Skip to content

Add erofs support to apko.#2249

Open
smoser wants to merge 16 commits into
chainguard-dev:mainfrom
smoser:feat/apko-erofs
Open

Add erofs support to apko.#2249
smoser wants to merge 16 commits into
chainguard-dev:mainfrom
smoser:feat/apko-erofs

erofs(mount): expose --read-only and short-circuit single-layer mounts

e0061e1
Select commit
Loading
Failed to load commit list.
Chainguard Guardener / Enforce - Commit Signing succeeded May 28, 2026 in 1s

Successfully verified commit signature.

CLAIM DESCRIPTION
Found Git signature
Validated Git signature
Validated Rekor entry
Allowed by policy

Details

Certificate

Details 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 686862342716857296423188024515551216303285915368 (0x784ff90123fc59c0ba1653fa68d64c7ee0eecee8)
    Signature Algorithm: ECDSA-SHA384
        Issuer: O=sigstore.dev,CN=sigstore-intermediate
        Validity
            Not Before: May 28 16:34:44 2026 UTC
            Not After : May 28 16:44:44 2026 UTC
        Subject:         Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    12:77:4a:d3:58:40:aa:7d:6f:65:da:0e:7b:ad:88:
                    bc:da:ce:b2:5b:72:76:a2:3f:46:16:83:f3:fe:01:
                    64:7d
                Y:
                    d1:1b:ec:98:6f:69:04:45:ac:10:d2:23:04:4f:92:
                    a2:38:0d:5e:ef:39:65:f1:b3:0f:80:2a:9c:5b:df:
                    22:52
                Curve: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                Code Signing
            X509v3 Subject Key Identifier:
                CC:72:5C:C5:73:3E:FD:F5:1F:BC:19:BF:BF:5F:87:3B:02:27:8E:40
            X509v3 Authority Key Identifier:
                keyid:DF:D3:E9:CF:56:24:11:96:F9:A8:D8:E9:28:55:A2:C6:2E:18:64:3F
            X509v3 Subject Alternative Name: critical
                email:scott-moser-work-v2@chainguard-workstations.iam.gserviceaccount.com
            oidcIssuer:
                https://accounts.google.com
            Unknown extension 1.3.6.1.4.1.57264.1.8
            Unknown extension 1.3.6.1.4.1.57264.1.24
            Signed Certificate Timestamp:
                BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABnm9wMxUAAAQDAEgwRgIhAIL0EVBNqv4ChRIOK3s3OCxeDV5hbeSgTZvkWYUHoB9eAiEAzGGDnf3UhJhwiRdeOVKifwrBpRaMmFgsUrKq88z1K7U=

    Signature Algorithm: ECDSA-SHA384
         30:66:02:31:00:d1:9f:02:6d:63:0b:95:b0:1b:21:69:9c:59:
         cd:77:5f:43:53:d7:82:f6:ed:9d:75:d2:41:18:9c:d3:28:10:
         01:de:fb:6e:47:93:5a:59:e4:40:6f:f7:81:c0:53:da:b1:02:
         31:00:99:b8:6f:fc:1f:cf:e6:b5:7e:40:31:07:e0:c3:cb:de:
         04:0c:4c:f3:15:2c:32:d2:6c:f3:2f:6c:66:45:6f:aa:08:79:
         45:fe:e2:e9:7f:f7:b2:f9:51:8d:4b:a5:3c:2c

