From d81f5ab15a9212b5c76ceac391de9a74b9dbcde2 Mon Sep 17 00:00:00 2001
From: Sam Clark <1059176+samhclark@users.noreply.github.com>
Date: Thu, 7 Nov 2024 22:34:18 -0600
Subject: [PATCH] Simplify rebase instructions

---
 README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/README.md b/README.md
index f8fd4f6..5bb7eeb 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,19 @@ From another Silverblue based image, first, rebase onto the unsigned image.
 rpm-ostree rebase ostree-unverified-registry:ghcr.io/samhclark/custom-silverblue:41
 ```
 
+Optional: Verify that the image you just rebased onto is signed.
+
+
+```
+$ wget -O - https://raw.githubusercontent.com/samhclark/custom-silverblue/refs/heads/main/overlay-root/usr/etc/pki/cosign/cosign.pub \
+    | cosign verify --key /dev/stdin ghcr.io/samhclark/custom-silverblue@$( \
+        rpm-ostree status \
+        | head -n 7 \
+        | grep -o 'sha256:[a-f0-9]\{64\}' \
+    )
+```
+
+Reboot.
 Then, after that, rebase onto the signed image. 
 This bootstrapping process helps get the public keys onto your machine 
 and makes sure everything is configured right.