You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-11Lines changed: 21 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,24 @@ This is a free and simple builder server for [ios-signer-service](https://github
4
4
5
5
You only need to configure one builder. If you already configured a CI provider as your builder, you don't need to do anything here. This project is aimed at people who want to have a self-hosted builder.
6
6
7
+
## Important
8
+
9
+
### Security
10
+
11
+
This server requires the use of an authentication key so that only the web service can control your builder. However, there is no built-in support for HTTPS or any other form of encryption. Therefore:
12
+
13
+
> :warning:**Anybody with access to the builder's network can potentially manipulate the builder to execute any code that they want on your machine.**
14
+
15
+
To prevent this, only deploy this server in a trusted environment, or even better, wrap the server in HTTPS yourself using a reverse proxy like nginx.
16
+
17
+
### Side effects on your Mac
18
+
19
+
While the server will do its best to keep changes to your Mac at a minimum, certain changes are inevitable. The biggest one to know is:
20
+
21
+
> :warning:**Your keychain will be swapped out during signing and restored back afterwards.**
22
+
23
+
It is highly recommended that you dedicate this Mac exclusively as a builder. Using it for other purposes, especially at the same time as a sign job is running, could lead to random issues.
24
+
7
25
## Setup
8
26
9
27
All the steps should be performed on your builder Mac.
@@ -21,21 +39,13 @@ All the steps should be performed on your builder Mac.
21
39
rm master.zip
22
40
```
23
41
24
-
Important:
25
-
26
42
> :warning:**Remember to update the signing files from above every time that you update the signing service. Otherwise you may experience random issues.**
27
43
28
-
This server requires the use of an authentication key so that only the web service can control your builder. However, there is no built-in support for HTTPS or any other form of encryption. Therefore:
29
-
30
-
> :warning:**Anybody with access to the builder's network can potentially manipulate the builder to execute any code that they want on your machine.**
31
-
32
-
To prevent this, only deploy this server in a trusted environment, or even better, wrap the server in HTTPS yourself using a reverse proxy like nginx.
33
-
34
-
The authentication key has to be at least 8 characters long. Note it down - you will need to put it in your `ios-signer-service`'s configuration file later on.
35
-
36
44
## Running
37
45
38
-
When starting the server, you will want to use the same auth key and signing files from above and pass them as arguments:
46
+
You need to make up an authentication key. It has to be at least 8 characters long. Note it down - you will need to put it in your `ios-signer-service`'s configuration file later on.
47
+
48
+
To start the server, use the auth key and signing files from before and pass them as arguments:
0 commit comments