Integrity Check
Seer Box is distributed as a containerized application, allowing users to verify the integrity of downloaded images and of the software while it's running.
Checking Container Images
-
The hashes of downloaded images should be checked against the values recorded within the official container registry located at
quay.io/pluribus_one
. -
In all service definitions, container images should be specified by SHA-256 hash value rather than simply by tag, to avoid any ambiguity.
Verifying Running Software
- For Linux, Docker and Podman based installations, users can verify if the software running has been modified in any way by inspecting the differences with downloaded container images using one of these commands, depending on the installation platform:
Linux, Podman
$ podman diff <container-name>
Docker
$ docker diff <container-name>
- For Kubernetes-based deployments, please follow the guidelines in the installation section to ensure that all root filesystems are mounted as read-only to prevent any alteration outside of volumes defined for data persistence.