feat: add davincibox container signing policy

config/files/usr/etc/pki/containers/davincibox.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsJkUljnZ13aeQQw+GQgFjgjg/m7L
+/3/+my7H2KDD/xn9fPfN6pz9Zr8WPCY5/bn1ERg6SA1fLbkDK0FoUNzbOw==
+-----END PUBLIC KEY-----

config/scripts/hardencontainerpolicy.sh

@@ -10,9 +10,22 @@ sed -i 's/insecureAcceptAnything/reject/' /usr/etc/containers/policy.json
 # https://github.com/JasonN3/build-container-installer/issues/123
 yq -i -o=j '.transports.docker |=
     {"ghcr.io/jasonn3": [
-            {
+        {
-                "type": "insecureAcceptAnything"
+            "type": "insecureAcceptAnything"
-            }
+        }
-        ]
+      ]
+    }
++ .' /usr/etc/containers/policy.json
+
+yq -i -o=j '.transports.docker |=
+    {"ghcr.io/zelikos": [
+        {
+          "type": "sigstoreSigned",
+          "keyPath": "/usr/etc/pki/containers/davincibox.pub",
+          "signedIdentity": {
+            "type": "matchRepository"
+          }
+        }
+      ]
     }
 + .' /usr/etc/containers/policy.json