wunker-bunker/wunker-os
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add initial instructions for signing

Browse Source
This commit is contained in:
Jorge O. Castro
2022-12-27 19:12:53 -05:00
committed by GitHub
parent c82f8396e3
commit 4219b5fa7f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -37,4 +37,6 @@ The `latest` tag will automatically point to the latest build.
These images are signed with sisgstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You can verify the signature by downloading the `cosign.pub` key from this repo and running the following command: These images are signed with sisgstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You can verify the signature by downloading the `cosign.pub` key from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/ublue-os/base cosign verify --key cosign.pub ghcr.io/ublue-os/base
If you're forking this repo you should [read the docs](https://docs.github.com/en/actions/security-guides/encrypted-secrets) on keeping secrets in github. You need to [generate a new keypair](https://docs.sigstore.dev/cosign/overview/) with cosign. The public key can be in your public repo (your users need it to check the signatures), and you can paste the private key in Settings -> Secrets -> Actions.