This repository has been archived by the owner on Jun 28, 2024. It is now read-only.
Signatures: add resources with new URI scheme #5577
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Keep existing resources in place so that CI does not break. The test tag is hard-coded in image-rs. Fixes: kata-containers#5576 Signed-off-by: Tobin Feldman-Fitzthum <tobin@ibm.com>
|
/test |
jepio
added a commit
to jepio/kata-containers
that referenced
this pull request
Mar 31, 2023
Depends-on:github.com/kata-containers/tests#5577 Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
|
@stevenhorsman i'm trying to run a test with the ttrpc PR here: kata-containers/kata-containers#6569 |
Nice - it looks like you've got the depends-on correct :) |
|
cosign tests were still failing, so i pushed an extra commit to #5579 |
Xynnn007
reviewed
Apr 3, 2023
| "Credential": "${CREDENTIAL}", |
There was a problem hiding this comment.
I think we do not need "Policy", "Credential", "Cosign Key", "GPG Keyring" and "Sigstore Config" anymore. We use specific uris now.
There was a problem hiding this comment.
these are for compatibility with AA before KBS URI support. The goal is to be able to support both options and merge this PR before the ttrpc switch.
| @@ -1,5 +1,8 @@ | |||
| { | |||
| "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", | |||
There was a problem hiding this comment.
As mentioned, we do not need "Policy" anymore, which is replaced by a URI default/security-policy/test.
Similiar keys are:
"Sigstore Config"->"default/sigstore-config/test""GPG Keyring"->"default/gpg-public-config/test"
| @@ -1,5 +1,8 @@ | |||
| { | |||
| "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", | |||
| "Sigstore Config": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", | |||
| "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" | |||
| "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==", | |||
| "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", | |||
There was a problem hiding this comment.
This policy is
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"quay.io/kata-containers/confidential-containers": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/containers/quay_verification/public.gpg"
}
]
}
}
}That means the GPG keyring is located inside the guest image. If the test aims to fetch the GPG keyring from KBS, please use the following
ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogImticzovLy9kZWZhdWx0L2dwZy1wdWJsaWMtY29uZmlnL3Rlc3QiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=
which means
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"quay.io/kata-containers/confidential-containers": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "kbs:///default/gpg-public-config/test"
