Description
I built my own container image based off of @cgwalters's Fedora Silverblue image from this repo, pushed it onto a container registry, and signed it using Cosign. Now, I'm trying to rebase onto it using ostree-image-signed, but rpm-ostree does not seem to be checking for a good signature.
I set up containers-policy.json(5) and containers-registries.d(5) along with the public key of the image (see below). Interestingly, everything works as expected when I try to pull the image with podman pull (i.e., bad signatures are getting rejected). However, rpm-ostree does not seem to care about bad signatures, or even that one exists at all.
I'm not quite sure if I'm doing something wrong here, or if this is a bug. The documentation on this seems to be quite sparse still (understandably).
Host system details
# rpm-ostree status
State: idle
Deployments:
● fedora:fedora/37/x86_64/silverblue
Version: 37.20230120.0 (2023-01-20T00:46:10Z)
Commit: 99a409a04f7249f49224be6b07f45c082ed82ffa83d75c2eaddc00d66a999a4c
GPGSignature: Valid signature by ACB5EE4E831C74BB7C168D27F55AD3FB5323552A
I've tested this both in a virtual machine and on real hardware.
Expected vs actual behavior
I'll be using my pre-made image, ghcr.io/ahgencer/silverblue:pr-3, as an example.
With good signature
Expected and actual:
# rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ahgencer/silverblue:pr-3
Success!
So far, so good.
With bad / no signature
Expected:
# rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ahgencer/silverblue:pr-3
Error: Image signature verification failed
Actual:
# rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ahgencer/silverblue:pr-3
Success!
Steps to reproduce it
Starting from a fresh, up-to-date Fedora Silverblue image, add / modify the following files:
/etc/containers/policy.json:
{
"default": [
{
"type": "reject"
}
],
"transports": {
"docker": {
"registry.access.redhat.com": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
],
"ghcr.io/ahgencer/silverblue": [
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/ocitree.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
]
},
"docker-daemon": {
"": [
{
"type": "insecureAcceptAnything"
}
]
}
}
}
/etc/containers/registries.d/ocitree.yaml:
docker:
ghcr.io/ahgencer/silverblue:
use-sigstore-attachments: true
To test with a known-good signature, the public key in /etc/pki/containers/ocitree.pub should be:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnJEh0T2c+4saH2BDmWhq/XuWhqeG
akLGeWgCtA609gRKYSyblP0nmtO/LqSZt3BsTmYAfxHnwTenJXeFdC8a+w==
-----END PUBLIC KEY-----
If we instead use a non-matching public key, the rebase should fail, because effectively it looks like the image was signed using a different private key. Here is one example of a public key that should fail the verification:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpmrxU4aOD0242K6bFc1uLEZG1WAw
Xu3KSgffAkq2NOQlPe6aWF3RnCSHfE7g2Oi7WQT22KrSaEFWAwtBvZdTOA==
-----END PUBLIC KEY-----
If it helps, the repository where I'm building my image can be found in the pr-cosign branch here.
Would you like to work on the issue?
I'm not familiar enough with rpm-ostree (or any other project that might be affected by this) to work on this issue myself.