Skip to content

Slsa charts bypass #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 19, 2024
Merged

Slsa charts bypass #153

merged 6 commits into from
Nov 19, 2024

Conversation

nicholasSUSE
Copy link
Collaborator

@nicholasSUSE nicholasSUSE commented Nov 14, 2024
edited
Loading

Long story short:

Charts that have images supporting SLSA must no longer be synced from:

docker hub -> primer registry.

Solution

On the charts repository, there will be a new file called slsa.yaml; see: rancher/charts#4760

The chart owners will update this file with the new slsa compliant images.
We bypass the regsync process for the prime registry for all these images.

@nicholasSUSE nicholasSUSE mentioned this pull request Nov 14, 2024
Merged
@nicholasSUSE nicholasSUSE marked this pull request as ready for review November 14, 2024 00:16
@nicholasSUSE nicholasSUSE requested a review from a team as a code owner November 14, 2024 00:16
tashima42
tashima42 reviewed Nov 14, 2024
View reviewed changes
pkg/regsync/generateconfig.go Outdated

file, err := os.Open(path.SlsaYamlFile)
if err != nil {
return nil, nil // backward version compatibility
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be an error?

pjbgf
pjbgf requested changes Nov 14, 2024
View reviewed changes
pkg/path/path.go Outdated
RepositoryLogosDir = "assets/logos"

// RepositoryStAte file is a file to hold the current status of the released and developed assets versions
// RepositoryStateFile file is a file to hold the current status of the released and developed assets versions
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// RepositoryStateFile file is a file to hold the current status of the released and developed assets versions
// RepositoryStateFile is a file to hold the current status of the released and developed assets versions

pkg/regsync/generateconfig.go Outdated

file, err := os.Open(path.SlsaYamlFile)
if err != nil {
return nil, nil // backward version compatibility
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, nil // backward version compatibility
return nil, err // backward version compatibility

@nicholasSUSE nicholasSUSE merged commit cafb872 into rancher:master Nov 19, 2024
2 of 3 checks passed
This was referenced Nov 19, 2024
Merged
Merged
@nicholasSUSE nicholasSUSE mentioned this pull request Nov 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tashima42 tashima42 tashima42 left review comments

@pjbgf pjbgf pjbgf requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nicholasSUSE @pjbgf @tashima42