From e98824bf97f76bb489dc8428ffb34ab2b4b23896 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Wed, 20 Mar 2024 10:37:12 +0100 Subject: [PATCH] Disable cosign signature verification The current version of cosign deployed in the latest builder doesn't work with the currently deployed TUF Trust Root on the sigstore servers (see also https://blog.sigstore.dev/tuf-root-update/). Remove the cosign identity information to temporarily disable signature verification. This allows to build a new release with a newer cosign. --- build.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/build.yaml b/build.yaml index 9233890..c8d9882 100644 --- a/build.yaml +++ b/build.yaml @@ -5,9 +5,6 @@ build_from: armhf: "ghcr.io/home-assistant/armhf-base:3.18" amd64: "ghcr.io/home-assistant/amd64-base:3.18" i386: "ghcr.io/home-assistant/i386-base:3.18" -cosign: - base_identity: https://github.com/home-assistant/docker-base/.* - identity: https://github.com/home-assistant/builder/.* args: YQ_VERSION: "v4.13.2" COSIGN_VERSION: "2.2.3"