Signature verification should be disabled by default and reenabled in some cases

Author: ggiguash

test/kickstart-templates/includes/post-containers-sigstore.cfg

@@ -22,7 +22,7 @@ EOF
 
 # Configure Red Hat containers policy to use the Red Hat public key, making
 # an exception for unofficial / unreleased images that are used by tests
-if [ -f /etc/containers/policy.json ] ; then
+if [ -e /etc/containers/policy.json ] && [ ! -e /etc/containers/policy.json.orig ]; then
     mv /etc/containers/policy.json /etc/containers/policy.json.orig
 fi
 cat > /etc/containers/policy.json <<'EOF'

test/kickstart-templates/includes/post-containers.cfg

@@ -37,3 +37,26 @@ cat > /etc/containers/registries.conf.d/999-microshift-mirror.conf <<'EOF'
     location = "REPLACE_MIRROR_HOSTNAME:REPLACE_MIRROR_PORT/microshift"
     insecure = true
 EOF
+
+# Skip signature verification for all images by default.
+# Tests that support signature verification will overwrite this file and reenable
+# it for selected Red Hat registries.
+if [ -e /etc/containers/policy.json ] && [ ! -e /etc/containers/policy.json.orig ]; then
+    mv /etc/containers/policy.json /etc/containers/policy.json.orig
+fi
+cat > /etc/containers/policy.json <<'EOF'
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{"type":"insecureAcceptAnything"}]
+                }
+        }
+}
+EOF