originally ran curl https://tailscale.com/install.sh | sh as root, and
Ansible fetched cloudflared from GitHub's releases/latest with no checksum — both
install whatever the remote serves on the day, unverifiable after the fact. The failure
mode: a compromised or MITM'd download executes as root on the box that fronts every
connector credential.
Decision
- Tailscale: install from Tailscale's signed apt repo (pinned keyring in
/usr/share/keyrings, repo list frompkgs.tailscale.com); apt verifies package signatures thereafter. - cloudflared: pin an explicit release (
2026.6.1) and verify the.debsha256 in Ansible'sget_urlbefore install; version + checksum are updated together, taken from the GitHub release notes.
Consequences
- Deploys are reproducible; a tampered artifact fails the checksum instead of installing.
- Upgrading cloudflared is now a deliberate two-line change rather than automatic drift.
- Residual trust: the initial keyring fetch trusts Tailscale's HTTPS origin once.
Compiled from
wiki/projects/gcp-mcp-standalone/adr/0005-pinned-supply-chain.md · git is the source of truth