From ec58e480e9d6941bfd57fe0b03950db222c0665e Mon Sep 17 00:00:00 2001 From: Artem Kosulin Date: Tue, 15 Feb 2022 00:21:53 +0300 Subject: [PATCH] site: fixed styles on security page Signed-off-by: Alexey Igrychev --- .../documentation/security_en/components.html | 8 +-- .../documentation/security_en/intro.html | 6 +- .../security_en/not-protecting.html | 60 +++++++++---------- .../documentation/security_en/provide.html | 8 +-- .../security_en/recommendations.html | 42 +++++++------ .../documentation/security_ru/components.html | 6 +- .../documentation/security_ru/intro.html | 6 +- .../security_ru/not-protecting.html | 2 +- .../documentation/security_ru/provide.html | 6 +- .../security_ru/recommendations.html | 2 +- docs/css/components/security/_components.scss | 23 ++++--- docs/css/components/security/_intro.scss | 5 +- .../components/security/_not-protecting.scss | 28 +++++---- docs/css/components/security/_provide.scss | 25 ++++++-- docs/css/misc/common.scss | 6 ++ docs/pages_en/documentation/security.html | 2 +- docs/pages_ru/documentation/security.html | 2 +- 17 files changed, 138 insertions(+), 99 deletions(-) diff --git a/docs/_includes/documentation/security_en/components.html b/docs/_includes/documentation/security_en/components.html index 477f7d0d..7c5bba40 100644 --- a/docs/_includes/documentation/security_en/components.html +++ b/docs/_includes/documentation/security_en/components.html @@ -1,5 +1,5 @@
-
+
trdl components and their roles
@@ -11,7 +11,7 @@
Vault
  • Secure encryption key management.
  • -
  • A platform for running the trdl server securely. Ensures confidentiality, data integrity and availability, accountability; provides authentication and authorization methods.
  • +
  • A platform for running the trdl server securely. Ensures confidentiality, data integrity and availability, accountability; provides authentication and authorization methods.
-
+
diff --git a/docs/_includes/documentation/security_en/intro.html b/docs/_includes/documentation/security_en/intro.html index 58edd60e..82ee1377 100644 --- a/docs/_includes/documentation/security_en/intro.html +++ b/docs/_includes/documentation/security_en/intro.html @@ -1,5 +1,5 @@
-
+
Security @@ -7,13 +7,13 @@

trdl is designed to minimize the damage from potential attacks on the release system. The Vault secret manager, the TUF-based repository (The Update Framework), and Git are the three main components that make this possible.

-
+
diff --git a/docs/_includes/documentation/security_en/not-protecting.html b/docs/_includes/documentation/security_en/not-protecting.html index 6835d9ef..9c8bbdec 100644 --- a/docs/_includes/documentation/security_en/not-protecting.html +++ b/docs/_includes/documentation/security_en/not-protecting.html @@ -1,35 +1,33 @@ -
-
-
-
What trdl does not protect against
-
-
-
    -
  • - - - -

    - trdl cannot protect you against threats related to physical access to the host where the trdl-client is installed. -

    -
  • -
-
- -
-
    -
  • - - - -

    - trdl cannot protect you against human errors, e.g., incorrect GPG signature quorum configuration, improper build instructions, and faulty Vault config. -

    -
  • -
-
+
+
+
What trdl does not protect against
+
+
+
    +
  • + + + +

    + trdl cannot protect you against threats related to physical access to the host where the trdl-client is installed. +

    +
  • +
+
+ +
+
    +
  • + + + +

    + trdl cannot protect you against human errors, e.g., incorrect GPG signature quorum configuration, improper build instructions, and faulty Vault config. +

