Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(signing): Document or remove insecureAcceptAnything sources in policy.json #154

Open
RoyalOughtness opened this issue Feb 27, 2024 · 2 comments
Open

fix(signing): Document or remove insecureAcceptAnything sources in policy.json #154

RoyalOughtness opened this issue Feb 27, 2024 · 2 comments
Assignees
@gerblesh
Labels
state: blocked Something is blocking action. type: discussion Questions, proposals and info that requires discussion. type: docs Related to documentation and information.

Comments

@RoyalOughtness
Copy link
Contributor 


           "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "docker-daemon": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "atomic": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "containers-storage": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "dir": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "oci": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "oci-archive": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "docker-archive": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "tarball": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        }

It's not clear what purpose these serve if any. If they do serve a purpose, they should be documented. If they don't, they should be removed.
@xynydev
Copy link
Member

xynydev commented Feb 27, 2024

I am almost certain that those are there, because something was broken if they aren't. However, I am no expert on policy.json, so @gerblesh should take a look at this.

@gmpinder gmpinder assigned gmpinder and gerblesh and unassigned gmpinder Feb 27, 2024
@gerblesh
Copy link
Contributor

mainly comes from upstream uBlue to not break compatibility with unsigned images or images that can't be verified, it has led to some unwanted behavior when leaving a lot of it to "reject" from users, which is why presumably it has been configured this way. While this definitely isn't the best, I don't want to change anything in fear of breaking someone's containers. I'd take this up with upstream uBlue and ask around.

@xynydev xynydev added type: docs Related to documentation and information. type: discussion Questions, proposals and info that requires discussion. labels Mar 8, 2024
@fiftydinar fiftydinar added the state: blocked Something is blocking action. label Sep 19, 2024
@fiftydinar fiftydinar changed the title document or remove insecureAcceptAnything sources in policy.json fix(signing): Document or remove insecureAcceptAnything sources in policy.json Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gerblesh gerblesh

Labels
state: blocked Something is blocking action. type: discussion Questions, proposals and info that requires discussion. type: docs Related to documentation and information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gmpinder @xynydev @fiftydinar @gerblesh @RoyalOughtness