feat(WIP): update posture for 1.0.0 in a generic way#69
Open
butler54 wants to merge 39 commits intovalidatedpatterns:mainfrom
Open
feat(WIP): update posture for 1.0.0 in a generic way#69butler54 wants to merge 39 commits intovalidatedpatterns:mainfrom
butler54 wants to merge 39 commits intovalidatedpatterns:mainfrom
Conversation
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
butler54
changed the title
butler54
changed the title
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Replace separate gzip-to-file and slurp approach with direct pipe: cat file | gzip | base64 -w0 This matches the approach used elsewhere in the codebase and fixes deployment failures caused by inconsistent encoding. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SHA-256 produces 256 bits = 32 bytes = 64 hex characters. The initial PCR value was missing one zero. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Beraldo Leal <bleal@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Signed-off-by: Chris Butler <chris.butler@redhat.com>
Address ansible-lint (risky-shell-pipe, no-changed-when, line-length), super-linter markdown and natural language errors, and JSON schema validation by resetting clusterGroupName to simple. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
butler54
force-pushed
the
remove_gen_secrests
branch
from
3158729 to
3bba8d3
Compare
sabre1041
requested changes
Mar 2, 2026
|
|
||
| echo "Using pull secret: $PULL_SECRET_PATH" | ||
|
|
||
| # 2. Check for required tools |
Collaborator
There was a problem hiding this comment.
Need another check for skopeo
| rm -f ~/.coco-pattern/measurements-raw.json ~/.coco-pattern/measurements.json | ||
|
|
||
| # Download the measurements using podman cp (works on macOS with remote podman) | ||
| podman pull --authfile $PULL_SECRET_PATH $IMAGE |
Collaborator
There was a problem hiding this comment.
Granted there is a check for podman in the wrapper script. is there a need to add another check here just in case the script is executed directly?
| ## Major versions | ||
| - **OpenShift Sandboxed Containers 1.11+** (requires OCP 4.17+) | ||
| - **Red Hat Build of Trustee 1.0** (first GA release; all prior versions were Technology Preview) | ||
| - External chart repositories for [Trustee](https://github.com/butler54/trustee-chart), [sandboxed-containers](https://github.com/butler54/sandboxed-containers-chart), and [sandboxed-policies](https://github.com/butler54/sandboxed-policies-chart) |
Collaborator
There was a problem hiding this comment.
Suggested change
| - External chart repositories for [Trustee](https://github.com/butler54/trustee-chart), [sandboxed-containers](https://github.com/butler54/sandboxed-containers-chart), and [sandboxed-policies](https://github.com/butler54/sandboxed-policies-chart) | |
| - External chart repositories for [Trustee](https://github.com/validatedpatterns/trustee-chart), [sandboxed-containers](https://github.com/validatedpatterns/sandboxed-containers-chart), and [sandboxed-policies](https://github.com/validatedpatterns/sandboxed-policies-chart) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The objective of this PR is to update the validated pattern as close as possible to the GA posture articulated in the documentation.