public
/
stagex
Archived
5
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity
This repository has been archived on 2024-08-04. You can view files and clone it, but cannot push or open issues or pull requests.
stagex/src/sign.sh

28 lines
720 B
Bash
Raw Blame History

#!/bin/bash
set -eux
# Generate container image signatures in PGP sigstore format
REGISTRY=${1?}
NAME=${2?}
ID=$(docker image ls --format '{{.ID}}' --no-trunc "${REGISTRY}/${NAME}")
DIR=sig/${REGISTRY}/${NAME}@sha256=${ID}
SIGNUM=1
mkdir -p ${DIR}
[ -f ${DIR}/signature-1 ] \
&& LASTSIGNUM=$( \
find ${DIR} -type f -printf "%f\n" \
| sort -t- -k2 -n \
| tail -n1 \
| sed 's/signature-//' \
) \
&& let "SIGNUM=LASTSIGNUM+1"
printf \
'[{"critical":{"identity":{"docker-reference":"%s/%s"},"image":{"docker-manifest-digest":"%s"},"type":"pgp container image signature"},"optional":null}]' \
"$REGISTRY" "$NAME" "$ID" \
| gpg --sign > ${DIR}/signature-${SIGNUM}
Reference in New Issue View Git Blame Copy Permalink