    +
  • +
-
+
diff --git a/docs/_includes/documentation/security_en/provide.html b/docs/_includes/documentation/security_en/provide.html index 5f35fc27..182de481 100644 --- a/docs/_includes/documentation/security_en/provide.html +++ b/docs/_includes/documentation/security_en/provide.html @@ -1,5 +1,5 @@ -
-
+
+
Summary @@ -53,12 +53,12 @@
-
+
diff --git a/docs/_includes/documentation/security_en/recommendations.html b/docs/_includes/documentation/security_en/recommendations.html index b237430e..427a7afb 100644 --- a/docs/_includes/documentation/security_en/recommendations.html +++ b/docs/_includes/documentation/security_en/recommendations.html @@ -1,25 +1,23 @@ -
-
-
-
Our recommendations
-
-
    -
    -
  • Use an external authentication provider instead of the Vault root token.
  • - -
  • Set up an NGINX proxy to secure access to Vault by switching to HTTPS and enabling access only to certain Vault endpoints.
  • - -
  • Run Docker on the same host as Vault and block outside access to Docker.
  • - -
    -
    -
  • Do not install any other software on the virtual machine where Vault and the trdl plugin are running.
  • - -
  • Use the common and proven methods of protecting the OS/host.
  • - -
    -
-
+
+
+
Our recommendations
+
+
    +
    +
  • Use an external authentication provider instead of the Vault root token.
  • + +
  • Set up an NGINX proxy to secure access to Vault by switching to HTTPS and enabling access only to certain Vault endpoints.
  • + +
  • Run Docker on the same host as Vault and block outside access to Docker.
  • + +
    +
    +
  • Do not install any other software on the virtual machine where Vault and the trdl plugin are running.
  • + +
  • Use the common and proven methods of protecting the OS/host.
  • + +
    +
diff --git a/docs/_includes/documentation/security_ru/components.html b/docs/_includes/documentation/security_ru/components.html index 702f28b6..4eadd101 100644 --- a/docs/_includes/documentation/security_ru/components.html +++ b/docs/_includes/documentation/security_ru/components.html @@ -1,5 +1,5 @@
-
+
Компоненты trdl и их функции
@@ -90,13 +90,13 @@
-
+
\ No newline at end of file diff --git a/docs/_includes/documentation/security_ru/intro.html b/docs/_includes/documentation/security_ru/intro.html index 0497d1bf..ad350b82 100644 --- a/docs/_includes/documentation/security_ru/intro.html +++ b/docs/_includes/documentation/security_ru/intro.html @@ -1,18 +1,18 @@
-
+
Безопасность

trdl спроектирован так, чтобы минимизировать ущерб от потенциальных атак на систему обновления. Три основных компонента, которые за это отвечают, — менеджер секретов Vault, репозиторий на основе The Update Framework и Git.

