Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional signing for pull/push and baseProfileName #2468

Open
MaksimKlepikov opened this issue Oct 1, 2024 · 1 comment
Open

Optional signing for pull/push and baseProfileName #2468

MaksimKlepikov opened this issue Oct 1, 2024 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@MaksimKlepikov
Copy link

My use case:

  1. Collect seccomp profiles using SPO
  2. Put these profiles as json files in Gitlab project
  3. In Gitlab CI/CD pipeline push profiles as oci artifcats to Gitlab registry
  4. Specify result oci profiles in SeccompProfile

The Gitlab itself is self-hosted in air-gapped environment.

The problem is in step 3, where spoc tries to sign it in non-interactive mode and also in air-gapped environment (even if https_proxy configured), so it fails with an error.

It would be nice to add documentation on how to use it in an air-gapped environment, or make signing optional.
@ccojocar
Copy link
Contributor

ccojocar commented Oct 1, 2024

I am not sure if skipping the signing is a good idea. I think you need to allow https://oauth2.sigstore.dev domain. Maybe making the OIDC provider configurable.

@ccojocar ccojocar added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ccojocar @MaksimKlepikov