From 2aa888d3a14bb6745b7840d44b2a2a197da2c245 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Sun, 6 Oct 2024 09:20:36 -0400 Subject: [PATCH] fix: switch cosign registry from GCR to GHCR (#237) This changes the Dockerfile to pull the cosign container image from GHCR instead of Google Cloud. This helps the Sigstore team manage their cloud spend (as GHCR is provided for free and Google Cloud Artifact Registry is not). Note the container hash does not change and images are posted to both locations upon cosign's release process. --- utils/src/constants.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/src/constants.rs b/utils/src/constants.rs index 55d77641..65733f68 100644 --- a/utils/src/constants.rs +++ b/utils/src/constants.rs @@ -72,7 +72,7 @@ pub const LC_TERMINAL_VERSION: &str = "LC_TERMINAL_VERSION"; pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR"; // Misc -pub const COSIGN_IMAGE: &str = "gcr.io/projectsigstore/cosign:latest"; +pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest"; pub const OCI_ARCHIVE: &str = "oci-archive"; pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed"; pub const OSTREE_UNVERIFIED_IMAGE: &str = "ostree-unverified-image";