particle-os/particle-os-modules
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(signing): Regression in scenario when policy.json doesn't exist in the image

Browse source 
`policy.json` template should be copied in that case, while existing `policy.json` should remain.
This commit is contained in:
fiftydinar 2024-12-16 22:59:57 +01:00 committed by GitHub
parent 23e36119b9
commit 7451299a5a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/signing/signing.sh
View file

@ -29,6 +29,7 @@ if ! [ -f "/etc/pki/containers/${IMAGE_NAME_FILE}.pub" ]; then
fi fi
TEMPLATE_POLICY="${MODULE_DIRECTORY}/signing/policy.json" TEMPLATE_POLICY="${MODULE_DIRECTORY}/signing/policy.json"
# Copy policy.json to '/usr/etc/containers/' on Universal Blue based images # Copy policy.json to '/usr/etc/containers/' on Universal Blue based images
# until they solve the issue by copying 'policy.json' to '/etc/containers/' instead # until they solve the issue by copying 'policy.json' to '/etc/containers/' instead
if rpm -q ublue-os-signing &>/dev/null; then if rpm -q ublue-os-signing &>/dev/null; then
@ -40,6 +41,10 @@ else
POLICY_FILE="${CONTAINER_DIR}/policy.json" POLICY_FILE="${CONTAINER_DIR}/policy.json"
fi fi
if ! [ -f "${POLICY_FILE}" ]; then
cp "${TEMPLATE_POLICY}" "${POLICY_FILE}"
fi
jq --arg image_registry "${IMAGE_REGISTRY}" \ jq --arg image_registry "${IMAGE_REGISTRY}" \
--arg image_name "${IMAGE_NAME}" \ --arg image_name "${IMAGE_NAME}" \
--arg image_name_file "${IMAGE_NAME_FILE}" \ --arg image_name_file "${IMAGE_NAME_FILE}" \
@ -52,7 +57,9 @@ jq --arg image_registry "${IMAGE_REGISTRY}" \
"type": "matchRepository" "type": "matchRepository"
} }
} }
] } + .' "${TEMPLATE_POLICY}" > "${POLICY_FILE}" ] } + .' "${POLICY_FILE}" > "/tmp/POLICY.tmp"
mv "/tmp/POLICY.tmp" "${POLICY_FILE}"
mv "${MODULE_DIRECTORY}/signing/registry-config.yaml" "${CONTAINER_DIR}/registries.d/${IMAGE_NAME_FILE}.yaml" mv "${MODULE_DIRECTORY}/signing/registry-config.yaml" "${CONTAINER_DIR}/registries.d/${IMAGE_NAME_FILE}.yaml"
sed -i "s ghcr.io/IMAGENAME ${IMAGE_REGISTRY} g" "${CONTAINER_DIR}/registries.d/${IMAGE_NAME_FILE}.yaml" sed -i "s ghcr.io/IMAGENAME ${IMAGE_REGISTRY} g" "${CONTAINER_DIR}/registries.d/${IMAGE_NAME_FILE}.yaml"