diff --git a/php/public/index.php b/php/public/index.php index 5d706c2d..02cc47b2 100644 --- a/php/public/index.php +++ b/php/public/index.php @@ -128,6 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']); $bypass_container_update = isset($params['bypass_container_update']); $skip_domain_validation = isset($params['skip_domain_validation']); + $skip_cosign_check = isset($params['skip_cosign_check']); return $view->render($response, 'containers.twig', [ 'domain' => $configurationManager->domain, @@ -180,6 +181,7 @@ $app->get('/containers', function (Request $request, Response $response, array $ 'community_containers' => $configurationManager->listAvailableCommunityContainers(), 'community_containers_enabled' => $configurationManager->aioCommunityContainers, 'bypass_container_update' => $bypass_container_update, + 'skip_cosign_check' => $skip_cosign_check, ]); })->setName('profile'); $app->get('/login', function (Request $request, Response $response, array $args) use ($container) { diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index f271d3ec..39c35c56 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -273,15 +273,18 @@ readonly class DockerController { $nonbufResp = $this->startStreamingResponse($response); $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp); - $this->startWatchtower($addToStreamingResponseBody); + // Allow temporarily skipping the cosign check via a POST body parameter + $skipCosignCheck = isset($request->getParsedBody()['skip_cosign_check']); + + $this->startWatchtower($addToStreamingResponseBody, $skipCosignCheck); // End streaming response $this->finalizeStreamingResponse($nonbufResp); return $nonbufResp; } - public function startWatchtower(?\Closure $addToStreamingResponseBody = null) : void { - $this->dockerActionManager->verifyMastercontainerImageSignature(); + public function startWatchtower(?\Closure $addToStreamingResponseBody = null, bool $skipCosignCheck = false) : void { + $this->dockerActionManager->verifyMastercontainerImageSignature($skipCosignCheck); $id = 'nextcloud-aio-watchtower'; $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody); diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 6f35ed06..247d067e 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -601,7 +601,11 @@ readonly class DockerActionManager { } } - public function verifyMastercontainerImageSignature(): void { + public function verifyMastercontainerImageSignature(bool $skipCosignCheck = false): void { + if ($skipCosignCheck) { + error_log('WARNING: Skipping cosign signature verification for mastercontainer image. This should only be done temporarily.'); + return; + } $imageName = $this->GetCurrentImageName() . ':' . $this->GetCurrentChannel(); $this->verifyImageSignature($imageName); } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index adfe3161..cadbe34e 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -93,6 +93,9 @@
+ {% if skip_cosign_check == true %} + + {% endif %}
{% else %} @@ -335,6 +338,9 @@
+ {% if skip_cosign_check == true %} + + {% endif %}
{% else %}