Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support verifying signatures for non-layered images when using layered importer #226

Open
cgwalters opened this issue Jan 27, 2022 · 2 comments
Open

Support verifying signatures for non-layered images when using layered importer #226

cgwalters opened this issue Jan 27, 2022 · 2 comments

Comments

@cgwalters
Copy link
Member

Currently we have separate APIs for "un-encapsulate an ostree commit" and "pull a possibly layered image".

The former supports GPG verification, the latter does not.

Today rpm-ostree always uses the layered path, and so we get e.g.:

[root@cosa-devsh ~]# rpm-ostree rebase --experimental ostree-remote-registry:fedora:quay.io/coreos-assembler/fcos:next-devel
Pulling manifest: ostree-remote-image:fedora:docker://quay.io/coreos-assembler/fcos:next-devel
error: Fetching manifest: Cannot currently verify layered containers via ostree remote
[root@cosa-devsh ~]#

There's a bunch of code in #123 that unifies the logic between unencapsulation and layered images. I think once that merges we can (and should) fix this.
@cgwalters
Copy link
Member Author

Maybe a quick short term hack is: if we get ostree-remote-registry, then assume the image isn't layered.

@cgwalters
Copy link
Member Author

Nah, that's too ugly to live. Let's try to fix this with #123

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cgwalters