From 34e221207591f0c88b78e576f5f97198dc10e05c Mon Sep 17 00:00:00 2001
From: Jakub Kujawa <ZK_Jakub@proton.me>
Date: Sun, 4 Feb 2024 22:36:47 +0100
Subject: [PATCH] Revert "chore: switch to new signing module"

This reverts commit 29ccd82e4e5a1b6ea3dd9f58c1e2effbf683c41b.
---
 config/common_modules/scripts.yml |  1 +
 config/scripts/signing.sh         | 46 +++++++++++++++++++++++++++++++
 config/silverflow-nvidia-39.yml   |  2 --
 config/silverflow-nvidia-gts.yml  |  2 --
 4 files changed, 47 insertions(+), 4 deletions(-)
 create mode 100644 config/scripts/signing.sh

diff --git a/config/common_modules/scripts.yml b/config/common_modules/scripts.yml
index acae25f07c..d7b6f6e31a 100644
--- a/config/common_modules/scripts.yml
+++ b/config/common_modules/scripts.yml
@@ -4,3 +4,4 @@ scripts:
   - printer-drivers.sh
   - power-scheduler.sh
   - systemwide-themes.sh
+  - signing.sh
diff --git a/config/scripts/signing.sh b/config/scripts/signing.sh
new file mode 100644
index 0000000000..61021a46d8
--- /dev/null
+++ b/config/scripts/signing.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# Tell build process to exit if there are any errors.
+set -euo pipefail
+
+IMAGE_VENDOR=silverflow
+IMAGE_TAG=latest
+IMAGE_INFO=/usr/share/ublue-os/image-info.json
+
+echo "Setting up container signing in policy.json and cosign.yaml for $IMAGE_NAME"
+echo "Registry to write: $IMAGE_REGISTRY"
+
+cp /usr/share/ublue-os/cosign.pub /usr/etc/pki/containers/"$IMAGE_NAME".pub
+
+FILE=/usr/etc/containers/policy.json
+
+yq -i -o=j '.transports.docker |=
+    {"'"$IMAGE_REGISTRY"'/'"$IMAGE_NAME"'": [
+            {
+                "type": "sigstoreSigned",
+                "keyPath": "/usr/etc/pki/containers/'"$IMAGE_NAME"'.pub",
+                "signedIdentity": {
+                    "type": "matchRepository"
+                }
+            }
+        ]
+    }
++ .' "$FILE"
+
+IMAGE_REF="ostree-image-signed:docker://$IMAGE_REGISTRY/$IMAGE_NAME"
+
+touch $IMAGE_INFO
+cat >$IMAGE_INFO <<EOF
+{
+    "image-name": "$IMAGE_NAME",
+    "image-flavor": "$BASE_IMAGE",
+    "image-vendor": "$IMAGE_VENDOR",
+    "image-ref": "$IMAGE_REF",
+    "image-tag": "$IMAGE_TAG",
+    "fedora-version": "$OS_VERSION"
+}
+EOF
+
+sed -i '/^PRETTY_NAME/s/Silverblue/SilverFlow/' /usr/lib/os-release
+cp /usr/etc/containers/registries.d/ublue-os.yaml /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
+sed -i "s ghcr.io/ublue-os $IMAGE_REGISTRY g" /usr/etc/containers/registries.d/"$IMAGE_NAME".yaml
diff --git a/config/silverflow-nvidia-39.yml b/config/silverflow-nvidia-39.yml
index ffd4fc5851..9b002e4205 100644
--- a/config/silverflow-nvidia-39.yml
+++ b/config/silverflow-nvidia-39.yml
@@ -17,5 +17,3 @@ modules:
   - from-file: common_modules/systemd.yml
   - from-file: common_modules/image-cleaner.yml
   - from-file: common_modules/scripts.yml
-
-  - type: signing
diff --git a/config/silverflow-nvidia-gts.yml b/config/silverflow-nvidia-gts.yml
index e82ea0ccaa..0b9bae80c6 100644
--- a/config/silverflow-nvidia-gts.yml
+++ b/config/silverflow-nvidia-gts.yml
@@ -16,5 +16,3 @@ modules:
   - from-file: common_modules/systemd.yml
   - from-file: common_modules/image-cleaner.yml
   - from-file: common_modules/scripts.yml
-
-  - type: signing