install: Verify target image fetch by default #182
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prep for verifying it before we do an install. Signed-off-by: Colin Walters <[email protected]>
cgwalters
force-pushed
the
install-check-sigverify
branch
from
ebefeb9 to
e6f92ee
Compare
Hooray, CI successfully failed |
Now that we've dropped the `--net=none` by default, let's avoid two major footguns by verifying the target image specification by default. - Forgetting to use `--target-no-signature-verification` (most people are going to need this in demos right now) - When the target OS requires an authenticated pull, but one didn't embed the pull secret in the target OS Signed-off-by: Colin Walters <[email protected]>
cgwalters
force-pushed
the
install-check-sigverify
branch
from
e6f92ee to
be35678
Compare
vrothberg
reviewed
Nov 7, 2023
| If you are pushing an unsigned image, you must specify `bootc install --target-no-signature-verification`. | ||
|
|
||
| Additionally note that to perform an install from an authenticated registry, you must also embed | ||
| the pull secret into the image to pass this check. If you are fetching |
There was a problem hiding this comment.
The last sentence is incomplete.
What does it mean in detail to "embed the pull secret into the image to pass this check"?
There was a problem hiding this comment.
Thanks for catching that! I think it was sufficiently embarrassing state of things that I context switched to look at improving it and didn't switch back. Finished the doc comment in #186
cgwalters
added a commit
to cgwalters/bootc
that referenced
this pull request
Nov 7, 2023
Followup to containers#182 (comment) Signed-off-by: Colin Walters <[email protected]>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this pull request
Nov 7, 2023
Followup to containers#182 (comment) Signed-off-by: Colin Walters <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
install: Compute target image reference upfront
Prep for verifying it before we do an install.
Signed-off-by: Colin Walters [email protected]
install: Verify target image fetch by default
Now that we've dropped the
--net=noneby default, let'savoid two major footguns by verifying the target image specification
by default.
--target-no-signature-verification(most people are going to need this in demos right now)Signed-off-by: Colin Walters [email protected]