On 02/29/2016 06:31 PM, Karanbir Singh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 29/02/16 12:15, Karanbir Singh wrote:
hi,
Has there been any work done to see how one might sign and then
validate a vagrant box at all ? I'm looking for options and
everyone of them seems to require an additional component on the
client side ( which might defeat the purpose a bit ).
it looks like the ImgFac created box's dont have checksum included in
the box. At the moment the box looks like:
metadata.json:
{"provider": "libvirt", "format": "qcow2", "virtual_size": 41}
we should be able to add a sha type and a sum there, so its validated
before being instantiated.
Looks like coreos folks are already using it [1] [2].
[1]
http://alpha.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json
[2]
https://github.com/coreos/coreos-kubernetes/blob/master/single-node/Vagrantfile
_______________________________________________
Container-tools mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/container-tools
