Revert "refactor: clean up image signing to line up more with upstream"

scripts/build.sh

@@ -22,6 +22,12 @@ YAFTI_ENABLED="$(get_yaml_string '.firstboot.yafti')"
 # Welcome.
 echo "Building custom Fedora ${FEDORA_VERSION} from image: \"${BASE_IMAGE}\"."
 
+# Setup container signing
+echo "Setup container signing in policy.json and cosign.yaml"
+echo "Registry to write: $IMAGE_REGISTRY"
+sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/policy.json
+sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/cosign.yaml
+
 # Add custom repos.
 get_yaml_array repos '.rpm.repos[]'
 if [[ ${#repos[@]} -gt 0 ]]; then
@@ -105,20 +111,5 @@ if [[ "${YAFTI_ENABLED}" == "true" ]]; then
     fi
 fi
 
-# Setup container signing
-echo "Setup container signing in policy.json and cosign.yaml"
-echo "Registry to write: $IMAGE_REGISTRY"
-
-jq '.transports.docker."$IMAGE_REGISTRY" += [{
-    "type": "sigstoreSigned",
-    "keyPath": "/usr/etc/pki/containers/cosign.pub",
-    "signedIdentity": {
-        "type": "matchRepository"
-    }
-}]' /usr/etc/containers/policy.json > /usr/etc/containers/policy.json
-
-cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/cosign.yaml
-sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/cosign.yaml
-
 # Run "post" scripts.
 run_scripts "post"