From a1bb5d0ab0c2828508d080c5c4bfa97bd9786b64 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Sun, 19 Feb 2023 20:54:22 -0800
Subject: container-host-config: provide /etc/containers/policy.json

The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.

[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 recipes-containers/container-host-config/container-host-config.bb  | 2 ++
 .../container-host-config/container-host-config/policy.json        | 7 +++++++
 recipes-containers/cri-o/cri-o_git.bb                              | 1 +
 recipes-containers/skopeo/skopeo_git.bb                            | 1 -
 4 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100755 recipes-containers/container-host-config/container-host-config/policy.json

diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb
index c762dea7..c2f17bfe 100644
--- a/recipes-containers/container-host-config/container-host-config.bb
+++ b/recipes-containers/container-host-config/container-host-config.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
 SRC_URI = " \
     file://storage.conf \
     file://registries.conf \
+    file://policy.json \
 "
 
 do_install() {
@@ -15,4 +16,5 @@ do_install() {
 
 	install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf
 	install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
+	install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json
 }
diff --git a/recipes-containers/container-host-config/container-host-config/policy.json b/recipes-containers/container-host-config/container-host-config/policy.json
new file mode 100755
index 00000000..bb26e57f
--- /dev/null
+++ b/recipes-containers/container-host-config/container-host-config/policy.json
@@ -0,0 +1,7 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ]
+}
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
index 9467cf1f..2ae3303c 100644
--- a/recipes-containers/cri-o/cri-o_git.bb
+++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -57,6 +57,7 @@ inherit systemd
 inherit go
 inherit goarch
 inherit pkgconfig
+inherit container-host
 
 EXTRA_OEMAKE="BUILDTAGS=''"
 
diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
index 66168ca8..4d062ed0 100644
--- a/recipes-containers/skopeo/skopeo_git.bb
+++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -82,7 +82,6 @@ do_install() {
 	install -d ${D}/${sysconfdir}/containers
 
 	install ${S}/src/import/bin/skopeo ${D}/${sbindir}/
-	install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
 }
 
 do_install:append:class-native() {
-- 
cgit v1.2.3-54-g00ecf