Skip to content

Commit

Permalink
README: Add sigstore signature verification instructions
Browse files Browse the repository at this point in the history
  • Loading branch information
@travier
travier committed Nov 26, 2023
1 parent 1db659a commit 6b8a6a0
Showing 1 changed file with 31 additions and 0 deletions.
31 changes: 31 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,37 @@ The toolbox container images are based on the Fedora toolbox container image.
| [toolbox-root](https://quay.io/repository/travier/toolbox-root) | Tools useful for system administration |
| [toolbox-texlive](https://quay.io/repository/travier/toolbox-texlive) | Tools and binaries to build LaTeX based projects |

## Verifying sigstore container signatures with podman

How to configure sigstore signature verification in podman:

```
$ sudo mkdir /etc/pki/containers
$ sudo cp quay-travier-containers.pub /etc/pki/containers/
$ sudo restorecon -RFv /etc/pki/containers
$ cat /etc/containers/registries.d/quay.io-travier.yaml
docker:
quay.io/travier:
use-sigstore-attachments: true
$ sudo restorecon -RFv /etc/containers/registries.d/quay.io-travier.yaml
$ cat /etc/containers/policy.json
...
"transports": {
"docker": {
"quay.io/travier": [
{
"type": "sigstoreSigned",
"keyPath": "/etc/pki/containers/quay-travier-containers.pub",
"signedIdentity": {
"type": "matchRepository"
}
}
],
...
```

## License

See [LICENSE](LICENSE).

0 comments on commit 6b8a6a0

Please sign in to comment.