scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-02 11:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add davincibox container signing policy

Browse Source
This commit is contained in:
qoijjj
2024-06-17 00:12:53 -07:00
committed by GitHub
parent 91b823b195
commit 791f8846bb
2 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/files/usr/etc/pki/containers/davincibox.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsJkUljnZ13aeQQw+GQgFjgjg/m7L
/3/+my7H2KDD/xn9fPfN6pz9Zr8WPCY5/bn1ERg6SA1fLbkDK0FoUNzbOw==
-----END PUBLIC KEY-----

21
config/scripts/hardencontainerpolicy.sh
View File

@@ -10,9 +10,22 @@ sed -i 's/insecureAcceptAnything/reject/' /usr/etc/containers/policy.json
# https://github.com/JasonN3/build-container-installer/issues/123
yq -i -o=j '.transports.docker |=
{"ghcr.io/jasonn3": [
{
"type": "insecureAcceptAnything"
}
]
{
"type": "insecureAcceptAnything"
}
]
}
+ .' /usr/etc/containers/policy.json
yq -i -o=j '.transports.docker |=
{"ghcr.io/zelikos": [
{
"type": "sigstoreSigned",
"keyPath": "/usr/etc/pki/containers/davincibox.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
]
}
+ .' /usr/etc/containers/policy.json