Drop content trust

A cosign based signature verification will likely be named differently
to avoid confusion with existing implementations. For now, remove the
content trust option entirely.

Author: agners

supervisor/api/security.py

@@ -7,15 +7,14 @@
 
 from supervisor.exceptions import APIGone
 
-from ..const import ATTR_CONTENT_TRUST, ATTR_FORCE_SECURITY, ATTR_PWNED
+from ..const import ATTR_FORCE_SECURITY, ATTR_PWNED
 from ..coresys import CoreSysAttributes
 from .utils import api_process, api_validate
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
     {
         vol.Optional(ATTR_PWNED): vol.Boolean(),
-        vol.Optional(ATTR_CONTENT_TRUST): vol.Boolean(),
         vol.Optional(ATTR_FORCE_SECURITY): vol.Boolean(),
     }
 )
@@ -28,7 +27,6 @@ class APISecurity(CoreSysAttributes):
     async def info(self, request: web.Request) -> dict[str, Any]:
         """Return Security information."""
         return {
-            ATTR_CONTENT_TRUST: self.sys_security.content_trust,
             ATTR_PWNED: self.sys_security.pwned,
             ATTR_FORCE_SECURITY: self.sys_security.force,
         }
@@ -40,8 +38,6 @@ async def options(self, request: web.Request) -> None:
 
         if ATTR_PWNED in body:
             self.sys_security.pwned = body[ATTR_PWNED]
-        if ATTR_CONTENT_TRUST in body:
-            self.sys_security.content_trust = body[ATTR_CONTENT_TRUST]
         if ATTR_FORCE_SECURITY in body:
             self.sys_security.force = body[ATTR_FORCE_SECURITY]
 

supervisor/api/supervisor.py

@@ -16,14 +16,12 @@
     ATTR_BLK_READ,
     ATTR_BLK_WRITE,
     ATTR_CHANNEL,
-    ATTR_CONTENT_TRUST,
     ATTR_COUNTRY,
     ATTR_CPU_PERCENT,
     ATTR_DEBUG,
     ATTR_DEBUG_BLOCK,
     ATTR_DETECT_BLOCKING_IO,
     ATTR_DIAGNOSTICS,
-    ATTR_FORCE_SECURITY,
     ATTR_HEALTHY,
     ATTR_ICON,
     ATTR_IP_ADDRESS,
@@ -69,8 +67,6 @@
         vol.Optional(ATTR_DEBUG): vol.Boolean(),
         vol.Optional(ATTR_DEBUG_BLOCK): vol.Boolean(),
         vol.Optional(ATTR_DIAGNOSTICS): vol.Boolean(),
-        vol.Optional(ATTR_CONTENT_TRUST): vol.Boolean(),
-        vol.Optional(ATTR_FORCE_SECURITY): vol.Boolean(),
         vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
         vol.Optional(ATTR_DETECT_BLOCKING_IO): vol.Coerce(DetectBlockingIO),
         vol.Optional(ATTR_COUNTRY): str,

supervisor/security/module.py

@@ -4,12 +4,7 @@
 
 import logging
 
-from ..const import (
-    ATTR_CONTENT_TRUST,
-    ATTR_FORCE_SECURITY,
-    ATTR_PWNED,
-    FILE_HASSIO_SECURITY,
-)
+from ..const import ATTR_FORCE_SECURITY, ATTR_PWNED, FILE_HASSIO_SECURITY
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import PwnedError
 from ..utils.common import FileConfiguration
@@ -27,16 +22,6 @@ def __init__(self, coresys: CoreSys):
         super().__init__(FILE_HASSIO_SECURITY, SCHEMA_SECURITY_CONFIG)
         self.coresys = coresys
 
-    @property
-    def content_trust(self) -> bool:
-        """Return if content trust is enabled/disabled."""
-        return self._data[ATTR_CONTENT_TRUST]
-
-    @content_trust.setter
-    def content_trust(self, value: bool) -> None:
-        """Set content trust is enabled/disabled."""
-        self._data[ATTR_CONTENT_TRUST] = value
-
     @property
     def force(self) -> bool:
         """Return if force security is enabled/disabled."""

supervisor/validate.py

@@ -12,7 +12,6 @@
     ATTR_AUTO_UPDATE,
     ATTR_CHANNEL,
     ATTR_CLI,
-    ATTR_CONTENT_TRUST,
     ATTR_COUNTRY,
     ATTR_DEBUG,
     ATTR_DEBUG_BLOCK,
@@ -229,7 +228,6 @@ def validate_repository(repository: str) -> str:
 # pylint: disable=no-value-for-parameter
 SCHEMA_SECURITY_CONFIG = vol.Schema(
     {
-        vol.Optional(ATTR_CONTENT_TRUST, default=True): vol.Boolean(),
         vol.Optional(ATTR_PWNED, default=True): vol.Boolean(),
         vol.Optional(ATTR_FORCE_SECURITY, default=False): vol.Boolean(),
     },