From 04ee65924574c4b4e2f480d103ff987a3f239e62 Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Tue, 2 Jul 2024 13:27:24 -0500 Subject: [PATCH] chore: update cosign public key (#296) * refactor: update cosign public key * Retain support for images signed with the old private key * Update rpmspec file with new public key * Use separate entries for each pub key * Revert back to Ben's original code --------- Co-authored-by: Robert Sturla --- cosign.pub | 4 ++-- files/usr/etc/containers/policy.json | 2 +- files/usr/etc/pki/containers/ublue-os.pub | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cosign.pub b/cosign.pub index f9482c42..bd5b1927 100644 --- a/cosign.pub +++ b/cosign.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA -cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHLRpBfPRYiMl9wb7s6fx47PzzNWu +3zyJgXhWEvxoOgwv9CpwjbvUwR9qHxNMWkJhuGE6cjDA2hpy1I6NbA+24Q== -----END PUBLIC KEY----- diff --git a/files/usr/etc/containers/policy.json b/files/usr/etc/containers/policy.json index 8031745d..e407e964 100644 --- a/files/usr/etc/containers/policy.json +++ b/files/usr/etc/containers/policy.json @@ -32,7 +32,7 @@ "ghcr.io/ublue-os": [ { "type": "sigstoreSigned", - "keyPath": "/usr/etc/pki/containers/ublue-os.pub", + "keyPath": "/etc/pki/containers/ublue-os.pub", "signedIdentity": { "type": "matchRepository" } diff --git a/files/usr/etc/pki/containers/ublue-os.pub b/files/usr/etc/pki/containers/ublue-os.pub index f9482c42..bd5b1927 100644 --- a/files/usr/etc/pki/containers/ublue-os.pub +++ b/files/usr/etc/pki/containers/ublue-os.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lh7fJMV4dBT2jT1XafixUJa7OVA -cT+QFVD8IfIJIS/KBAc8hx1aslzkH3tfeM0cwyCLB7kOStZ4sh6RyFQD9w== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHLRpBfPRYiMl9wb7s6fx47PzzNWu +3zyJgXhWEvxoOgwv9CpwjbvUwR9qHxNMWkJhuGE6cjDA2hpy1I6NbA+24Q== -----END PUBLIC KEY-----