Skip to content

daemon: drop PILOT_TRUSTED_PUBLISHERS wiring (catalogue is the trust anchor)#320

Merged
TeoSlayer merged 1 commit into
mainfrom
remove-trusted-publishers-wiring
Jun 23, 2026
Merged

daemon: drop PILOT_TRUSTED_PUBLISHERS wiring (catalogue is the trust anchor)#320
TeoSlayer merged 1 commit into
mainfrom
remove-trusted-publishers-wiring

Conversation

@Alexgodoroja

@Alexgodoroja Alexgodoroja commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Drop PILOT_TRUSTED_PUBLISHERS wiring — the catalogue is the trust anchor

This is the only daemon change needed for v1.12.4 so that all catalogue apps
(cosift, sixtyfour, wallet) and Smol Machines install and run with zero
config on every host.

app-store #25 is NOT a blocker

This go.mod pins the app-store commit directly, so the bits are correct whether
or not #25 is merged. Caveat: that commit currently lives only on the
remove-redundant-trust-anchor branch — keep that branch alive until #25 lands,
then a follow-up re-pins go.mod to the merged-on-main commit.

Verified (fresh node, NO env)

pilotctl appstore install io.pilot.smolmachines   # real catalogue → sha256 OK → installed
daemon spawn: app=io.pilot.smolmachines sideloaded=false   (no "not trusted" skip)
smolmachines.exec machine run … alpine …  → exit 0, alpine 3.24.1

After merge

Tag v1.12.4release.yml publishes → pilot-updater rolls it out,
superseding the bricking v1.12.3 (which enforced the anchor + needed the env).

🤖 Generated with Claude Code

@claude
daemon: drop PILOT_TRUSTED_PUBLISHERS wiring; bump app-store (trust a…
cda930b 
…nchor removed)

The per-publisher trust anchor is removed in app-store (the release-signed
catalogue is the source of truth). So the env-var wiring added in #318 is no
longer needed — a fresh node installs and runs catalogue apps with zero config.

- remove the PILOT_TRUSTED_PUBLISHERS env block + the now-unused manifest import
- bump github.com/pilot-protocol/app-store to the trust-anchor-removal commit
- keep PILOT_APPSTORE_ROOT honoring

Depends on pilot-protocol/app-store#25; re-pin go.mod to the merged app-store
commit before this lands. Verified: a fresh node with NO env installs
io.pilot.smolmachines from the real catalogue and boots a microVM.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@Alexgodoroja Alexgodoroja requested a review from TeoSlayer as a code owner June 22, 2026 23:53
@Alexgodoroja Alexgodoroja self-assigned this Jun 23, 2026
@TeoSlayer TeoSlayer merged commit d7963b7 into main Jun 23, 2026
16 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TeoSlayer TeoSlayer TeoSlayer approved these changes

Assignees

@Alexgodoroja Alexgodoroja

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alexgodoroja @TeoSlayer