Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fabiand/crio-sha1-workaround
https://github.com/fabiand/crio-sha1-workaround
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/fabiand/crio-sha1-workaround
- Owner: fabiand
- Created: 2024-07-05T08:15:23.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-07-09T12:15:00.000Z (6 months ago)
- Last Synced: 2024-07-10T02:51:43.400Z (6 months ago)
- Language: Shell
- Size: 17.6 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CRI-O Conf for SHA1
- https://fedoraproject.org/wiki/SHA1SignaturesGuidance
## Design
Install a CRIO snippet for setting the SHA1 env var.
## Install
[`generate.sh`](generate.sh) - Generate a MachineConfig for deployment - or - a shell script
$ generate.sh mc | oc apply -f -
# Wait for MC to be done
$ oc wait mcp worker --for condition=Updated=False --timeout=10s
$ oc wait mcp worker --for condition=Updated=True --timeout=15m
## Test
$ oc apply --wait -f manifests/pod.yaml
pod/virt-launcher-crypto created
# A PASS looks like:
$ oc rsh -c compute virt-launcher-crypto sh -c "env | grep OPENSSL"
OPENSSL_ENABLE_SHA1_SIGNATURES=1
# A FAILURE looks like:
$ oc rsh -c compute virt-launcher-crypto sh -c "env | grep OPENSSL"
command terminated with exit code 1
$ oc delete -f manifests/pod.yaml