roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity

feat: secure build phase 2 — enforce image verification by default

Browse Source 
All store images are now digest-pinned and cosign-signed by the publish
pipeline, so the warn-by-default training-wheels period is over: an
unsigned or undigested image must not install unless the admin
explicitly opts out. The service_composer fallback used when the config
manager is unavailable or corrupt also flips to enforce — config
corruption must fail closed rather than silently weaken verification.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-06-11 14:12:58 -04:00
parent c430a392b8
commit 2ab3d2d5ac
5 changed files with 66 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/config_manager.py
+5 -5
View File
@@ -1016,15 +1016,15 @@ class ConfigManager:
# enforce — refuse to start a service whose image is undigested,
# unsigned, or whose signature does not verify
#
# Default is "warn" until the publish pipeline signs all store images; a
# later phase flips the default to "enforce". The section is backed up and
# restored with the rest of cell_config.json automatically.
# All store images are now signed + digest-pinned via the publish pipeline,
# so the default is "enforce". The section is backed up and restored with
# the rest of cell_config.json automatically.
def get_image_verification(self) -> Dict[str, Any]:
"""Return the image verification config, e.g. {'mode': 'warn'}."""
"""Return the image verification config, e.g. {'mode': 'enforce'}."""
cfg = self.configs.get('image_verification')
if not isinstance(cfg, dict) or cfg.get('mode') not in _IMAGE_VERIFY_MODES:
cfg = {'mode': 'warn'}
cfg = {'mode': 'enforce'}
self.configs['image_verification'] = cfg
return dict(cfg)
api/service_composer.py
+1 -1
View File
@@ -285,7 +285,7 @@ class ServiceComposer:
return getter()
except Exception as e: # config corruption must not crash install
logger.warning('service_composer: could not read verification mode: %s', e)
return 'warn'
return 'enforce'
def _cosign_verify(self, image_ref: str) -> Dict:
"""Run `cosign verify` against the bundled public key for one image ref.