-
Notifications
You must be signed in to change notification settings - Fork 53
Expand file tree
/
Copy pathcosign-install
More file actions
57 lines (41 loc) · 1.27 KB
/
cosign-install
File metadata and controls
57 lines (41 loc) · 1.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env bash
set -o errexit
set -o xtrace
main() {
# Cosign installation
local COSIGN_VERSION="v1.10.1"
wget -q "https://github.com/sigstore/cosign/releases/download/${COSIGN_VERSION}/cosign-linux-amd64"
# rename the binary
sudo mv cosign-linux-amd64 /usr/local/bin/not_cosign
sudo chmod +x /usr/local/bin/not_cosign
not_cosign version
# Rekor-cli installtion
local REKOR_VERSION="v0.10.0"
wget -q "https://github.com/sigstore/rekor/releases/download/${REKOR_VERSION}/rekor-cli-linux-amd64"
sudo mv rekor-cli-linux-amd64 /usr/local/bin/rekor-cli
sudo chmod +x /usr/local/bin/rekor-cli
rekor-cli version
# create dummy cosign script
cat <<'EOF' >>cosign
#!/usr/bin/env bash
set -o errexit
main() {
args="$@"
if [ ! -z "${COSIGN_EXPERIMENTAL}" ] \
&& [ ! -z "${TRAVIS_REPO_PRIVATE}" ] \
&& [ $COSIGN_EXPERIMENTAL == 1 ] \
&& [ $TRAVIS_REPO_PRIVATE == "true" ] \
&& [[ $args != *"--key"* ]]
then
echo "Experimental cosign features are not allowed in builds for private repositories"
exit 1
fi
# call original cosign binary and send arguments
not_cosign $args
}
main "$@"
EOF
# make cosign script executable and move to /usr/local/bin
sudo chmod +x cosign && sudo mv cosign /usr/local/bin/cosign
}
main "$@"