Rekor Entry

Details 
{
  "body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3ODllMzc1ZDRlMDdkMGQ0ODBjOGJiYmMwMGJmNmQ1NDBiNWI0MDEzZTQyMjRjNjA2Y2MyZTEyMjc1ZTgwMDEwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUNvaDVteGpabjNrSTc0V1VmbnQ5VjZtaEdIckVQcWVOTW9tdDgrT1dnU0tRSWhBTjZlVkdia1NBb09DVkRwQ2FCMWJqb3RtY0QxdGZrOGU3VmhMVFQrT1pCZyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUktWRU5EUVhGeFowRjNTVUpCWjBsVlpVVXZOVUZUVURoWFkwTTJSbXhRTm1GT1drMW1kVVIxZW5WbmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFpkMDVVU1RSTlZGbDZUa1JSTUZkb1kwNU5hbGwzVGxSSk5FMVVXVEJPUkZFd1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZGYm1STE1ERm9RWEZ1TVhaYVpHOVBaVFl5U1haT2NrOXpiSFI1WkhGSkwxSm9ZVVFLT0M4MFFscElNMUpISzNsWllqSnJSVkpoZDFFd2FVMUZWRFZMYVU5Qk1XVTNlbXhzT0dKTlVHZERjV05YT1RocFZYRlBRMEZqYTNkblowaEdUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlY2U0VwakNuaFlUU3N2WmxWbWRrSnRMM1l4SzBoUGQwbHVhbXRCZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDFWUldVUldVakJTUVZGSUwwSkZZM2RTV1VaRVl6Sk9kbVJJVVhSaVZ6bDZXbGhKZEdReU9YbGhlVEV5VFd0Q2FtRkhSbkJpYldReFdWaEthd3BNV0dSMlkyMTBlbVJIUmpCaFZ6bDFZM2sxY0ZsWE1IVmFNMDVzWTI1YWNGa3lWbWhaTWs1MlpGYzFNRXh0VG5aaVZFRndRbWR2Y2tKblJVVkJXVTh2Q2sxQlJVSkNRblJ2WkVoU2QyTjZiM1pNTWtacVdUSTVNV0p1VW5wTWJXUjJZakprYzFwVE5XcGlNakIzUzNkWlMwdDNXVUpDUVVkRWRucEJRa05CVVdRS1JFSjBiMlJJVW5kamVtOTJUREpHYWxreU9URmlibEo2VEcxa2RtSXlaSE5hVXpWcVlqSXdkMHBSV1V0TGQxbENRa0ZIUkhaNlFVSkhRVkZZUkVKVmVBcE5WRkV3VFZSck5FNXFZM2xPVkUweVRXcEpNRTVFVFRKTlJHdDNaMWx6UjBOcGMwZEJVVkZDTVc1clEwSkJTVVZtVVZJM1FVaHJRV1IzUkdSUVZFSnhDbmh6WTFKTmJVMWFTR2g1V2xwNlkwTnZhM0JsZFU0ME9ISm1LMGhwYmt0QlRIbHVkV3BuUVVGQldqVjJZMFJOVmtGQlFVVkJkMEpKVFVWWlEwbFJRME1LT1VKR1VWUmhjaXRCYjFWVFJHbDBOMDU2WjNOWVp6RmxXVmN6YTI5Rk1tSTFSbTFHUWpaQlpsaG5TV2hCVFhob1p6VXpPVEZKVTFsalNXdFlXR3BzVXdwdmJqaExkMkZWVjJwS2FGbE1Sa3Q1Y1haUVRUbFRkVEZOUVc5SFEwTnhSMU5OTkRsQ1FVMUVRVEpyUVUxSFdVTk5VVVJTYm5kS2RGbDNkVlp6UW5Ob0NtRmFlRnA2V0dSbVVURlFXR2QyWW5SdVdGaFRVVkpwWXpCNVoxRkJaRGMzWW10bFZGZHNibXRSUnk4eloyTkNWREp5UlVOTlVVTmFkVWN2T0VnNEwyMEtkRmcxUVUxUlptZDNPSFpsUWtGNFRUaDRWWE5OZEVwek9IazVjMXByVm5aeFoyZzFVbVkzYVRaWUx6TnpkbXhTYWxWMWJGQkRkejBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0=",
  "integratedTime": 1779986084,
  "logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
  "logIndex": 1658084172,
  "verification": {
    "inclusionProof": {
      "checkpoint": "rekor.sigstore.dev - 1193050959916656506\n1536184795\neaum30W77SNyf3TvN4KGOA6RYWVRZgtWiJeqXOMi+2U=\n\n— rekor.sigstore.dev wNI9ajBFAiEA3WJsXI7e/6RMcEWsqvl6mFth5ZIAA0oJro23odpNFXUCIGrlttLAWDgtJUFdbg7BDZwUau9RgVz8Kp4H2jAeawXd\n",
      "hashes": [
        "fa89566fca864a9742d46df0a5dbe6448aabd4e96928c97dd74e154bb445c5ce",
        "d2adc2a8a4c9cab2eac0b407c4b7df067f4856dd73e80688e7bcbb5a5d48a504",
        "3abe03b0b7e120b56f69435fbf57a7b880fe16c7ff605577bb08c5be08de4f78",
        "8a37965e2e30db96d2802410cdcfa8acbc0f3c6b8ff09282e18d10ccf9a55918",
        "7aa100250809d3d17f526a75572e435a9161030951b1ffd477156fbbba15a0c8",
        "843f74da2fd698d65b033f08f3fd6ab6401e0f178fdbf4f1395e26269793016a",
        "08968206db85b634c15c759a9a0ee74c310b7824a4241e721155e3e25453a236",
        "a81e15cdd603fe3aa4b08512752d4cd4e2c84c98e752484025d646d5c8bd518d",
        "360b9f6cf9a5e6710f7543839acbacc80496d76816607efc078a8b22d08ef5fd",
        "ed51c92476edec81e34aae72f2fd0cd74d82da0f6ddfb619d414c6fbff80369a",
        "e9d7fd504935267246db503925051ada0e993625262eabe1f97704fdb1b5dc8c",
        "3052521091ed5e5976624c8ea18f77db7c5edd7166a176fd7f3ca7630346257f",
        "e7c5e6a8c2035a9f325834d440cf5ecfad69dba6f42287c6f05323c27adb1cdc",
        "de51f5e4b0eeed7204bc6c3589e45eb862d70bedad7189db63ca19df3e695c5c",
        "eab77f4e43ade9a2371caf00a587f84f7fad577521b694f76426bc5845051368",
        "523a3b4c2cdd56d9d3318060bf625aafe0112ce250ef516f68b63fb43dd29505",
        "a390e6af1f7d507da3ca0398aa1f2c90cba3aa8a78fae1c7c38792721935e060",
        "92729e0cb4ed5b4044c64b9d9a76ddbff3b6c4b877ee3444b7ba9ed4f4779271",
        "36ae12615f5b70fd7b7ce66aae3b3a184e8477bde74ed99908b836088f8cf91a",
        "af99e7f7e99b81440be26f2779383f5e362475fda10ff72f64cb0d47fbf47015",
        "793f85e3bd60d8725f778dd4e23e0bd4f20192de2b2db1d077fa4e47fae594ed",
        "0ce09ea12328bc8bcb13192122f8aca30f40b8d5e0796b3810293247a11ca985"
      ],
      "logIndex": 1536179910,
      "rootHash": "79aba6df45bbed23727f74ef378286380e91616551660b568897aa5ce322fb65",
      "treeSize": 1536184795
    },
    "signedEntryTimestamp": "MEQCIE16AuXNl43u98sWitUHvZqdHso43RglmNZ9NxPCNUZJAiBX91lhVE8RM9AT/uZYsFMk1tiBA/FcXokIjE4bj4cAyw=="
  }
}
View more details on Chainguard Guardener