scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-07 22:03:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5838d0fce460e2cb667a9b6c7aa966cc0e9d06b7
secureblue/config/scripts/signing.sh
gerblesh 5838d0fce4 feat: create /usr/share/ublue-os/image-info.json inside signing.sh (#157) 
* feat: create /usr/share/ublue-os/image-info.json inside signing.sh

* chore: remove debug call to cat, fix formatting
2023-09-22 09:22:38 +00:00

31 lines
1.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Tell build process to exit if there are any errors.
set -oue pipefail
echo "Setting up container signing in policy.json and cosign.yaml for $IMAGE_NAME"
echo "Registry to write: $IMAGE_REGISTRY"
cp /usr/share/ublue-os/cosign.pub /usr/etc/pki/containers/"$IMAGE_NAME".pub
FILE=/usr/etc/containers/policy.json
yq -i -o=j '.transports.docker |=
{"'"$IMAGE_REGISTRY"'": [
{
"type": "sigstoreSigned",
"keyPath": "/usr/etc/pki/containers/'"$IMAGE_NAME"'.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
]
}
+ .' "$FILE"
IMAGE_REF="ostree-image-signed:docker://$IMAGE_REGISTRY/$IMAGE_NAME"
printf '{\n"image-ref": "'"$IMAGE_REF"'",\n"image-default-tag": "latest"\n}' > /usr/share/ublue-os/image-info.json
cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
Reference in New Issue View Git Blame Copy Permalink