I recently came across a part of the Python ecosystem that was completely new to me: manylinux. If you’re not familiar with Python packages, the gist is that, for the vast majority, they are written purely in Python. Those are nice and easy to distribute. Just create a wheel, publish it to PyPI.org, and call it a day. That wheel will work on any system that supports Python 3, which is, hopefully, most users nowadays....
Applying Specificity to Policy Configurations
While working on an earlier version of the Conforma project, I was presented with an interesting problem regarding policy configuration. The ability to intuitively express which rules should be included was not quite there yet. For example, consider the following snippet from a policy configuration: config: include: - slsa_build_scripted_build - attestation_type exclude: - attestation_type.pipelinerun_attestation_found The . character is a package separator. foo.bar means the bar rule from the foo package. foo means all the rules in the foo package....
Using Host Certificates with Podman
Let’s say you want to launch a container locally with podman. Now, let’s say this container needs access to resources within your company’s internal network which use a custom root CA (Certificate Authority). You will certainly face certificate verification errors. This can be frustrating because, after all, you have already trusted that root CA for your host. This post is about extending that trust to containers launched by podman. Failed Attempt Your first attempt might be to simply mount your local CA bundle when launching the container, e....