From 425e2ad22d85a4196eadd0cec8ab16e3f5815242 Mon Sep 17 00:00:00 2001 From: Eriq Taing Date: Mon, 30 Mar 2026 01:28:51 -0400 Subject: [PATCH] [hydros-containers] Introduced package --- hydros-containers/containers/policy.json | 95 +++++++++++++++++++ .../git.hydrosaber.com-hydros.yaml | 3 + hydros-containers/hydros-containers.spec | 25 +++++ 3 files changed, 123 insertions(+) create mode 100644 hydros-containers/containers/policy.json create mode 100644 hydros-containers/containers/registries.d/git.hydrosaber.com-hydros.yaml create mode 100644 hydros-containers/hydros-containers.spec diff --git a/hydros-containers/containers/policy.json b/hydros-containers/containers/policy.json new file mode 100644 index 0000000..59ee1bb --- /dev/null +++ b/hydros-containers/containers/policy.json @@ -0,0 +1,95 @@ +{ + "default": [ + { + "type": "reject" + } + ], + "transports": { + "docker": { + "git.hydrosaber.com/hydros/hydros": [ + { + "type": "sigstoreSigned", + "keyPath": "/etc/pki/containers/hydros.pub", + "signedIdentity": { + "type": "matchRepository" + } + } + ], + "registry.access.redhat.com": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" + } + ], + "registry.redhat.io": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" + } + ], + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "atomic": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "containers-storage": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "dir": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "oci": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "oci-archive": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "docker-archive": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + }, + "tarball": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } +} diff --git a/hydros-containers/containers/registries.d/git.hydrosaber.com-hydros.yaml b/hydros-containers/containers/registries.d/git.hydrosaber.com-hydros.yaml new file mode 100644 index 0000000..7a96e4e --- /dev/null +++ b/hydros-containers/containers/registries.d/git.hydrosaber.com-hydros.yaml @@ -0,0 +1,3 @@ +docker: + git.hydrosaber.com/hydros/hydros: + use-sigstore-attachments: true \ No newline at end of file diff --git a/hydros-containers/hydros-containers.spec b/hydros-containers/hydros-containers.spec new file mode 100644 index 0000000..afbaf9d --- /dev/null +++ b/hydros-containers/hydros-containers.spec @@ -0,0 +1,25 @@ +Name: hydros-containers +Version: 0.0.1 +Release: %autorelease +Summary: The bundle of configuration overrides for containers for HydrOS +BuildArch: noarch + +License: GPL +Source0: source.tar.gz + +%description + +%prep +%autosetup -C + +%install +install -Dm0444 -t %{buildroot}%{_sysconfdir}/containers/ %{_builddir}/%{name}-%{version}/policy.json +install -Dm0444 -t %{buildroot}%{_sysconfdir}/containers/registries.d/ %{_builddir}/%{name}-%{version}/registries.d/git.hydrosaber.com-hydros.yaml + +%files +%{_sysconfdir}/containers/policy.json +%{_sysconfdir}/containers/registries.d/git.hydrosaber.com-hydros.yaml + +%changelog +* Mon Mar 30 2026 Eriq Taing +- First version packaged