feat(packs): support unsigned packs from a static internal registry#1389
Draft
vjeantet wants to merge 2 commits into
Draft
feat(packs): support unsigned packs from a static internal registry#1389vjeantet wants to merge 2 commits into
vjeantet wants to merge 2 commits into
Conversation
Contributor
PR Review SummarySize
Affected crates
Blast radius — ContainedThis PR touches: source code Updated automatically on each push to this PR. |
78741d2 to
22bae4c
Compare
22bae4c to
1cdf71e
Compare
Enable air-gapped macOS fleets to distribute and update nono profiles, Claude Code skills/plugins/hooks, and arbitrary enterprise files from an internal static (nginx) registry, with signature verification disabled and integrity guaranteed by per-artifact SHA-256. - Add a `[registry]` config.toml section (url + verify, fail-secure true) and a `resolve_registry` helper with precedence --registry > NONO_REGISTRY > config > default; verify off via --insecure flag, NONO_REGISTRY_INSECURE, or [registry].verify=false. - Pull path: when verify is off, skip Sigstore bundle download/verify, namespace assertion, and subject-membership; keep the SHA-256 check. Record an `unsigned:internal-registry` signer sentinel in the lockfile and write no `.nono-trust.bundle`. - Run-time guard: `verify_profile_packs` skips bundle re-verification for packs whose lockfile signer is the sentinel, keyed on the lockfile so signed packs always get full re-verification. SHA-256 still enforced. - Make PullResponse tolerant of the minimal static JSON (optional provenance, default bundle_url/scan_passed/size_bytes). - Suppress registry phone-home (update hints + migration provider lookup) when verification is disabled. - Add `nono pack publish-static` to emit the static registry tree (versions/<v>/pull, versions/latest/pull, status, files/...) reusing the serde types, with `latest` tracking the highest published semver. - Document the air-gapped/internal-registry workflow. Adds unit tests (registry precedence, fail-secure verify, minimal deserialization, generator round-trip, latest tracking, sentinel guard + tamper detection). Signed-off-by: vjeantet <valere.jeantet@gmail.com>
Show an air-gapped GitLab pipeline that seeds the docroot from the nginx host, runs nono pack publish-static to add the current version, then rsyncs back. Seeding keeps latest/status at the true highest semver and makes rsync --delete safe. Signed-off-by: vjeantet <valere.jeantet@gmail.com>
1cdf71e to
c67caa8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat(packs): support unsigned packs from a static internal registry
Closes #1388. Related to #857.
What
Enables air-gapped macOS fleets to distribute and update nono profiles,
Claude Code skills/plugins/hooks, and arbitrary enterprise files from an
internal static (nginx) registry, with signature verification disabled
and integrity guaranteed by per-artifact SHA-256.
This is the lower-friction, integrity-only transport discussed in
#1388 (a complement to the OCI direction of #857, not a replacement).
The keyed ECDSA trust mode is a separate follow-up PR layered on the same
[registry]config.Changes
[registry]section (url+verify, fail-secureverify = trueby default) and aresolve_registryhelper with precedence--registry>NONO_REGISTRY> config > default. Verification is turnedoff only via explicit
--insecure,NONO_REGISTRY_INSECURE, or[registry].verify = false.download/verify, namespace assertion, and subject-membership check; keep
the SHA-256 check. Record an
unsigned:internal-registrysigner sentinelin the lockfile and write no
.nono-trust.bundle.verify_profile_packsskips bundle re-verificationonly for packs whose lockfile signer is the sentinel, keyed on the
lockfile so signed packs always get full re-verification. SHA-256 stays
enforced.
PullResponsetolerates the minimal static JSON (optionalprovenance; default
bundle_url/scan_passed/size_bytes).migration provider lookup) when verification is disabled.
nono pack publish-staticemits the static registry tree(
versions/<v>/pull,versions/latest/pull,status,files/…) reusingthe serde types, with
latesttracking the highest published semver.Security notes
never the default.
verify = true; SHA-256 enforced atinstall and at runtime; the lockfile-keyed sentinel guard prevents a
signed pack from being silently downgraded to integrity-only.
Tests
Unit tests: registry precedence, fail-secure verify resolution, minimal
static JSON deserialization,
publish-staticgenerator round-trip,latesttracking, sentinel runtime guard + tamper detection.
cargo check -p nono-cliand the crate test suite pass locally on macOS.Stacking
Base branch:
feat/static-registryoffupstream/main. The keyed-trust PRis stacked on top of this one and should be reviewed/merged after it.
Agent compliance check (AGENTS.md)
maintainer guidance (see risks section of the issue) before merge
existing
nono::trust/ registry serde types; no external code copied)not yet approved (issue is a proposal pending maintainer direction)