scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-06 21:37:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add signature rather than replace to allow rebasing back to uBlue main

Browse Source
This commit is contained in:
gerblesh
2023-07-22 23:37:13 -07:00
parent 23d8b2dddb
commit 211a7b05a8
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/build.sh
View File

@@ -108,8 +108,16 @@ fi
# Setup container signing
echo "Setup container signing in policy.json and cosign.yaml"
echo "Registry to write: $IMAGE_REGISTRY"
sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/policy.json
sed -i "s ublue-os.pub cosign.pub g" /usr/etc/containers/policy.json
jq '.transports.docker."$IMAGE_REGISTRY" += [{
"type": "sigstoreSigned",
"keyPath": "/usr/etc/pki/containers/cosign.pub",
"signedIdentity": {
"type": "matchRepository"
}
}]' /usr/etc/containers/policy.json > /usr/etc/containers/policy.json
cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/cosign.yaml
sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/cosign.yaml
# Run "post" scripts.