There is now a new setting that is updated when a container upgrade
needs to be applied.
The `UpdaterReport` has been extended to support this scenario, and is
now a python `dataclass`.
This is especially useful when running the tests against some
non-production version of the image. Note that the signature for this
image will need to match the key at `share/freedomofpress-dangerzone-pub.key`
This is done to avoid looking at the internal logic of
`dangerzone.updater`. Only the features that actually are part of
the exposed API are exposed, and do not require deep knowledge of the
updater's logic to be used.
This can be done with the newly added `--runtime` flag, which needs to
be passed to the first group, e.g:
```bash
dangerzone-cli --runtime docker COMMAND
```
This new setting triggers the same user prompts, but the actual meaning of
it differs, since users will now be accepting to upgrade the container image
rather than just checking for new releases.
Changing the name of the setting will trigger this prompt for all users, effectively
ensuring they want their image to be automatically upgraded.
The code making the actual requests and checks now lives in the
`updater.releases` module. The code should be easier to read and to
reason about.
Tests have been updated to reflect this.
This function does all the needed checks before returning `True`, making it a good external API.
Under the hood, the registry now has an `is_new_remote_image_available`
which is just for checking the presence of a new image, but doesn't do
any verirications on it, and there is also a new `check_signatures_and_logindex` that ensures that these two are valid.
A new `dangerzone-image attest-provenance` script is now available,
making it possible to verify the attestations of an image published on
the github container registry.
Container images are now build nightly and uploaded to the container
registry.
Signatures are stored in the OCI Manifest v2 registry [0], and are
expected to follow the Cosign Signature Specification [0]
The following CLI utilities are provided with `dangerzone-image`:
For checking new container images, upgrading them and downloading them:
- `upgrade` allows to upgrade the current installed image to the
last one available on the OCI registry, downloading and storing the
signatures in the process.
- `verify-local` allows the verify the currently installed image against
downloaded signatures and public key.
To prepare and install archives on air-gapped environments:
- `prepare-archive` helps to prepare an archive to install on another
machine
- `load-archive` helps upgrade the local image to the archive given
in argument.
Signatures are stored locally using the format provided by `cosign
download signature`, and the Rekor log index is used to ensure the
requested-to-install container image is fresher than the one already
present on the system.
[0] https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md
