[Container-tools] signing vagrant payload
Karanbir Singh
kbsingh at redhat.com
Mon Feb 29 13:01:44 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 29/02/16 12:15, Karanbir Singh wrote:
> hi,
>
> Has there been any work done to see how one might sign and then
> validate a vagrant box at all ? I'm looking for options and
> everyone of them seems to require an additional component on the
> client side ( which might defeat the purpose a bit ).
it looks like the ImgFac created box's dont have checksum included in
the box. At the moment the box looks like:
metadata.json:
{"provider": "libvirt", "format": "qcow2", "virtual_size": 41}
we should be able to add a sha type and a sum there, so its validated
before being instantiated.
- --
Karanbir Singh, Project Lead, The CentOS Project, London, UK
Red Hat Ext. 8274455 | DID: 0044 207 009 4455
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJW1EE4AAoJEI3Oi2Mx7xbt2VwIAKZNWZk/XBjXLVFwNE419ckT
F4XHxfM/R3igPS5CRN4XSZJBY0p/hKqAolAOHJzlChD/zdtJ7sqLejy3FTchOoOA
/iNmoMR3i/2qg+v5Sis7kcaKDwcdLcrdj7Sby7laVdOWlbiSJeALnIp+uXqPhrV0
xq3PcoAZaVE0RcGvo6fUV3FAe1EWXh43jlP2TmDdSAfFhU6ntyMkBhT0U2HgK9fM
eGEP3apaD3mVTNn3cH04/hAcW4KIEGMQcSyxzR5unnd7S5isAFUmArIcbJwn+Ayy
crU7yH2yNpho0iWhhsONHT570yDGyDVJtMzdr4Gf54AIvY9C2C5Swx/tqF6EhdQ=
=Cbls
-----END PGP SIGNATURE-----
More information about the Container-tools
mailing list