scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-06 21:37:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0df5ec02c549c2c79a5c9b45d7a1a15d03219f90
secureblue/config/scripts/signing.sh
xynydev 8596d5381e fix: ublue-update failure when signing image
2023-10-01 17:06:30 +03:00

31 lines
1.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Tell build process to exit if there are any errors.
set -oue pipefail
echo "Setting up container signing in policy.json and cosign.yaml for $IMAGE_NAME"
echo "Registry to write: $IMAGE_REGISTRY"
cp /usr/share/ublue-os/cosign.pub /usr/etc/pki/containers/"$IMAGE_NAME".pub
FILE=/usr/etc/containers/policy.json
yq -i -o=j '.transports.docker |=
{"'"$IMAGE_REGISTRY"'": [
{
"type": "sigstoreSigned",
"keyPath": "/usr/etc/pki/containers/'"$IMAGE_NAME"'.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
]
}
+ .' "$FILE"
IMAGE_REF="ostree-image-signed:docker://$IMAGE_REGISTRY/$IMAGE_NAME"
printf '{\n"image-ref": "'"$IMAGE_REF"'",\n"image-tag": "latest"\n}' > /usr/share/ublue-os/image-info.json
cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
Reference in New Issue View Git Blame Copy Permalink