Comments (9)
kushaldas
commented on July 4, 2024
2
I would like to implement that --policy-insecure-allow-anything option if that is okay with you all.
from skopeo.
runcom
commented on July 4, 2024
(I'm not totally sure about this proposal because if you happen to compile from source then you probably know you have to cp default-policy.json /etc/containers/policy.json and if you install from distros, probably the distro is taking care of installing /etc/containers/policy.json for you)
from skopeo.
mtrmac
commented on July 4, 2024
Yeah, this was highlighted in #157 .
The default absolutely must be to use the config file (instead of security being opt-in), and then it IMHO only makes sense to fail if that file unexpectedly disappears.
I wouldn’t be philosophically opposed to something like --policy-insecure-allow-anything instead of requiring the users to keep a permissive policy file around, but I also won’t work on it this month, and I’m not sure that it is all that more convenient than --policy $insecure-policy.json.
For development, yeah, run make install. Or there could be a make debug-build which uses -ldflags "-X github.com/containers/image/signature.systemDefaultPolicyPath=$(pwd)/default-policy.json", but then I would be rather worried about such a build getting to a released package somewhere.
from skopeo.
runcom
commented on July 4, 2024
For development, yeah, run make install. Or there could be a make debug-build which uses -ldflags "-X github.com/containers/image/signature.systemDefaultPolicyPath=$(pwd)/default-policy.json", but then I would be rather worried about such a build getting to a released package somewhere.
right, it will be hard to enforce this, though debug-build or dev-build makes a lot of sense to me
from skopeo.
kushaldas
commented on July 4, 2024
I have a small patch with skopeo --policy-insecure-allow-anything copy docker://busybox oci:busybox working. But as this is my first day here, I would love to know if there is a better way (read any API call) to create an insecurepolicy than using a space-stripped JSON string as a variable?
from skopeo.
rhatdan
commented on July 4, 2024
Can we just call it --insecure?
from skopeo.
runcom
commented on July 4, 2024
Can we just call it --insecure?
same for me
from skopeo.
kushaldas
commented on July 4, 2024
Will modify the flag, and update the PR.
from skopeo.
mtrmac
commented on July 4, 2024
I would love to know if there is a better way (read any API call) to create an insecurepolicy than using a space-stripped JSON string as a variable?
https://github.com/projectatomic/skopeo/pull/203/files#r78563547 this is hopefully a stable API.
from skopeo.
Related Issues (20)
- inspect: Go template not working well on some images HOT 4
- Copying saved docker-tar to Registry with Same Sha value as Source Registry HOT 5
- Skopeo's ability to retain SHA value when copied from one registry to other HOT 6
- [bug]: go install github.com/containers/skopeo/cmd/[email protected] fails HOT 7
- Skopeo sync does not sync Notation signatures HOT 3
- Please release #2189 HOT 4
- Provide skopeo as a Go package HOT 2
- How to use skopeo container with credential helpers? HOT 3
- Error verifying signature: Invalid GPG signature: (*packet.Signature)( "nil)" HOT 7
- Have issue with upgrading skopeo version to 1.8.1 in ubuntu 22.04 HOT 4
- Does skopeo supports loading local docker tar.gz file into remote registry? HOT 8
- Why does updating skopeo to the latest version remove docker packages? HOT 15
- Skopeo copy job creates .kube/config directory structure failing Azure AKS kubelogin convert-kubeconfig command HOT 3
- Skopeo 1.15.0 - invalid JSON output on Mac Silicon, due to error printed HOT 4
- Store multiple images in single tar file HOT 4
- Skopeo 1.15.0 is not available in alpinelinux packages HOT 1
- `v1.15.0` Container not available on quay.io HOT 2
- Copy to docker-daemon overlay2 storage HOT 6
- Will using the copy command save image information locally? HOT 2
- Skopeo copy fails HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from skopeo.