manifests: use the community maintained AlmaLinux toolbox

This replaces the default ubi9 toolbox image
karelvanhecke · May 29, 2024 · 29c969f · 29c969f
1 parent fb42b7a
commit 29c969f
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 0 deletions.
diff --git a/almalinux-bootc.yaml b/almalinux-bootc.yaml
@@ -29,3 +29,14 @@ add-files:
  - /etc/containers/policy.json
  - - containers-registry.yaml
  - /etc/containers/registries.d/ghcr.io-karelvanhecke-bootc.yaml
+ - - containers-registry-toolbox.yaml
+ - /etc/containers/registries.d/quay.io-toolbx-images.yaml
+ - - cosign-toolbox.pub
+ - /etc/pki/containers/quay.io-toolbx-images.pub
+
+postprocess:
+ - |
+ #!/usr/bin/env bash
+ set -xeo pipefail
+
+ sed -i 's,image = "registry.access.redhat.com/ubi9/toolbox:latest",image = "quay.io/toolbx-images/almalinux-toolbox:9",' /etc/containers/toolbox.conf
diff --git a/containers-policy.json b/containers-policy.json
@@ -35,6 +35,15 @@
  ]
  }
  ],
+ "quay.io/toolbx-images": [
+ {
+ "type": "sigstoreSigned",
+ "keyPath": "/etc/pki/containers/quay.io-toolbx-images.pub",
+ "signedIdentity": {
+ "type": "matchRepository"
+ }
+ }
+ ],
  "": [
  {
  "type": "insecureAcceptAnything"

diff --git a/containers-registry-toolbox.yaml b/containers-registry-toolbox.yaml
@@ -0,0 +1,3 @@
+docker:
+ quay.io/toolbx-images:
+ use-sigstore-attachments: true
diff --git a/cosign-toolbox.pub b/cosign-toolbox.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQr63Nsc66mA3oGMArrQPm8/AkuTO
+K+ZrK3WCWzx00LW5K1qu+BS3U4eyMmXaFKIsX69PEFZWzXKy9psum8wj9Q==
+-----END PUBLIC KEY-----