}
]
}
}
}| "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==", | ||
| "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", | ||
| "default/sigstore-config/test": "ZG9ja2VyOgogICAgcXVheS5pby9rYXRhLWNvbnRhaW5lcnMvY29uZmlkZW50aWFsLWNvbnRhaW5lcnM6CiAgICAgICAgc2lnc3RvcmU6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcwogICAgICAgIHNpZ3N0b3JlLXN0YWdpbmc6IGZpbGU6Ly8vZXRjL2NvbnRhaW5lcnMvcXVheV92ZXJpZmljYXRpb24vc2lnbmF0dXJlcw==", | ||
| "default/sigstore-config/test": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUdOQkdOMlhnRUJEQUMyaDB0SWZ2RXNTN2V2MlZkWlpscnhBc0FNNHJpdXFSd3Z2a2p1RmpRTGtNUzhzZmp1CmR2ZTY0ZmdVendQZ2U4QkhrcmdQczR1UWdESFMyWDIxQS9IMEU3cWxHRWpBMHVyV1I2dTQyc3U5eEd6aDFScE8KZ3FhTEkyamJLUWRCWmh3TnZScXFjZDdoeGFaMzhxZFd4Smh4a2gwRHYxVC9vN0c1YjhPTlRvdWxyYTlhUFJGWApHZHJnQkdRQkduWkhnSWxUYmpibTdiRTZFUjlwd05tUmFPRVMrcFRtRWxWTzMzTVJ4alUxOEFEK3Z4TEp3MXcwCmprb1dQUmlxQnk0T0huU1JhZ0lpT1h5S3NwQ1Z3WTF3dkYzMjY3VCttYWxId2Z5OUp3SDBxdytBbTU3L3pGbWUKSkZwdGNPeEVkMXVqNThyZzcyZ1FNQzVYZG9wWVVmd281aVZKa1d6ZU1PL1RlTHIxOE1venhoczJ4eENGVG5xTApCZXJ1NnhVTm9TQXZxMGVxNnRJb3VCekhZZlF2WUV2Ri9ueVZ1TEZFYU95RzJZTVhjVWlBVUV0eHVRTktIbFFXCm11ZXRaSmdlQkoxNU9TREtmTVQ5VUtWdGIyaHJPYkVBU013UGV3ZytTVDRZODcrSnN4OUY2Zlo0NTVvZFBhOWQKbFhpYnBkRzBCL2oxbXhVQUVRRUFBYlFuU0hsdmRXNW5aM2wxSUVOb2Iya2dQRWg1YjNWdVoyZDVkUzVEYUc5cApRR2xpYlM1amIyMCtpUUhVQkJNQkNnQStGaUVFcE9NZUwvM3V4cUlPSjhISHE0NVdxem5yRldNRkFtTjJYZ0VDCkd3TUZDUVBDWndBRkN3a0lCd0lHRlFvSkNBc0NCQllDQXdFQ0hnRUNGNEFBQ2drUXE0NVdxem5yRldQUFlndisKT2dFQUFwakpsMWNlMjVadHpPVWRsNXdBS0p0T0RNNTMrVFRpQkRhRm9MWWxZNVg1R1NsRy96dHpsaDdldzhVeApDcjVGeVppNHNoT3FvQ3h3cmQ3aHNHbmJwVkR1ZDRLU0lqdmFBaGYvZm52ZUd5K1lyNFdJaXNrZnJaZXFDREFWCnpPV29UZU9SMFRQSjFhUFlzRWgveDQrT3dFYkdId1E2N01sMkVuYXdYNjdNWG1NTDdnQ3ZiR2lDdFkxV3JYN3QKUktqWlVLKzN0SWZYNHBFZ3AxUW1VQlVlOWxNUzNMc0YxYXRTdEtwRDZqbHRwamtxSXhnd0ZvTThsNkh0Q0o2MgpYamdDTzAzcHUrcVpWUUJzdnZEb2V4dWEvaXB4MWZxVUFpekY3dlEzYlB1WjNJQ1F0ZUtXaXI1S0RQTEtqcG9QCldObGxCU1d4b0VwK0lndWNSMy9lUGJYekpGelVKM2taaS96cmFPNlpBdW1QZlJSamtjS2JiK3dJVVp6VVhmR2YKVmFxaGE4b0lmYVgzWG9JUDJDYkpYdG1jVU53V2hpT05UL21QMXhaTXdEblI4K1ZjaGtyY1dReFE4OHJxZnh1RQp0a2liTDZyU0hJV1BvVFVaUmNleVlNN3B1a1gyQVFxY0ZjWTV6c2tVUGZlb29FaDdRdXVyZEhuRnhCZDVGMS9hCnVRR05CR04yWGdFQkRBRFBNcGx6RkpGRytpZmlnd1JnT2ZJVEdXWkxIV0ZqMWxaM1lrZ2dHWHo4L1Q1bGhwd3AKTXZMTHpWUDJZSm14Q0hqSDFjNGFJQ3FBelVXbjJBOENWVlpKbnlTaVVQTy9kS1Nna3ZtYW1rUkd4Q2ZwWUxObApHTXE4dng3elBhdG1UUjM1RVMxWlM3bE9UN0FRaVRPRHdhTmdsbFNhU2lhc3hmc2UvS09UQnZIblovT0N0b1ZXCmtuMlFlTjgya2l2ZGh5MGVMZFY1REdVVm9OdTlhQ2J4c1d4U2tMT1E3d1d6aENsb3k1ajJrZ3psZUNYbUsxdmMKMVJUTlptNUFSSG03dHpHMTdVRzd2eW5Ua1hQbVIvcmlkR0k1YlJvcStKeUkrWUh4dm9iaTlxZkVRT3lKVk1JNgpMb294ZlVaWkFEN0UzWkkwdzhld296UmtWV2tnRktzSmVVTko5RzVZK1RFSFdSUG45TlVFNzEyVmxvNWhVT04