Skip to content

Commit

Permalink
Disable cosign signature verification (#197)
Browse files Browse the repository at this point in the history
The current version of cosign deployed in the latest builder doesn't
work with the currently deployed TUF Trust Root on the sigstore servers
(see also https://blog.sigstore.dev/tuf-root-update/).

Remove the cosign identity information to temporarily disable signature
verification. This allows to build a new release with a newer cosign.
  • Loading branch information
agners authored Mar 20, 2024
1 parent 3a4d97c commit ad63daf
Showing 1 changed file with 0 additions and 3 deletions.
3 changes: 0 additions & 3 deletions build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ build_from:
armhf: "ghcr.io/home-assistant/armhf-base:3.18"
amd64: "ghcr.io/home-assistant/amd64-base:3.18"
i386: "ghcr.io/home-assistant/i386-base:3.18"
cosign:
base_identity: https://github.com/home-assistant/docker-base/.*
identity: https://github.com/home-assistant/builder/.*
args:
YQ_VERSION: "v4.13.2"
COSIGN_VERSION: "2.2.3"
Expand Down

0 comments on commit ad63daf

Please sign in to comment.