-
+
\ No newline at end of file diff --git a/docs/_includes/documentation/security_ru/not-protecting.html b/docs/_includes/documentation/security_ru/not-protecting.html index 2fc443cf..c307286e 100644 --- a/docs/_includes/documentation/security_ru/not-protecting.html +++ b/docs/_includes/documentation/security_ru/not-protecting.html @@ -1,4 +1,4 @@ -
+
От чего trdl не защищает
diff --git a/docs/_includes/documentation/security_ru/provide.html b/docs/_includes/documentation/security_ru/provide.html index 31f4a9bf..ac70e108 100644 --- a/docs/_includes/documentation/security_ru/provide.html +++ b/docs/_includes/documentation/security_ru/provide.html @@ -1,4 +1,4 @@ -
+
@@ -53,12 +53,12 @@
-
+
\ No newline at end of file diff --git a/docs/_includes/documentation/security_ru/recommendations.html b/docs/_includes/documentation/security_ru/recommendations.html index 33b5e992..97e9d749 100644 --- a/docs/_includes/documentation/security_ru/recommendations.html +++ b/docs/_includes/documentation/security_ru/recommendations.html @@ -1,4 +1,4 @@ -
+
Наши рекомендации
diff --git a/docs/css/components/security/_components.scss b/docs/css/components/security/_components.scss index 39e6a515..ec45adaa 100644 --- a/docs/css/components/security/_components.scss +++ b/docs/css/components/security/_components.scss @@ -11,18 +11,27 @@ } &__grid--list { + grid-template-columns: rem(600px); + // max-width: rem(600px); grid-template-areas: - "gear ." - "gear people" - "gear people" - "shield people" - "shield comp" - "shield comp" - ". comp"; + "gear" + "people" + "shield" + "comp"; & .card { display: flex; flex-direction: column; + padding: rem(40px) rem(60px); + + &:nth-child(even) { + margin-right: rem(-180px); + margin-left: rem(180px); + } + + &__item { + padding-left: 0; + } &--gear { & .card__list { diff --git a/docs/css/components/security/_intro.scss b/docs/css/components/security/_intro.scss index 0812ad37..29896409 100644 --- a/docs/css/components/security/_intro.scss +++ b/docs/css/components/security/_intro.scss @@ -2,7 +2,6 @@ &.solve-that { &__section { position: relative; - margin-top: rem(190px); margin-bottom: rem(140px); z-index: 0; @@ -10,6 +9,10 @@ background: $color-accent; margin-top: rem(70px); } + + & .solve-that__container { + padding: 0; + } } } diff --git a/docs/css/components/security/_not-protecting.scss b/docs/css/components/security/_not-protecting.scss index 608d3b6d..7b920238 100644 --- a/docs/css/components/security/_not-protecting.scss +++ b/docs/css/components/security/_not-protecting.scss @@ -1,15 +1,23 @@ .security { - & .architecture__cols { - &--item { - & .col__item .warning { - stroke: $color-accent; + &.how-work__section { + & .architecture__cols { + &--item { + & .col__item { + & .warning { + stroke: $color-accent; + } + + & p { + color: #000; + } + } + + // &:last-child { + // & .col__item { + // max-width: 95%; + // } + // } } - - // &:last-child { - // & .col__item { - // max-width: 95%; - // } - // } } } } \ No newline at end of file diff --git a/docs/css/components/security/_provide.scss b/docs/css/components/security/_provide.scss index 3d3e54cf..07ab31c6 100644 --- a/docs/css/components/security/_provide.scss +++ b/docs/css/components/security/_provide.scss @@ -1,14 +1,26 @@ .security { - & .container--wide { - position: relative; + &.architecture__section { + &.ignore-sidebar { + margin-left: rem(-400px); + margin-right: rem(-80px); + } - @media screen and (max-width: 1375px) { - position: unset; + & .container--wide { + position: relative; + padding: rem(20px) rem(80px); + + @media screen and (max-width: 1375px) { + position: unset; + } } } + .architecture { &__wrap { + margin-left: 0; + margin-right: 0; + & .col__text { @include montserrat(regular); font-size: rem(18px); @@ -29,6 +41,10 @@ } &__cols--item { + &:first-child { + margin-bottom: 0; + } + & .warning { fill: none; stroke: $text-color-title-invert-light; @@ -40,6 +56,7 @@ } &__cols { + flex-direction: row; margin-bottom: rem(30px); & .col { diff --git a/docs/css/misc/common.scss b/docs/css/misc/common.scss index 86ee12e1..d158675a 100644 --- a/docs/css/misc/common.scss +++ b/docs/css/misc/common.scss @@ -220,4 +220,10 @@ td .tippy-content { .ignore-sidebar { margin-left: rem(-320px); +} + +.docs .security ul > li { + &::before { + display: none; + } } \ No newline at end of file diff --git a/docs/pages_en/documentation/security.html b/docs/pages_en/documentation/security.html index 3a0e5bbc..2d732b48 100644 --- a/docs/pages_en/documentation/security.html +++ b/docs/pages_en/documentation/security.html @@ -1,7 +1,7 @@ --- title: Security permalink: documentation/security.html -layout: main-page +layout: sidebar --- diff --git a/docs/pages_ru/documentation/security.html b/docs/pages_ru/documentation/security.html index 48a11616..8cc8e28b 100644 --- a/docs/pages_ru/documentation/security.html +++ b/docs/pages_ru/documentation/security.html @@ -1,7 +1,7 @@ --- title: Безопасность permalink: documentation/security.html -layout: main-page +layout: sidebar ---