Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable cosign signature verification #197

Merged
merged 1 commit into from Mar 20, 2024
Merged

Disable cosign signature verification #197

merged 1 commit into from Mar 20, 2024

Conversation

agners
Copy link
Member

@agners agners commented Mar 20, 2024

The current version of cosign deployed in the latest builder doesn't work with the currently deployed TUF Trust Root on the sigstore servers (see also https://blog.sigstore.dev/tuf-root-update/).

Remove the cosign identity information to temporarily disable signature verification. This allows to build a new release with a newer cosign.

@agners
Disable cosign signature verification
e98824b 
The current version of cosign deployed in the latest builder doesn't
work with the currently deployed TUF Trust Root on the sigstore servers
(see also https://blog.sigstore.dev/tuf-root-update/).

Remove the cosign identity information to temporarily disable signature
verification. This allows to build a new release with a newer cosign.
@nyok92 nyok92 mentioned this pull request Mar 20, 2024
Closed
@agners agners merged commit ad63daf into master Mar 20, 2024
10 checks passed
@agners agners deleted the temporarily-disable-signature-verification branch March 20, 2024 14:17
@agners agners mentioned this pull request Mar 20, 2024
Merged
@BigThunderSR
Copy link

Now getting this new error in builder 2024.03.1:

ghcr.io/home-assistant/xxx-builder:2024.03.1
Error: no matching signatures
main.go:69: error during command execution: no matching signatures
Error: Process completed with exit code 12.

agners added a commit that referenced this pull request Mar 20, 2024
@agners
Revert "Disable cosign signature verification (#197)"
5940826 
This reverts commit ad63daf.
agners added a commit that referenced this pull request Mar 20, 2024
@agners
Reenable cosign verification (#201)
cebacc7 
* Revert "Disable cosign signature verification (#197)"

This reverts commit ad63daf.

* Revert "Disable cosign verification by default (#199)"

This reverts commit eec2fe4.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvizeli pvizeli pvizeli approved these changes

Assignees
No one assigned
Labels
cla-signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@agners @BigThunderSR @pvizeli