Revert "chore: switch to new signing module"

This reverts commit 29ccd82.
c0deplayer · Feb 4, 2024 · 34e2212 · 34e2212
1 parent c57bfac
commit 34e2212
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 4 deletions.
diff --git a/config/common_modules/scripts.yml b/config/common_modules/scripts.yml
@@ -4,3 +4,4 @@ scripts:
   - printer-drivers.sh
   - power-scheduler.sh
   - systemwide-themes.sh
+  - signing.sh
diff --git a/config/scripts/signing.sh b/config/scripts/signing.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# Tell build process to exit if there are any errors.
+set -euo pipefail
+
+IMAGE_VENDOR=silverflow
+IMAGE_TAG=latest
+IMAGE_INFO=/usr/share/ublue-os/image-info.json
+
+echo "Setting up container signing in policy.json and cosign.yaml for $IMAGE_NAME"
+echo "Registry to write: $IMAGE_REGISTRY"
+
+cp /usr/share/ublue-os/cosign.pub /usr/etc/pki/containers/"$IMAGE_NAME".pub
+
+FILE=/usr/etc/containers/policy.json
+
+yq -i -o=j '.transports.docker |=
+    {"'"$IMAGE_REGISTRY"'/'"$IMAGE_NAME"'": [
+            {
+                "type": "sigstoreSigned",
+                "keyPath": "/usr/etc/pki/containers/'"$IMAGE_NAME"'.pub",
+                "signedIdentity": {
+                    "type": "matchRepository"
+                }
+            }
+        ]
+    }
++ .' "$FILE"
+
+IMAGE_REF="ostree-image-signed:docker://$IMAGE_REGISTRY/$IMAGE_NAME"
+
+touch $IMAGE_INFO
+cat >$IMAGE_INFO <<EOF
+{
+    "image-name": "$IMAGE_NAME",
+    "image-flavor": "$BASE_IMAGE",
+    "image-vendor": "$IMAGE_VENDOR",
+    "image-ref": "$IMAGE_REF",
+    "image-tag": "$IMAGE_TAG",
+    "fedora-version": "$OS_VERSION"
+}
+EOF
+
+sed -i '/^PRETTY_NAME/s/Silverblue/SilverFlow/' /usr/lib/os-release
+cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
+sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
diff --git a/config/silverflow-nvidia-39.yml b/config/silverflow-nvidia-39.yml
@@ -17,5 +17,3 @@ modules:
   - from-file: common_modules/systemd.yml
   - from-file: common_modules/image-cleaner.yml
   - from-file: common_modules/scripts.yml
-
-  - type: signing
diff --git a/config/silverflow-nvidia-gts.yml b/config/silverflow-nvidia-gts.yml
@@ -16,5 +16,3 @@ modules:
   - from-file: common_modules/systemd.yml
   - from-file: common_modules/image-cleaner.yml
   - from-file: common_modules/scripts.yml
-
-  - type: signing