From 9a09a4be4515aeb292db8d21bf7214fb8aade3f8 Mon Sep 17 00:00:00 2001
From: grokspawn <jordan@nimblewidget.com>
Date: Mon, 17 Nov 2025 08:32:06 -0600
Subject: [PATCH] override local pull policy with permissive policy

Signed-off-by: grokspawn <jordan@nimblewidget.com>
---
 internal/shared/util/image/pull_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/shared/util/image/pull_test.go b/internal/shared/util/image/pull_test.go
index 45a04062f..ca2cfa50a 100644
--- a/internal/shared/util/image/pull_test.go
+++ b/internal/shared/util/image/pull_test.go
@@ -298,8 +298,15 @@ func buildSourceContextFunc(t *testing.T, ref reference.Named) func(context.Cont
 		require.NoError(t, enc.Encode(registriesConf))
 		require.NoError(t, f.Close())
 
+		// Create an insecure policy for testing to override any system-level policy
+		// that might reject unsigned images
+		policyPath := filepath.Join(configDir, "policy.json")
+		insecurePolicy := `{"default":[{"type":"insecureAcceptAnything"}]}`
+		require.NoError(t, os.WriteFile(policyPath, []byte(insecurePolicy), 0600))
+
 		return &types.SystemContext{
 			SystemRegistriesConfPath: registriesConfPath,
+			SignaturePolicyPath:      policyPath,
 		}, nil
 	}
 }