zCkNUQ0N2ek5CQmcycTRHQ1VFMno4WG1QRkRwMzJMZ1d1em9HWVJVdEh3SmVKTmhZQWtGMVpIYmJDczF0UExkTWIKTzZJaW8zVVVnRHFmRy9TOVJpOGhJTHcyVmx3eVBFQSs1YitXd2JUbTBiL3ZPMUUvcDVvRlFLaDNvd1MrcVNMbgo4TnQ5Y2pQSGJDNUIwL0VBRVFFQUFZa0J2QVFZQVFvQUpoWWhCS1RqSGkvOTdzYWlEaWZCeDZ1T1ZxczU2eFZqCkJRSmpkbDRCQWhzTUJRa0R3bWNBQUFvSkVLdU9WcXM1NnhWajNqb0wrd1lUVy9BU3hGRXVGUWJvZm1PbTh5OGEKUUl2TWpiRDBnQUlTM0Y5QytxUnlSUjYyN1dPak5jSGl3RVA5YUh3SVZFRXZiaVJkZk9lNVV2Z2M4NlpjaEFhMwo1Yk9XR3VKQ0JIWU5GNU9RcUpxTXlvWmpmRWRFSEpWVW9wbGhOd3NUa0V3MGc3ZXU0TEpkMWxsN0UvVVpDWmVvClhudlJxTVFEUjRUV2ZYeks5dzZONXNrZHJXcHZWeGNCNEUwVW9BVmh2alVNalo2S2ZmUGYrOS9SWTRLdG83S0EKbXVhZUkxV0M4RGRjZUJnZDg5QXNhMVVOWCtpVC9DVGw0endQWXQzMjVjcmhIVG5YZ05BRFo4QXZhUUFyc24wWQpGT0svcGJ0aUczOEtkalJBQjNlN3dDTFdWaVV4QkhBQ1lyUzkvUjBxVzRCa1Y5OHNwZXRSVWxhYlVycDVFbHNaClNXTVFpNk95NzlYRkZMam55eS9JbzdGSDREdXlKQTlLZ3lyaDFJUXU0c3ZWeWhaTWVGbW5GUkdkSUVqM2JBcW0Kbm9ZSlA2WElTeUFGNjB1UEJteEdidXpvTm9CbUVKZDFHeTVBZ0ZyQ1p3K1gxc1ZtTVZUMit3YVpvK0lINjlGVwpoNW1hdERZdDh2VE1zRmxuaEN5NllmUDdQcEhaQmNBa1JXYU9SNkVrL1E9PQo9aWpVOQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" |
There was a problem hiding this comment.
the key name should be "default/gpg-public-config/test"
| @@ -1,5 +1,8 @@ | |||
| { | |||
| "Policy": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", | |||
There was a problem hiding this comment.
Also, we do not need "Policy", "Sigstore Config" and "GPG Keyring" anymore
| "GPG Keyring": "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdGTVZFZ0JFQUN6ZC9ISno2bnE4R0FqRm9XdDIwUGhBeTRScDhxNHFlRkUzSkorbHdoUHprSmRiTDNaClFKMzFURUNyYktVeW8zTElRMzFCNzVBWXczdm5FSVVPY3V0U0UxaThvNTU3SW94eGxHNFN3dGtSVmRVUGVFN2UKdElOMm1aKzJHd25nQW1KRUgxNWtNQUZzVVFhNG4rWE9WUU9aSTNRWWVsWWpMd0thbXFBa3dFdjAzSmpHaTIrbQo0a0ZITzBmMy9lc0pmZXhVd3hLMHdQazJ4emlvZ2FpTzN6NDViTkoxMDZwSC95NGhRMHBWbWZJSHpPVjZwRHN2ClVHcTFxdnZlL2dDRXFZZWYvcUgyNzJoRkdNTE1qRy8yOStwVmZ1bEJ2YnpiUUhNUHlIaTFBdTVwemJWVUhxOUEKOURoWXhmWllpN2MreXU5Y1h0cngzQmlXSG52NzlBRUtWZDhCdkVucE02dGNIOWMvVFJlakd6VjF0cThva05wMwpXaXp6T0ZzVXBpaXVYVVo5ZlVlQ0s5YnVEaXdsdDF2ZGQ2OG5RZ3o2YkdIOEZqbVd2UXU4eTNVZEZRSTUwQkNVCmVEeFZEcHIzRXhjNER6MWxnU0pNV0wya2NJRy8wVllGU2hkRXUxL2lnNmdLUlpGcm1XN2hnSU51V1ZwWUNoZGkKK0I3Rkg1UDhGUlBiN0YrZFdyY0o3M3A1WXJLMzhHbnpadTNtdmZSUnk5Q0FpU1NFNFpEd0JuMjMzSCtlMFFzWAptT2lIcW1LSVZTbnhVa1hoTktXWm9LUDVQRlBHWE9YSEFNaWRnWC8wT0UxOEc2WmREMEYvRVNuYVdUL2lwNzNNCk1EYU5tVENlL2JZdW9TZy9oVUdCMEtENUx2aFZaT01haTh1MkYwQnJFYWdPRnQ3SkZjbUVwd2pXWndBUkFRQUIKdEVsVGRHVjJaVzRnU0c5eWMyMWhiaUFvUjFCSElHdGxlU0JtYjNJZ2MybG5ibWx1WnlCcllYUmhJSFJsYzNRZwphVzFoWjJWektTQThjM1JsZG1WdVFIVnJMbWxpYlM1amIyMCtpUUpZQkJNQkNBQkNGaUVFWjdKS3JNUlpaNTRDCmc5ZnVXUGJ0Qis2bXRDa0ZBbUZNVkVnQ0d3TUZDUUhoTTRBRkN3a0lCd0lESWdJQkJoVUtDUWdMQWdRV0FnTUIKQWg0SEFoZUFBQW9KRUZqMjdRZnVwclFwc3ZBUC8zTit5RGRlRkRMaVdSS21YbEhzbWRuT3dlYVdxQjdzUWJ0SQpJTFh6RVFCY1pIWjFRNUxna0o2bzlHUlJlK0pPVmFsQUQ5QXdPQjg4Z0hNVVptR2hmQU05dnY3R3RWWGdpQkNmCi9mNDE0TTFueS9xMUgwZG1wRnF4b3FaYzlXNlhaU1pFVC8yNVFPUlMzYkxIK0dFdnQ4enZaUkFLVU9WRUhPZTQKbHRocmNuY21uaFd4ZWc0ZFJGWEZRczJZSW41VzZiOTd4SzN4emF0bDlyTVgwd2s4L2xweDlHQ0tLalZ3OVpQcwpUZ25kcmlMTnUzaGJOeWFXaEhlTHFUT1hEOUU0WUNjM3FMc0MvZW5Hclh6Si91bWdpaHUvRy9iNWFsZWZ6U09xCnh0MHI2ejdSbk85OXJVdEtDYW0rNUVEa0t6VXZoamdSM2oyTGtHWkMxZnFBTnQ2TEtPK0MwT3FtMEpUMm1UZGEKdGEveDdCdGozNktJYjN1TlNSdDJiRHJGWXhPajZzRnlQVlRVbHpOZ2l0bkszVHFJeG5teWlHZGhPVUcyc1p5OAowSTFaNHZaT0JGdzIzWE9qYzRUVGRWU29BbUxSZkhOeWZtYXlHbS9ja2xlTjV2T2xiVzlPOXREa0M0alo2WkZNCjFxZzEyUkxvS1dxRXRodmlzOVhzV0xieEFBaG0xbkZKV0VpTlhzdW1NUDc0U1cwLy9qYmRFT0xObzBXRG5TTmIKZ3U2a2hVYXJIR0dpUEJzeFc4cURGdXNIWFplMEpDSVFRUTBDZVh3T1owaXFINC9tQ0lKQnlId2dEdExnbnNUTQo2a2hnU2VhMXk1a3RRQnZSdU1QODg5ZWJQSEoyNjFqeUl5OXV5K25oaUt5cG9PK3lqMWYvUm5qNWtLS3Y3Mm5LCjV1RVNwSkJUCj1CN3ZRCi0tLS0tRU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0K", | ||
| "default/security-policy/test": "ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogIi9ldGMvY29udGFpbmVycy9xdWF5X3ZlcmlmaWNhdGlvbi9wdWJsaWMuZ3BnIgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICBdCiAgICAgICAgfQogICAgfQp9Cg==", |
There was a problem hiding this comment.
Also, here the policy is
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"quay.io/kata-containers": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/containers/quay_verification/public.gpg"
}
]
}
}
}That means the GPG keyring is located inside the guest image. If the test aims to fetch the GPG keyring from KBS, please use the following
ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6IHsKICAgICAgICAiZG9ja2VyIjogewogICAgICAgICAgICAicXVheS5pby9rYXRhLWNvbnRhaW5lcnMiOiBbCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgInR5cGUiOiAic2lnbmVkQnkiLAogICAgICAgICAgICAgICAgICAgICJrZXlUeXBlIjogIkdQR0tleXMiLAogICAgICAgICAgICAgICAgICAgICJrZXlQYXRoIjogImticzovLy9kZWZhdWx0L2dwZy1wdWJsaWMtY29uZmlnL3Rlc3QiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICB9CiAgICB9Cn0=
which means
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports": {
"docker": {
"quay.io/kata-containers": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "kbs:///default/gpg-public-config/test"
}
]
}
}
}
23 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think this is all we need, but I am not able to get the non-tee tests to pass locally even with upstream. The non-tee tests produce erratic results even when other tests run fine. We should test this with a Kata Agent built from kata-containers/kata-containers#6404.
If you are in a timezone ahead of me feel free to do whatever you want with this PR.
@stevenhorsman @jepio
Fixes: #5576