add sigstore default configuration #233
Conversation
default.yaml
Outdated
| # For reading signatures, schema may be http, https, or file. | ||
| # For writing signatures, schema may only be file. | ||
|
|
||
| # This is the default signature write location for registries. |
There was a problem hiding this comment.
for docker registries, to be pedantic.
There was a problem hiding this comment.
No, this does not apply to OpenShift.
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Should this have some kind of Makefile integration? As it is, it does nothing and is, at best, an example to be stowed away in docs.
right, let's install it with make also |
|
BTW, now thinking about what we do with |
|
@mtrmac PTAL, fixed your comments |
we have config(noreplace) in the RPM, I believe who does make from source knows what he's doing |
Makefile
Outdated
| rm -f skopeo docs/*.1 | ||
|
|
||
| install: install-binary install-docs install-completions | ||
| install -d -m 755 ${CONTAINERSSYSCONFIGDIR} |
There was a problem hiding this comment.
Doesn’t the -D immediately below make this unnecessary?
| install -d -m 755 ${CONTAINERSSYSCONFIGDIR} | ||
| install -D -m 644 default-policy.json ${CONTAINERSSYSCONFIGDIR}/policy.json | ||
| install -d -m 755 ${REGISTRIESDDIR} | ||
| install -D -m 644 default.yaml ${REGISTRIESDDIR}/default.yaml |
There was a problem hiding this comment.
Similarly, the line above can now be dropped perhaps.
| # This is the default signature write location for docker registries. | ||
| default-docker: | ||
| # sigstore: file:///var/lib/atomic/sigstore | ||
| sigstore-staging: file:///var/lib/atomic/sigstore |
There was a problem hiding this comment.
Should we be creating this directory as well?
Signed-off-by: Antonio Murdaca <[email protected]>
mtrmac
left a comment
mtrmac
left a comment
There was a problem hiding this comment.
Thanks! ACK pending tests.
|
@mtrmac can you rebase your integrate-all-the-things branch so that it contains this commit? could you ping me once done, thanks! |
Done, sorry for the delay. |
3 participants
@mtrmac @baude PTAL
We'll soon ship a skopeo sub-pkg which will just contain
/etc/containers/policy.jsonand/etc/containers/registries.d/default.yamlso that docker (after projectatomic/docker#200) and atomic can require it in their spec w/o having N specs shipping those files.Signed-off-by: Antonio Murdaca [email protected]