config/files/usr/etc/containers/policy.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

{
  "default": [
    {
      "type": "insecureAcceptAnything"
    }
  ],
  "transports": {
    "docker": {
      "registry.access.redhat.com": [
        {
          "type": "signedBy",
          "keyType": "GPGKeys",
          "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
        }
      ],
      "registry.redhat.io": [
        {
          "type": "signedBy",
          "keyType": "GPGKeys",
          "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
        }
      ],
      "ghcr.io/getchoo": [
        {
          "type": "sigstoreSigned",
          "fulcio": {
            "caPath": "/usr/etc/pki/containers/fulcio_v1.crt.pem",
            "oidcIssuer": "https://token.actions.githubusercontent.com",
            "subjectEmail": "https://github.com/getchoo/fedora-oci-images/.github/workflows/build-image.yaml@refs/heads/main"
          },
          "rekorPublicKeyPath": "/usr/etc/pki/containers/rekor.pub",
          "signedIdentity": { "type": "matchRepository" }
        }
      ]
    },
    "docker-daemon": {
      "": [
        {
          "type": "insecureAcceptAnything"
        }
      ]
    }
  }
}