Thursday, 19 August 2021

skopeo - policy says "No"

I'm playing with skopeo on Ubuntu 20.04, having simply copied the binary from one box to another ...

Having validated the binary: -

which skopeo

/usr/bin/skopeo

ls -al `which skopeo`

-rwxr-xr-x 1 root root 26859648 Aug 19 09:44 /usr/bin/skopeo

skopeo --version

skopeo version 1.3.0

I tried and, alas, failed to pull an image using skopeo copy ...

skopeo copy docker://registry.fedoraproject.org/fedora:latest dir:/tmp/fedora.image

FATA[0000] Error loading trust policy: open /etc/containers/policy.json: no such file or directory

I checked for the missing file: -

find / -name "policy.json" 2>/dev/null

but to no avail.

Given that I knew that this worked on another Ubuntu 20.04 box, I checked for the file over there: -

find / -name "policy.json" 2>/dev/null

/etc/containers/policy.json

and grabbed a look at it: -

cat /etc/containers/policy.json

{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {
                    "": [{"type":"insecureAcceptAnything"}]
                }
        }
}

Knowing what it should look like, I created a duplicate on the "new" Ubuntu box: -

mkdir -p /etc/containers

cat <<EOF | tee /etc/containers/policy.json
{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {
                    "": [{"type":"insecureAcceptAnything"}]
                }
        }
}
EOF

and verified it: -

find / -name "policy.json" 2>/dev/null

/etc/containers/policy.json

cat /etc/containers/policy.json

{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports":
        {
            "docker-daemon":
                {
                    "": [{"type":"insecureAcceptAnything"}]
                }
        }
}

so then just re-ran the skopeo copy command: -

skopeo copy docker://registry.fedoraproject.org/fedora:latest dir:/tmp/fedora.image

Getting image source signatures
Copying blob ecfb9899f4ce done
Copying config 37e5619f4a done
Writing manifest to image destination
Storing signatures

Sweet !

I suspect that things didn't originally work due to the way that I "installed" skopeo on this box, via scp rather than a "proper" installation or build.

Nice !

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...