pierrelf.com
Rust implementation of OCI Distribution Spec with granular access control
fix: create skopeo policy.json to allow image operations
+14
+14
.tangled/workflows/build.yml
+14
.tangled/workflows/build.yml
···
34
34
command: |
35
35
set -ex
36
36
37
+
# Create policy.json for skopeo
38
+
mkdir -p ~/.config/containers
39
+
cat > ~/.config/containers/policy.json << 'POLICYEND'
40
+
{
41
+
"default": [{"type": "insecureAcceptAnything"}],
42
+
"transports": {
43
+
"docker": {
44
+
"gcr.io": [{"type": "insecureAcceptAnything"}],
45
+
"docker.io": [{"type": "insecureAcceptAnything"}]
46
+
}
47
+
}
48
+
}
49
+
POLICYEND
50
+
37
51
# Use umoci to create OCI image from distroless base
38
52
echo "Pulling distroless base..."
39
53
skopeo copy docker://gcr.io/distroless/cc-debian12:nonroot oci:base:latest