New container::image_verify gates PodmanClient::pull_image and the dev-only DockerRuntime::pull_image. Signature claims classify three ways: absent/empty (pull unverified, logged), the literal 'cosign://...' placeholder every fleet manifest carries today (same — enforcement stays dormant until the signing ceremony ships real values), or a declared signature, which must verify via 'cosign verify --key /etc/archipelago/cosign.pub --insecure-ignore-tlog=true' (plus --allow-insecure-registry --allow-http-registry for the HTTP mirror; flags checked against cosign's own docs) before anything is fetched. Missing key, missing cosign binary, timeout, or verification failure all hard-fail the pull — a declared signature cannot be skipped on either runtime. Key path overridable via ARCHIPELAGO_COSIGN_PUBKEY for tests/staging. Deletes security::ImageVerifier: zero callers, blocking std::process::Command on would-be async paths, and a fantasy 'cosign verify --signature' invocation (that flag belongs to verify-blob). Activation ships with the Workstream B ceremony, in order: pin cosign.pub on nodes + install cosign, then publish real image_signature values in the catalog. Tests: archipelago-container 58/58 (5 new), archipelago container:: 159/159, security check clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
22 lines
841 B
Rust
22 lines
841 B
Rust
pub mod bitcoin_simulator;
|
|
pub mod health_monitor;
|
|
pub mod image_verify;
|
|
pub mod manifest;
|
|
pub mod podman_client;
|
|
pub mod port_manager;
|
|
pub mod runtime;
|
|
|
|
pub use bitcoin_simulator::{BitcoinSimulationMode, BitcoinSimulator};
|
|
pub use health_monitor::HealthMonitor;
|
|
pub use manifest::{
|
|
AppInterface, AppManifest, BuildConfig, ContainerConfig, Dependency, DerivedEnv, GeneratedCert,
|
|
GeneratedFile, GeneratedSecret, HealthCheck, HookStep, HostCopy, HostFacts, LifecycleHooks,
|
|
ManifestError, ResolvedSource, ResourceLimits, SecretEnv, SecretGenKind, SecretsProvider,
|
|
SecurityPolicy, Volume,
|
|
};
|
|
pub use podman_client::{
|
|
image_uses_insecure_registry, ContainerState, ContainerStatus, PodmanClient,
|
|
};
|
|
pub use port_manager::{PortError, PortManager};
|
|
pub use runtime::{AutoRuntime, ContainerRuntime, DockerRuntime, PodmanRuntime};
|