[Container-tools] signing vagrant payload
Lalatendu Mohanty
lmohanty at redhat.com
Mon Feb 29 17:43:27 UTC 2016
On 02/29/2016 06:31 PM, Karanbir Singh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 29/02/16 12:15, Karanbir Singh wrote:
>> hi,
>>
>> Has there been any work done to see how one might sign and then
>> validate a vagrant box at all ? I'm looking for options and
>> everyone of them seems to require an additional component on the
>> client side ( which might defeat the purpose a bit ).
> it looks like the ImgFac created box's dont have checksum included in
> the box. At the moment the box looks like:
>
> metadata.json:
> {"provider": "libvirt", "format": "qcow2", "virtual_size": 41}
>
> we should be able to add a sha type and a sum there, so its validated
> before being instantiated.
Looks like coreos folks are already using it [1] [2].
[1]
http://alpha.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json
[2]
https://github.com/coreos/coreos-kubernetes/blob/master/single-node/Vagrantfile
More information about the Container-tools
mailing list