From dea80ffa0a59844c3d4da9098de4119c1d725db1 Mon Sep 17 00:00:00 2001
From: Pablo Acevedo Montserrat <pacevedo@redhat.com>
Date: Thu, 19 Jun 2025 13:13:38 +0200
Subject: [PATCH] OCPBUGS-57780: Fix signature checking in CI hypervisor

---
 test/bin/mirror_registry.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/test/bin/mirror_registry.sh b/test/bin/mirror_registry.sh
index 2f0a2741a1..5232e22a26 100755
--- a/test/bin/mirror_registry.sh
+++ b/test/bin/mirror_registry.sh
@@ -79,6 +79,29 @@ EOF
     insecure = true
 EOF
 
+# Skip signature verification for all images by default.
+# Tests that support signature verification will have their own file and enable
+# it for selected Red Hat registries.
+if [ -e /etc/containers/policy.json ] && [ ! -e /etc/containers/policy.json.orig ]; then
+    sudo mv /etc/containers/policy.json /etc/containers/policy.json.orig
+fi
+sudo bash -c 'cat > /etc/containers/policy.json' <<'EOF'
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{"type":"insecureAcceptAnything"}]
+                }
+        }
+}
+EOF
+
 # Complete the source registry configuration to use sigstore attachments.
 # Note that registry.redhat.io.yaml file already exists, but it is missing the
 # sigstore attachment enablement setting.