Skip to content

Commit

Permalink
fix: use remove-signatures in skopeo copy stages
Browse files Browse the repository at this point in the history 
According to [1] neither Docker daemon nor OCI support storing
the container signatures, and skopeo copy refuses to just silently drop
them and fails.

When using `skopeo copy --remove-signatures` to make the copy, the
signatures will be still read and policy.json will still be enforced,
they just won’t be written into the destination.

[1] containers/skopeo#589 (comment)

Resolves: THEEDGE-4032
Relates: RHEL-34807

Signed-off-by: Miguel Martín <[email protected]>
  • Loading branch information
@mmartinv @ondrejbudai
mmartinv authored and ondrejbudai committed Oct 18, 2024
1 parent 1ccd370 commit 22de964
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions bib/cmd/bootc-image-builder/image.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,7 @@ func manifestForISO(c *ManifestConfig, rng *rand.Rand) (*manifest.Manifest, erro
// The ref is not needed and will be removed from the ctor later
// in time
img := image.NewAnacondaContainerInstaller(containerSource, "")
img.ContainerRemoveSignatures = true
img.SquashfsCompression = "zstd"

img.Product = c.SourceInfo.OSRelease.Name
Expand Down

0 comments on commit 22de964

Please sign in to comment.