diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 42256c7..e778c20 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -124,6 +124,7 @@ jobs: podman pull ${{ env.IMAGE_REGISTRY }}/akmods:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} podman pull ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} podman pull ${{ env.IMAGE_REGISTRY }}/akmods-zfs:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} + podman pull ${{ env.IMAGE_REGISTRY }}/config:latest - name: Verify versions shell: bash @@ -381,6 +382,7 @@ jobs: podman pull ${{ env.IMAGE_REGISTRY }}/akmods:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} podman pull ${{ env.IMAGE_REGISTRY }}/akmods-nvidia:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} podman pull ${{ env.IMAGE_REGISTRY }}/akmods-zfs:${{ env.KERNEL_FLAVOR }}-${{ env.FEDORA_VERSION }} + podman pull ${{ env.IMAGE_REGISTRY }}/config:latest - name: Verify versions shell: bash diff --git a/fedora-coreos/Containerfile b/fedora-coreos/Containerfile index 42c8137..3a08e3b 100644 --- a/fedora-coreos/Containerfile +++ b/fedora-coreos/Containerfile @@ -7,10 +7,12 @@ ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}" ARG AKMODS_COMMON="${IMAGE_REGISTRY}/akmods:${KERNEL_FLAVOR}-${FEDORA_VERSION}" ARG AKMODS_NVIDIA="${IMAGE_REGISTRY}/akmods-nvidia:${KERNEL_FLAVOR}-${FEDORA_VERSION}" ARG AKMODS_ZFS="${IMAGE_REGISTRY}/akmods-zfs:${KERNEL_FLAVOR}-${FEDORA_VERSION}" +ARG CONFIG="${IMAGE_REGISTRY}/config:latest" ARG KERNEL="${IMAGE_REGISTRY}/${KERNEL_FLAVOR}-kernel:${FEDORA_VERSION}" FROM ${AKMODS_COMMON} AS akmods-common FROM ${AKMODS_NVIDIA} AS akmods-nvidia FROM ${AKMODS_ZFS} AS akmods-zfs +FROM ${CONFIG} AS config FROM ${KERNEL} AS kernel # image base @@ -26,6 +28,7 @@ COPY --from=akmods-common /rpms/ucore/ublue*.rpm /tmp/rpms/ COPY --from=akmods-nvidia /rpms/kmods/*.rpm /tmp/rpms/nvidia/ COPY --from=akmods-nvidia /rpms/ucore/ublue*.rpm /tmp/rpms/nvidia/ COPY --from=akmods-zfs /rpms/kmods/zfs/*.rpm /tmp/rpms/zfs/ +COPY --from=config /rpms/ublue-os-signing*.rpm /tmp/rpms/ COPY --from=kernel /tmp/rpms/ /tmp/kernel-rpms/ COPY *.sh /tmp/ diff --git a/ucore/Containerfile b/ucore/Containerfile index c0a580e..9322eed 100644 --- a/ucore/Containerfile +++ b/ucore/Containerfile @@ -7,10 +7,12 @@ ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}" ARG AKMODS_COMMON="${IMAGE_REGISTRY}/akmods:${KERNEL_FLAVOR}-${FEDORA_VERSION}" ARG AKMODS_NVIDIA="${IMAGE_REGISTRY}/akmods-nvidia:${KERNEL_FLAVOR}-${FEDORA_VERSION}" ARG AKMODS_ZFS="${IMAGE_REGISTRY}/akmods-zfs:${KERNEL_FLAVOR}-${FEDORA_VERSION}" +ARG CONFIG="${IMAGE_REGISTRY}/config:latest" ARG KERNEL="${IMAGE_REGISTRY}/${KERNEL_FLAVOR}-kernel:${FEDORA_VERSION}" FROM ${AKMODS_COMMON} AS akmods-common FROM ${AKMODS_NVIDIA} AS akmods-nvidia FROM ${AKMODS_ZFS} AS akmods-zfs +FROM ${CONFIG} AS config FROM ${KERNEL} AS kernel # ucore-minimal image section @@ -31,6 +33,7 @@ COPY --from=akmods-common /rpms/ucore/ublue*.rpm /tmp/rpms/ COPY --from=akmods-nvidia /rpms/kmods/*.rpm /tmp/rpms/nvidia/ COPY --from=akmods-nvidia /rpms/ucore/ublue*.rpm /tmp/rpms/nvidia/ COPY --from=akmods-zfs /rpms/kmods/zfs/*.rpm /tmp/rpms/zfs/ +COPY --from=config /rpms/ublue-os-signing*.rpm /tmp/rpms/ COPY --from=kernel /tmp/rpms/ /tmp/kernel-rpms/ COPY *.sh /tmp/ diff --git a/ucore/usr/etc/containers/policy.json b/ucore/usr/etc/containers/policy.json deleted file mode 100644 index 0f0e363..0000000 --- a/ucore/usr/etc/containers/policy.json +++ /dev/null @@ -1,95 +0,0 @@ -{ - "default": [ - { - "type": "reject" - } - ], - "transports": { - "docker": { - "registry.access.redhat.com": [ - { - "type": "signedBy", - "keyType": "GPGKeys", - "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - } - ], - "registry.redhat.io": [ - { - "type": "signedBy", - "keyType": "GPGKeys", - "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" - } - ], - "ghcr.io/ublue-os": [ - { - "type": "sigstoreSigned", - "keyPath": "/usr/etc/pki/containers/ublue-os.pub", - "signedIdentity": { - "type": "matchRepository" - } - } - ], - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "docker-daemon": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "atomic": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "containers-storage": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "dir": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "oci": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "oci-archive": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "docker-archive": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - }, - "tarball": { - "": [ - { - "type": "insecureAcceptAnything" - } - ] - } - } -} diff --git a/ucore/usr/etc/containers/registries.d/ublue-os.yaml b/ucore/usr/etc/containers/registries.d/ublue-os.yaml deleted file mode 100644 index f314b0a..0000000 --- a/ucore/usr/etc/containers/registries.d/ublue-os.yaml +++ /dev/null @@ -1,3 +0,0 @@ -docker: - ghcr.io/ublue-os: - use-sigstore-attachments: true \ No newline at end of file diff --git a/ucore/usr/etc/pki/containers/ublue-os.pub b/ucore/usr/etc/pki/containers/ublue-os.pub deleted file mode 100644 index f9482c4..0000000 --- a/ucore/usr/etc/pki/containers/ublue-os.pub +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA -cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w== ------END PUBLIC KEY-----