Follow-up from the #376 (PR #450) security review — LOW, deferred.
Only pithead upgrade calls verify_release_images. A fresh release install's first pithead up / apply (pull policy missing) pulls the 5 first-party images with no signature check, even though cosign.pub ships in the bundle and is sitting right there. The images are digest-pinned only after the first pull.
Fix: call verify_release_images (or an equivalent gate) on the first-install pull path too, guarded the same way (skip on source checkouts, warn-and-proceed when no cosign.pub). One call-site addition; keep it fail-closed when the key is present.
Refs #376, PR #450.
Follow-up from the #376 (PR #450) security review — LOW, deferred.
Only
pithead upgradecallsverify_release_images. A fresh release install's firstpithead up/apply(pull policymissing) pulls the 5 first-party images with no signature check, even thoughcosign.pubships in the bundle and is sitting right there. The images are digest-pinned only after the first pull.Fix: call
verify_release_images(or an equivalent gate) on the first-install pull path too, guarded the same way (skip on source checkouts, warn-and-proceed when nocosign.pub). One call-site addition; keep it fail-closed when the key is present.Refs #376, PR #450.