Remove Notary and Content Trust

This commit removes Notary and Content Trust. Notary v1 is due to be replaced with Notary v2 soon. There is no clean migration path from one to the other. For now, this removes all signing from LinuxKit. We will look to add this back once a new Notary alternative becomes available. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
2025-08-31 22:51:41 +00:00 · 2021-03-19 15:14:28 +00:00
parent 1f93eab506
commit 561ce6f4be
171 changed files with 126 additions and 29608 deletions
--- a/projects/compose/Makefile
+++ b/projects/compose/Makefile
@@ -15,8 +15,8 @@ tag: $(DEPS)
 	docker build --squash --no-cache -t $(ORG)/$(IMAGE):$(HASH) image/

 push: tag
-	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \
-	DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH)
+	docker pull $(ORG)/$(IMAGE):$(HASH) || \
+	docker push $(ORG)/$(IMAGE):$(HASH)

 dynamic:
 	mkdir -p dist
--- a/projects/ima-namespace/kernel/Makefile
+++ b/projects/ima-namespace/kernel/Makefile
@@ -49,10 +49,10 @@ push_$(2)$(3): build_$(2)$(3)
 		 docker push $(ORG)/$(IMAGE):$(2)$(3))

 sign_$(2)$(3): build_$(2)$(3)
-	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) || \
-		(DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) && \
+	 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) || \
+		( docker push $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) && \
 		 docker tag $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) $(ORG)/$(IMAGE):$(2)$(3) && \
-		 DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(2)$(3))
+		  docker push $(ORG)/$(IMAGE):$(2)$(3))

 build: build_$(2)$(3)
 push: push_$(2)$(3)
--- a/projects/memorizer/kernel-memorizer/Makefile
+++ b/projects/memorizer/kernel-memorizer/Makefile
@@ -60,10 +60,10 @@ build_$(2)$(3): Dockerfile Makefile $(wildcard patches-$(2)/*) kernel_config-$(2

 push_$(2)$(3): build_$(2)$(3)
 	@if [ $(DIRTY) -ne 0 ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi
-	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) || \
-		(DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) && \
+	 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) || \
+		( docker push $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) && \
 		 docker tag $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) $(ORG)/$(IMAGE):$(1)$(3) && \
-		 DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3))
+		  docker push $(ORG)/$(IMAGE):$(1)$(3))

 build: build_$(2)$(3)
 push: push_$(2)$(3)
--- a/projects/miragesdk/src/Makefile
+++ b/projects/miragesdk/src/Makefile
@@ -18,8 +18,8 @@ tag: $(DEPS)
 	docker build --squash $(NOCACHE) -t $(ORG)/$(IMAGE):$(HASH) .

 push: tag
-	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \
-	DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH)
+	 docker pull $(ORG)/$(IMAGE):$(HASH) || \
+	 docker push $(ORG)/$(IMAGE):$(HASH)

 #### DEV

--- a/projects/selinux/init/Makefile
+++ b/projects/selinux/init/Makefile
@@ -29,7 +29,7 @@ IMAGE=init
 ETC=$(shell find etc -type f)

 hash: Dockerfile $(ETC) init $(RUNC_BINARY) $(CONTAINERD_BINARIES) $(START_STOP_DAEMON) repositories
-	DOCKER_CONTENT_TRUST=1 docker pull $(BASE)
+	 docker pull $(BASE)
 	tar cf - $^ | docker build --no-cache -t $(IMAGE):build -
 	docker run --rm $(IMAGE):build sh -c 'cat $^ /lib/apk/db/installed | sha1sum' | sed 's/ .*//' > $@

--- a/projects/shiftfs/Makefile
+++ b/projects/shiftfs/Makefile
@@ -49,10 +49,10 @@ push_$(2)$(3): build_$(2)$(3)
 		 docker push $(ORG)/$(IMAGE):$(2)$(3))

 sign_$(2)$(3): build_$(2)$(3)
-	DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) || \
-		(DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) && \
+	 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) || \
+		( docker push $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) && \
 		 docker tag $(ORG)/$(IMAGE):$(1)$(3)-$(HASH) $(ORG)/$(IMAGE):$(2)$(3) && \
-		 DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(2)$(3))
+		  docker push $(ORG)/$(IMAGE):$(2)$(3))

 build: build_$(2)$(3)
 push: push_$(2)$(3)