Disable cosign signature verification (#197)

The current version of cosign deployed in the latest builder doesn't work with the currently deployed TUF Trust Root on the sigstore servers (see also https://blog.sigstore.dev/tuf-root-update/). Remove the cosign identity information to temporarily disable signature verification. This allows to build a new release with a newer cosign.
home-assistant · Mar 20, 2024 · ad63daf · ad63daf
1 parent 3a4d97c
commit ad63daf
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/build.yaml b/build.yaml
@@ -5,9 +5,6 @@ build_from:
   armhf: "ghcr.io/home-assistant/armhf-base:3.18"
   amd64: "ghcr.io/home-assistant/amd64-base:3.18"
   i386: "ghcr.io/home-assistant/i386-base:3.18"
-cosign:
-  base_identity: https://github.com/home-assistant/docker-base/.*
-  identity: https://github.com/home-assistant/builder/.*
 args:
   YQ_VERSION: "v4.13.2"
   COSIGN_VERSION: "2.2.3"