Skip to content

sign created images after build #587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 29, 2023
Merged

sign created images after build #587

merged 2 commits into from
Sep 29, 2023

Conversation

@aparcar
Copy link
Member

@aparcar aparcar commented Sep 28, 2023

Sign images in a separate container after the images is created. This prevents malicious installed packages to steal private keys with post-install scripts.

@aparcar
sign created images after build
506b4c2 
Sign images in a separate container after the images is created. This
prevents malicious installed packages to steal private keys with
post-install scripts.

Signed-off-by: Paul Spooren <[email protected]>
@codecov
Copy link

codecov bot commented Sep 28, 2023
edited
Loading

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (ebaa542) 86.69% compared to head (506b4c2) 86.50%.

❗ Current head 506b4c2 differs from pull request most recent head 6532a1c. Consider uploading reports for the commit 6532a1c to get more accurate results

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #587      +/-   ##
==========================================
- Coverage   86.69%   86.50%   -0.20%     
==========================================
  Files          13       13              
  Lines         932      941       +9     
==========================================
+ Hits          808      814       +6     
- Misses        124      127       +3
Files Coverage Δ
asu/common.py 94.73% <100.00%> (ø)
asu/build.py 80.67% <66.66%> (-1.15%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@aparcar
podman: workaround to cleanup volumes
6532a1c 
The `v=True` parameter seems broken. Delete all old images via `prune`

Signed-off-by: Paul Spooren <[email protected]>
@aparcar aparcar merged commit c361ae0 into openwrt:main Sep 29, 2023
@aparcar aparcar deleted the signing branch September 29, 2023 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aparcar