Skip to content
This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

Support verifying signatures for non-layered images when using layered importer #226

Open
cgwalters opened this issue Jan 27, 2022 · 2 comments
Open

Support verifying signatures for non-layered images when using layered importer #226

cgwalters opened this issue Jan 27, 2022 · 2 comments

Comments

@cgwalters
Copy link
Member

Currently we have separate APIs for "un-encapsulate an ostree commit" and "pull a possibly layered image".

The former supports GPG verification, the latter does not.

Today rpm-ostree always uses the layered path, and so we get e.g.:

[root@cosa-devsh ~]# rpm-ostree rebase --experimental ostree-remote-registry:fedora:quay.io/coreos-assembler/fcos:next-devel
Pulling manifest: ostree-remote-image:fedora:docker://quay.io/coreos-assembler/fcos:next-devel
error: Fetching manifest: Cannot currently verify layered containers via ostree remote
[root@cosa-devsh ~]#

There's a bunch of code in #123 that unifies the logic between unencapsulation and layered images. I think once that merges we can (and should) fix this.
@cgwalters
Copy link
Member Author

Maybe a quick short term hack is: if we get ostree-remote-registry, then assume the image isn't layered.

@cgwalters
Copy link
Member Author

Nah, that's too ugly to live. Let's try to fix this with #123

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cgwalters