From eea59927f86a184408e659e8ab35c21829c6eb30 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 27 Apr 2026 01:29:36 +0000
Subject: [PATCH] feat: add skip_cosign_check URL parameter to temporarily
bypass cosign verification
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/d269a60b-15fe-4f81-a51e-c4d8212e0d5b
Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
---
php/public/index.php | 2 ++
php/src/Controller/DockerController.php | 9 ++++++---
php/src/Docker/DockerActionManager.php | 6 +++++-
php/templates/containers.twig | 6 ++++++
4 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/php/public/index.php b/php/public/index.php
index 5d706c2d..02cc47b2 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -128,6 +128,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
$bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
$bypass_container_update = isset($params['bypass_container_update']);
$skip_domain_validation = isset($params['skip_domain_validation']);
+ $skip_cosign_check = isset($params['skip_cosign_check']);
return $view->render($response, 'containers.twig', [
'domain' => $configurationManager->domain,
@@ -180,6 +181,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
'community_containers' => $configurationManager->listAvailableCommunityContainers(),
'community_containers_enabled' => $configurationManager->aioCommunityContainers,
'bypass_container_update' => $bypass_container_update,
+ 'skip_cosign_check' => $skip_cosign_check,
]);
})->setName('profile');
$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php
index f271d3ec..39c35c56 100644
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -273,15 +273,18 @@ readonly class DockerController {
$nonbufResp = $this->startStreamingResponse($response);
$addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
- $this->startWatchtower($addToStreamingResponseBody);
+ // Allow temporarily skipping the cosign check via a POST body parameter
+ $skipCosignCheck = isset($request->getParsedBody()['skip_cosign_check']);
+
+ $this->startWatchtower($addToStreamingResponseBody, $skipCosignCheck);
// End streaming response
$this->finalizeStreamingResponse($nonbufResp);
return $nonbufResp;
}
- public function startWatchtower(?\Closure $addToStreamingResponseBody = null) : void {
- $this->dockerActionManager->verifyMastercontainerImageSignature();
+ public function startWatchtower(?\Closure $addToStreamingResponseBody = null, bool $skipCosignCheck = false) : void {
+ $this->dockerActionManager->verifyMastercontainerImageSignature($skipCosignCheck);
$id = 'nextcloud-aio-watchtower';
$this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 6f35ed06..247d067e 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -601,7 +601,11 @@ readonly class DockerActionManager {
}
}
- public function verifyMastercontainerImageSignature(): void {
+ public function verifyMastercontainerImageSignature(bool $skipCosignCheck = false): void {
+ if ($skipCosignCheck) {
+ error_log('WARNING: Skipping cosign signature verification for mastercontainer image. This should only be done temporarily.');
+ return;
+ }
$imageName = $this->GetCurrentImageName() . ':' . $this->GetCurrentChannel();
$this->verifyImageSignature($imageName);
}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index adfe3161..cadbe34e 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -93,6 +93,9 @@
{% else %}
@@ -335,6 +338,9 @@
{% else %}