From d4d4827ad11543dfea0b50b4a347c7f439183d94 Mon Sep 17 00:00:00 2001
From: qoijjj <129108030+qoijjj@users.noreply.github.com>
Date: Tue, 9 Jan 2024 11:43:46 -0800
Subject: [PATCH] switch server images to the ucore base

---
 .../server/usr/etc/containers/policy.json     | 95 -------------------
 .../etc/containers/registries.d/ublue-os.yaml |  3 -
 .../usr/etc/pki/containers/ublue-os.pub       |  4 -
 .../server/recipe-server-main-userns.yml      |  6 +-
 config/recipes/server/recipe-server-main.yml  |  6 +-
 .../server/recipe-server-nvidia-userns.yml    |  6 +-
 .../recipes/server/recipe-server-nvidia.yml   |  6 +-
 7 files changed, 12 insertions(+), 114 deletions(-)
 delete mode 100644 config/files/server/usr/etc/containers/policy.json
 delete mode 100644 config/files/server/usr/etc/containers/registries.d/ublue-os.yaml
 delete mode 100644 config/files/server/usr/etc/pki/containers/ublue-os.pub

diff --git a/config/files/server/usr/etc/containers/policy.json b/config/files/server/usr/etc/containers/policy.json
deleted file mode 100644
index f1869ec..0000000
--- a/config/files/server/usr/etc/containers/policy.json
+++ /dev/null
@@ -1,95 +0,0 @@
-{
-    "default": [
-        {
-            "type": "reject"
-        }
-    ],
-    "transports": {
-        "docker": {
-            "registry.access.redhat.com": [
-                {
-                    "type": "signedBy",
-                    "keyType": "GPGKeys",
-                    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
-                }
-            ],
-            "registry.redhat.io": [
-                {
-                    "type": "signedBy",
-                    "keyType": "GPGKeys",
-                    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
-                }
-            ],
-            "ghcr.io/ublue-os": [
-                {
-                    "type": "sigstoreSigned",
-                    "keyPath": "/usr/etc/pki/containers/ublue-os.pub",
-                    "signedIdentity": {
-                        "type": "matchRepository"
-                    }
-                }
-            ],
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "docker-daemon": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "atomic": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "containers-storage": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "dir": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "oci": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "oci-archive": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "docker-archive": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        },
-        "tarball": {
-            "": [
-                {
-                    "type": "insecureAcceptAnything"
-                }
-            ]
-        }
-    }
-}
\ No newline at end of file
diff --git a/config/files/server/usr/etc/containers/registries.d/ublue-os.yaml b/config/files/server/usr/etc/containers/registries.d/ublue-os.yaml
deleted file mode 100644
index f314b0a..0000000
--- a/config/files/server/usr/etc/containers/registries.d/ublue-os.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-docker:
-  ghcr.io/ublue-os:
-    use-sigstore-attachments: true
\ No newline at end of file
diff --git a/config/files/server/usr/etc/pki/containers/ublue-os.pub b/config/files/server/usr/etc/pki/containers/ublue-os.pub
deleted file mode 100644
index 99fc8f9..0000000
--- a/config/files/server/usr/etc/pki/containers/ublue-os.pub
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA
-cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w==
------END PUBLIC KEY-----
\ No newline at end of file
diff --git a/config/recipes/server/recipe-server-main-userns.yml b/config/recipes/server/recipe-server-main-userns.yml
index baa86d3..48ba8b7 100644
--- a/config/recipes/server/recipe-server-main-userns.yml
+++ b/config/recipes/server/recipe-server-main-userns.yml
@@ -1,11 +1,11 @@
 # image will be published to ghcr.io/<user>/<name>
 name: server-main-userns-hardened
 # description will be included in the image's metadata
-description: "coreos with some hardening applied"
+description: "ucore with some hardening applied"
 
 # the base image to build on top of (FROM) and the version tag to use
-base-image: ghcr.io/ublue-os/fedora-coreos
-image-version: stable-zfs
+base-image: ghcr.io/ublue-os/ucore
+image-version: stable
 
 # list of modules, executed in order
 # you can include multiple instances of the same module
diff --git a/config/recipes/server/recipe-server-main.yml b/config/recipes/server/recipe-server-main.yml
index 91128d3..d49c1fb 100644
--- a/config/recipes/server/recipe-server-main.yml
+++ b/config/recipes/server/recipe-server-main.yml
@@ -1,11 +1,11 @@
 # image will be published to ghcr.io/<user>/<name>
 name: server-main-hardened
 # description will be included in the image's metadata
-description: "coreos with some hardening applied"
+description: "ucore with some hardening applied"
 
 # the base image to build on top of (FROM) and the version tag to use
-base-image: ghcr.io/ublue-os/fedora-coreos
-image-version: stable-zfs
+base-image: ghcr.io/ublue-os/ucore
+image-version: stable
 
 # list of modules, executed in order
 # you can include multiple instances of the same module
diff --git a/config/recipes/server/recipe-server-nvidia-userns.yml b/config/recipes/server/recipe-server-nvidia-userns.yml
index 1c7feee..a29df1c 100644
--- a/config/recipes/server/recipe-server-nvidia-userns.yml
+++ b/config/recipes/server/recipe-server-nvidia-userns.yml
@@ -1,11 +1,11 @@
 # image will be published to ghcr.io/<user>/<name>
 name: server-nvidia-userns-hardened
 # description will be included in the image's metadata
-description: "coreos nvidia with some hardening applied"
+description: "ucore nvidia with some hardening applied"
 
 # the base image to build on top of (FROM) and the version tag to use
-base-image: ghcr.io/ublue-os/fedora-coreos
-image-version: stable-nvidia-zfs
+base-image: ghcr.io/ublue-os/ucore
+image-version: stable-nvidia
 
 # list of modules, executed in order
 # you can include multiple instances of the same module
diff --git a/config/recipes/server/recipe-server-nvidia.yml b/config/recipes/server/recipe-server-nvidia.yml
index ba6758f..cf7b7cb 100644
--- a/config/recipes/server/recipe-server-nvidia.yml
+++ b/config/recipes/server/recipe-server-nvidia.yml
@@ -1,11 +1,11 @@
 # image will be published to ghcr.io/<user>/<name>
 name: server-nvidia-hardened
 # description will be included in the image's metadata
-description: "coreos nvidia with some hardening applied"
+description: "ucore nvidia with some hardening applied"
 
 # the base image to build on top of (FROM) and the version tag to use
-base-image: ghcr.io/ublue-os/fedora-coreos
-image-version: stable-nvidia-zfs
+base-image: ghcr.io/ublue-os/ucore
+image-version: stable-nvidia
 
 # list of modules, executed in order
 # you can include multiple instances of the same module