Comments (9)
i think I would prefer coreos-assembler sign --help
is the thinking this would be a manual step? I think in fedora we are going to try to re-use the existing infra for requesting and getting things signed so I don't think this particular functionality would be used there.
from coreos-assembler.
i think I would prefer
coreos-assembler sign --help
or maybe coreos-assembler buildextend-sign
to fit in to what we've done for existing commands.
from coreos-assembler.
is the thinking this would be a manual step?
Yeah, it would be just like any other step in the process (init
-> fetch
-> build
-> buildextend*
-> sign
)
Your point about existing signing infrastructure is a good one. Even in the RHCOS case we will need to use the official Red Hat release key (and likely signing infra?). However, in the dev RHCOS case, since some of our artifacts end up on AWS/S3, there may be value in providing signed artifacts to ensure they haven't been tampered with. This is where a coreos-assembler sign
command could be leveraged.
from coreos-assembler.
right, but in the dev RHCOS case it's not a manual pipeline. It's all automated. So would you "automate" the "manual step"?
from coreos-assembler.
right, but in the dev RHCOS case it's not a manual pipeline. It's all automated. So would you "automate" the "manual step"?
In that specific case, yeah it would automated.
from coreos-assembler.
i think I would prefer coreos-assembler sign --help
👍 I agree. Having it in it's own stage makes the most sense in my mind.
from coreos-assembler.
Related: coreos/fedora-coreos-pipeline#103
from coreos-assembler.
is this done?
from coreos-assembler.
IMO this ticket is obsolete. We now do have cosa sign
, which is used in FCOS at least. For RHCOS, AFAIK there aren't any plans currently to directly sign image artifacts though if we do, I suspect it would follow the same overall model as FCOS. Anyway, we can discuss that hypothetical in a new ticket since the discussion here is outdated.
from coreos-assembler.
Related Issues (20)
- `cosa aliyun-replicate` is not idempotent
- [4.15-9.2] legacy-oscontainer build killed due to unexpected EOF on ppc64le HOT 2
- How to build a PXE Image with Dockerfile layering HOT 1
- `coreos.unique.boot.failure` kola test fails on aarch64
- `coreos.ignition.failure` sometimes fails on RHCOS HOT 15
- Create disk failed due to incorrect option format on Fedora 39 HOT 1
- build-arch jobs failing with "Error: unmarshalling error into &errorhandling.ErrorModel"
- cosa build error: "cli: stat /var/tmp/mantle-qemu771203327/swtpm-sock: no such file or directory" HOT 4
- [RFE] kola should support to start previous build to do external tests HOT 4
- OSBuild without compression yields GRUB failures HOT 25
- what is the difference between dasd and metal4k on s390x? HOT 9
- Kola Custom Test HOT 10
- `buildextend-virtualbox` and `buildextend-vmware` improperly handle raw disks >=8GB HOT 6
- `kola testiso` tests should check for badness in console/journal output HOT 5
- rework iscsi tests architecture HOT 2
- osbuild should use a buildroot that matches the target system HOT 6
- kola qemuexec fails on PXE with `uefi-secure` qemu-firmware HOT 2
- cosa run should't expect an image when `--netboot` is present
- 4K UEFI PXE tests failing HOT 2
- Docs: Using the provided alias with `COREOS_ASSEMBLER_CONFIG_GIT` leave FS with dangling files HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coreos-assembler.