Fix signature handling with additionalimagestore #166
Conversation
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
dadf28e to
a8ed770
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a workaround to handle image signature invalidation errors by copying the image without signatures before installation. My review focuses on improving the robustness of the added shell script logic. I've suggested using trap for reliable temporary file cleanup and quoting variables to prevent potential shell injection or word-splitting issues.
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
a8ed770 to
a710bde
Compare
crates/kit/src/to_disk.rs
Outdated
| cat > "${SIG_POLICY}" <<'EOF' | ||
| {"default":[{"type":"insecureAcceptAnything"}],"transports":{"containers-storage":[{"type":"insecureAcceptAnything"}]}} | ||
| EOF | ||
| if skopeo copy --signature-policy "${SIG_POLICY}" --remove-signatures \ |
There was a problem hiding this comment.
It's not clear to me what the if is doing here. If skopeo fails due to being say out of disk space then we just...try to ignore that? That seems odd.
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
a710bde to
0b83293
Compare
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
3 times, most recently
from
e25b44d to
94a36f6
Compare
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
Offhand looks OK to me. Does it work?
crates/kit/src/to_disk.rs
Outdated
| # Create permissive policy.json (use /var/tmp since it's mounted into podman container) | ||
| # Mount as directory to /etc/containers so podman creates the directory if it doesn't exist | ||
| POLICY_DIR=/var/tmp/bcvk-policy-dir |
There was a problem hiding this comment.
I know this is an ephemeral isolated system but it's probably still good to avoid hardcoded filenames in /tmp or /var/tmp. So we could use e.g. policydir=$(mktemp -d) or so.
It might be a nicer cleanup to have this policy JSON string as a literal file in the Rust source that we include via include_str! and then template into the shell script.
crates/kit/src/to_disk.rs
Outdated
| --env=STORAGE_OPTS \ | ||
| {INSTALL_LOG} \ | ||
| {SOURCE_IMGREF} \ | ||
| "${SOURCE_REF}" \ |
There was a problem hiding this comment.
This change looks unrelated?
Some minor issues rn. Working on some changes to make the integration tests pass. |
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
94a36f6 to
ea1cb15
Compare
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
ea1cb15 to
e68793b
Compare
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
One nit, but looks sane to me; the key thing is verifying this works at least manually.
| # Execute bootc installation, having the outer podman pull from | ||
| # the virtiofs store on the host, as well as the inner bootc. | ||
| # Mount /var/tmp into inner container to avoid cross-device link errors (issue #125) | ||
| export STORAGE_OPTS=additionalimagestore=${AIS} |
There was a problem hiding this comment.
Why did this line move? See above
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
e68793b to
c1d7037
Compare
Did manually test it and the integration test |
|
I edited this issue just now to have Closes: #126 but let's try to be sure we're doing that kind of thing in general in the future |
|
Hmmm I get the same error trying this out with the reproducer from #126 |
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
c1d7037 to
9592974
Compare
Copy images to local storage without signatures before bootc install to avoid signature invalidation errors. Falls back to original behavior if copy fails. Signed-off-by: gursewak1997 <[email protected]>
gursewak1997
force-pushed
the
fix/to-disk-signatures
branch
from
9592974 to
914df59
Compare
Copy images to local storage without signatures before bootc install to avoid signature invalidation errors. Falls back to original behavior if copy fails.
Closes: #126