From a5d4a1030cdb8768db3ae119a755aae3df27e674 Mon Sep 17 00:00:00 2001 From: xynydev Date: Sat, 3 Feb 2024 12:38:47 +0200 Subject: [PATCH] chore: switch to signing module --- config/recipe.yml | 6 ++---- config/scripts/signing.sh | 30 ------------------------------ 2 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 config/scripts/signing.sh diff --git a/config/recipe.yml b/config/recipe.yml index 5684517..2905431 100644 --- a/config/recipe.yml +++ b/config/recipe.yml @@ -44,7 +44,5 @@ modules: remove: # - org.gnome.eog - - type: script - scripts: - # this sets up the proper policy & signing files for signed images to work - - signing.sh + - type: signing # this sets up the proper policy & signing files for signed images to work fully + diff --git a/config/scripts/signing.sh b/config/scripts/signing.sh deleted file mode 100644 index 16b0ea8..0000000 --- a/config/scripts/signing.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -# Tell build process to exit if there are any errors. -set -oue pipefail - -echo "Setting up container signing in policy.json and cosign.yaml for $IMAGE_NAME" -echo "Registry to write: $IMAGE_REGISTRY" - -cp /usr/share/ublue-os/cosign.pub /usr/etc/pki/containers/"$IMAGE_NAME".pub - -FILE=/usr/etc/containers/policy.json - -yq -i -o=j '.transports.docker |= - {"'"$IMAGE_REGISTRY"'/'"$IMAGE_NAME"'": [ - { - "type": "sigstoreSigned", - "keyPath": "/usr/etc/pki/containers/'"$IMAGE_NAME"'.pub", - "signedIdentity": { - "type": "matchRepository" - } - } - ] - } -+ .' "$FILE" - -IMAGE_REF="ostree-image-signed:docker://$IMAGE_REGISTRY/$IMAGE_NAME" -printf '{\n"image-ref": "'"$IMAGE_REF"'",\n"image-tag": "latest"\n}' > /usr/share/ublue-os/image-info.json - -cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml -sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml