Add image signing #123

RoyalOughtness · 2024-06-16T18:21:33Z

Signing this image would allow for verified updates to build-container-installer

JasonN3 · 2024-06-21T15:56:27Z

All release builds after this will be signed with https://github.com/JasonN3/build-container-installer/blob/main/cosign.pub
Builds on various branches won't be signed since those aren't meant to be used unless you need a specific feature that's still under development.

RoyalOughtness · 2024-10-06T21:43:18Z

@JasonN3 FYI this stopped working sometime recently:

Trying to pull ghcr.io/jasonn3/build-container-installer:latest...
Error: Source image rejected: A signature was required, but no signature exists

I have this in my policy.json:

      "ghcr.io/jasonn3": [
        {
          "type": "sigstoreSigned",
          "keyPath": "/usr/etc/pki/containers/build-container-installer.pub",
          "signedIdentity": {
            "type": "matchRepository"
          }
        }
      ],

and this in /usr/etc/pki/containers/build-container-installer.pub:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY4ljyIhI2w9DOptB4WT20S+K5ts3
GJTEKRkXmIYEXGfyKpJMdlGCWeg2kOam5dNhWKXXl46d3eBBo9S53TPpyQ==
-----END PUBLIC KEY-----

JasonN3 mentioned this issue Jun 17, 2024

Add image signing #124

Merged

JasonN3 closed this as completed in #124 Jun 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add image signing #123

Add image signing #123

RoyalOughtness commented Jun 16, 2024

JasonN3 commented Jun 21, 2024

RoyalOughtness commented Oct 6, 2024 •

edited

Loading

Add image signing #123

Add image signing #123

Comments

RoyalOughtness commented Jun 16, 2024

JasonN3 commented Jun 21, 2024

RoyalOughtness commented Oct 6, 2024 • edited Loading

RoyalOughtness commented Oct 6, 2024 •

edited

Loading