Note
uds-package-sigstore
is only a Bronze package and does not support all Sigstore features yet! If you would like to improve the package we welcome PRs! (see Contributing below)
Important
The arm64
package includes amd64
images due to lack of availability of arm64
images from upstream projects at this time. This means you can deploy the arm64
package on an arm64
kubernetes cluster, but some of the images contained in the package will require emulation (e.g., qemu or rosetta) to run properly.
This package is designed for use as part of a UDS Software Factory bundle deployed on UDS Core.
Sigstore is a set of open-source tools and services that simplify the process of signing and verifying software artifacts, enhancing software supply chain security by ensuring the authenticity and integrity of software packages.
This package requires a Kubernetes Cluster providing a Storage Class that has UDS Core installed into it along with the appropriate certificates for Sigstore's components. You can learn more about configuring this package in the configuration documentation
The released packages can be found in ghcr.
*For local dev, this requires installing uds-cli
After installing uds-cli, for a list of available tasks that can be run in this repository execute the following command:
uds run --list
Please see the CONTRIBUTING.md
When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the guide in uds-common.