File: sign_released_files.sh

package info (click to toggle)
copyq 13.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 12,964 kB
  • sloc: cpp: 63,306; sh: 992; xml: 452; python: 293; ruby: 152; makefile: 27; javascript: 25
file content (12 lines) | stat: -rwxr-xr-x 421 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
 
#!/bin/bash
set -euo pipefail

sha512sum *.gz *.zip *.exe linux/*.deb linux/*.rpm |
    sed 's/ linux\// /' > checksums-sha512.txt

# https://docs.sigstore.dev/quickstart/quickstart-cosign/
cosign sign-blob checksums-sha512.txt --bundle cosign.bundle

cosign verify-blob checksums-sha512.txt --bundle cosign.bundle \
    --certificate-identity=hluk@email.cz \
    --certificate-oidc-issuer=https://github.com/login/oauth