From 211a7b05a82ddda18c63f9a239f7726f119cb935 Mon Sep 17 00:00:00 2001
From: gerblesh <101901964+gerblesh@users.noreply.github.com>
Date: Sat, 22 Jul 2023 23:37:13 -0700
Subject: [PATCH] feat: add signature rather than replace to allow rebasing
 back to uBlue main

---
 scripts/build.sh | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scripts/build.sh b/scripts/build.sh
index 1a42d8c..3008878 100644
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -108,8 +108,16 @@ fi
 # Setup container signing
 echo "Setup container signing in policy.json and cosign.yaml"
 echo "Registry to write: $IMAGE_REGISTRY"
-sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/policy.json
-sed -i "s ublue-os.pub cosign.pub g" /usr/etc/containers/policy.json
+
+jq '.transports.docker."$IMAGE_REGISTRY" += [{
+"type": "sigstoreSigned",
+"keyPath": "/usr/etc/pki/containers/cosign.pub",
+"signedIdentity": {
+        "type": "matchRepository"
+}
+}]' /usr/etc/containers/policy.json > /usr/etc/containers/policy.json
+
+cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/cosign.yaml
 sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/cosign.yaml
 
 # Run "post" scripts.