initial containers-policy.json compatible signer script

This commit is contained in:
Lance Vick 2023-12-22 23:28:14 -08:00
parent f2c7343787
commit 6dc3ae06bb
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 27 additions and 0 deletions

27
src/sign.sh Normal file
View File

@ -0,0 +1,27 @@
#!/bin/bash
set -eux
# Generate container image signatures in PGP sigstore format
REGISTRY=${1?}
NAME=${2?}
ID=$(docker image ls --format '{{.ID}}' --no-trunc "${REGISTRY}/${NAME}")
DIR=sig/${REGISTRY}/${NAME}@sha256=${ID}
SIGNUM=1
mkdir -p ${DIR}
[ -f ${DIR}/signature-1 ] \
&& LASTSIGNUM=$( \
find ${DIR} -type f -printf "%f\n" \
| sort \
| tail -n1 \
| sed 's/signature-//' \
) \
&& let "SIGNUM=LASTSIGNUM+1"
printf \
'[{"critical":{"identity":{"docker-reference":"%s/%s"},"image":{"docker-manifest-digest":"%s"},"type":"pgp container image signature"},"optional":null}]' \
"$REGISTRY" "$NAME" "$ID" \
| gpg --sign > ${DIR}/signature-${SIGNUM}