From fced1344428dc341ef8b248e5b38b771feaca07a Mon Sep 17 00:00:00 2001 From: DS Date: Mon, 26 Feb 2024 17:37:53 -0800 Subject: [PATCH] doc: document publicly-known private key for darwin.linux-builder --- doc/packages/darwin-builder.section.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/packages/darwin-builder.section.md b/doc/packages/darwin-builder.section.md index bf6ef906ca5a6..7ddce6c2e5498 100644 --- a/doc/packages/darwin-builder.section.md +++ b/doc/packages/darwin-builder.section.md @@ -1,5 +1,12 @@ # darwin.linux-builder {#sec-darwin-builder} +:::{.warning} +By default, `darwin.linux-builder` uses a publicly-known private SSH **host key** (this is different from the SSH key used by the user that connects to the builder). + +Given the intended use case for it (a Linux builder that runs **on the same machine**), this shouldn't be an issue. +However, if you plan to deviate from this use case in any way (e.g. by exposing this builder to remote machines), you should understand the security implications of doing so and take any appropriate measures. +::: + `darwin.linux-builder` provides a way to bootstrap a Linux remote builder on a macOS machine. This requires macOS version 12.4 or later.