Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove --disable-content-trust push flag #780

Merged
merged 2 commits into from
Jan 3, 2024

Conversation

p5
Copy link
Member

@p5 p5 commented Jan 3, 2024

I do not believe this flag is necessary. If someone knows the origin of this, and we still need it, happy to close this PR.

When transferring data among networked systems, trust is a central concern. In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system operates on. You use Docker Engine to push and pull images (data) to a public or private registry. Content trust gives you the ability to verify both the integrity and the publisher of all the data received from a registry over any channel.

@p5 p5 requested a review from castrojo as a code owner January 3, 2024 12:33
@p5 p5 changed the title fix: remove disable-content-trust push flag fix: remove --disable-content-trust push flag Jan 3, 2024
@castrojo
Copy link
Member

castrojo commented Jan 3, 2024

I see we have this in the main repo and probably others as well. I don't recall why this is in there but looks like the toolboxes built just fine without it? Let's see how the push ends up?

@p5
Copy link
Member Author

p5 commented Jan 3, 2024

I see we have this in the main repo and probably others as well. I don't recall why this is in there but looks like the toolboxes built just fine without it? Let's see how the push ends up?

Yeah, my private repos work without this flag when pushing to GHCR, so I don't believe it's necessary.
Let's trial it here to reduce the impact if it goes wrong before changing main images

@castrojo castrojo added this pull request to the merge queue Jan 3, 2024
Merged via the queue into main with commit bcf3ab1 Jan 3, 2024
34 checks passed
@castrojo castrojo deleted the remove-disable-content-trust-push-flag branch January 3, 2024 13:35
@p5
Copy link
Member Author

p5 commented Jan 3, 2024

CC @ublue-os/approver
If possible, can we also try and bundle this change into the Just PRs that are getting pushed through today.

It's removing the following from all workflows:

          extra-args: |
            --disable-content-trust

wizzywizard65 pushed a commit to wizzywizard65/bluefin that referenced this pull request Jan 3, 2024
Co-authored-by: Jorge O. Castro <jorge.castro@gmail.com>
awesomekyle pushed a commit to awesomekyle/bluefin that referenced this pull request Apr 24, 2024
Co-authored-by: Jorge O. Castro <jorge.castro@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants