mirrors/archlinux-docker
1
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/archlinux-docker.git synced 2025-08-05 13:47:16 +02:00
Code Issues Projects Releases Wiki Activity
ae0527df18
archlinux-docker/sigstore-param-file.yaml
Kristian Klausen 8317be4d2d
Sign the images with sigstore's fulcio/rekor 
The ecosystem is moving towards sigstore and we are federated with the
public fulcio instance[1], so let's sign our images. Cosign is not used,
but the sigstore feature built into podman, which works basically the
same way as cosign.

[1] https://github.com/sigstore/fulcio/pull/1214

Fix #77
2023-09-16 15:55:50 +02:00

7 lines
204 B
YAML
Raw Blame History

fulcio:
fulcioURL: "https://fulcio.sigstore.dev"
oidcMode: "staticToken"
oidcIssuerURL: "https://gitlab.archlinux.org"
oidcIDToken: "TEMPLATE_OIDC_ID_TOKEN"
rekorURL: "https://rekor.sigstore.dev"
Reference in New Issue View Git Blame Copy Permalink