Meta cos verify #833
Meta cos verify #833
Conversation
Signed-off-by: Itxaka <igarcia@suse.com>
examples/standard/Dockerfile
Outdated
| @@ -66,7 +70,10 @@ COPY conf/luet.yaml /etc/luet/luet.yaml | |||
| # Copy luet from the official images | |||
| COPY --from=luet /usr/bin/luet /usr/bin/luet | |||
|
|
|||
| RUN luet install -y meta/cos-minimal \ | |||
| # TODO: change this to meta/cos-verify once the meta package is published | |||
| RUN luet install -y toolchain/cosign toolchain/luet-cosign | |||
There was a problem hiding this comment.
| RUN luet install -y toolchain/cosign toolchain/luet-cosign | |
| RUN luet install -y meta/cos-verify |
There was a problem hiding this comment.
Something that "puzzles" me is that in this way, when we get cosign itself and the plugin, those are not verified (via signatures, etc).
Shall we maybe create a signed container where we take this tools from instead?
There was a problem hiding this comment.
wont work :D until this same PR is merged and the meta package published
I mean, it wont fail as luet will fail to install the packages and luet will also fail to find the plugins, so the dockerfile will be built correctly
But I want this to be tested on CI in case its broken (it worked on my machine, yadayadayada :P)
There was a problem hiding this comment.
tested, so updating this to use the meta package. It will eventually work, like cluster synchronization LOL
| @@ -83,3 +83,13 @@ packages: | |||
| - category: system | |||
| name: cloud-config | |||
| version: ">=0" | |||
| - category: "meta" | |||
Signed-off-by: Itxaka <igarcia@suse.com>
Itxaka
force-pushed
the
meta_cos_verify
branch
from
1fcd380 to
60962d5
Compare
|
No need to wait for tests, this shouldn't affect existing packages/tests only the dockerfile and those run |
No description provided.