Update cosign signature check

[saschagrunert]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

The check of the cosign-based keyless signature check accepted any valid signature.

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

None

Does this PR introduce a user-facing change?

None

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov-commenter]

Codecov Report

Merging #1255 (bd087a5) into main (555de7c) will decrease coverage by 0.54%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1255      +/-   ##
==========================================
- Coverage   34.39%   33.86%   -0.54%     
==========================================
  Files          13       13              
  Lines        1128     1128              
  Branches      387      389       +2     
==========================================
- Hits          388      382       -6     
- Misses        480      490      +10     
+ Partials      260      256       -4     

[haircommander]

@saschagrunert is this ready?

[saschagrunert]

@haircommander yes, but it looks like we have a RPM build issue (unrelated to this PR, though).

[haircommander]

/lgtm

[rphillips]

/retest-required

[rphillips]

/test rpm-build:centos-stream-9-x86_64

[openshift-ci]

@rphillips: No presubmit jobs available for containers/conmon-rs@main

In response to this:

/test rpm-build:centos-stream-9-x86_64

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rphillips]

Tried the RPM builds again on Friday. Failed with GPG packaging key errors:

CentOS Stream 9 - BaseOS                        1.6 MB/s | 1.6 kB     00:00    
CentOS Stream 9 - AppStream                     1.6 MB/s | 1.6 kB     00:00    
The GPG keys listed for the "CentOS Stream 9 - BaseOS" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: alternatives-1.20-2.el9.x86_64
 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
Public key for audit-libs-3.0.7-103.el9.x86_64.rpm is not installed. Failing package is: audit-libs-3.0.7-103.el9.x86_64
 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
Public key for basesystem-11-13.el9.noarch.rpm is not installed. Failing package is: basesystem-11-13.el9.noarch
 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
Public key for bash-5.1.8-6.el9.x86_64.rpm is not installed. Failing package is: bash-5.1.8-6.el9.x86_64
 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
Public key for binutils-2.35.2-39.el9.x86_64.rpm is not installed. Failing package is: binutils-2.35.2-39.el9.x86_64
 GPG Keys are configured as: file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
Public key for bzip2-1.0.8-8.el9.x86_64.rpm is not installed. Failing package is: bzip2-1.0.8-8.el9.x86_64