Add sigstore setting to registry.redhat.io configuration

ggiguash · ggiguash · commit dd1a8731d6da · 2025-01-19T13:29:32.000+02:00
diff --git a/test/bin/mirror_registry.sh b/test/bin/mirror_registry.sh
@@ -41,7 +41,7 @@ EOF
     # TLS authentication is disabled in Quay local registry. The mirror-images.sh
     # helper uses skopeo without TLS options and it defaults to https, so we need
     # to configure registries.conf.d for skopeo to try http instead.
-    sudo bash -c 'cat > /etc/containers/registries.conf.d/900-microshift-mirror.conf' << EOF
+    sudo bash -c 'cat > /etc/containers/registries.conf.d/900-microshift-mirror.conf' <<EOF
 [[registry]]
     prefix = ""
     location = "${MIRROR_REGISTRY_URL}"
@@ -63,13 +63,26 @@ EOF
 EOF
 
 # Complete the source registry configuration to use sigstore attachments.
-# Note that registry.redhat.io.yaml should already be present.
-sudo bash -c 'cat > /etc/containers/registries.d/registry.quay.io.yaml' <<EOF
+# Note that registry.redhat.io.yaml file already exists, but it is missing the
+# sigstore attachment enablement setting.
+sudo bash -c 'cat > /etc/containers/registries.d/registry.quay.io.yaml' <<'EOF'
 docker:
     quay.io:
         use-sigstore-attachments: true
 EOF
 
+if [   -e /etc/containers/registries.d/registry.redhat.io.yaml ] &&
+   [ ! -e /etc/containers/registries.d/registry.redhat.io.yaml.orig ]; then
+   sudo mv /etc/containers/registries.d/registry.redhat.io.yaml /etc/containers/registries.d/registry.redhat.io.yaml.orig
+fi
+
+sudo bash -c 'cat > /etc/containers/registries.d/registry.redhat.io.yaml' <<'EOF'
+docker:
+    registry.redhat.io:
+        use-sigstore-attachments: true
+        sigstore: https://registry.redhat.io/containers/sigstore
+EOF
+
 # Configure the destination local registry to use sigstore attachments.
 # Note: The sigstore staging directory is required because not all registries
 # support direct copy of signatures. In this case, the signatures are downloaded
diff --git a/test/kickstart-templates/includes/post-containers.cfg b/test/kickstart-templates/includes/post-containers.cfg
@@ -87,14 +87,6 @@ cat > /etc/containers/policy.json <<'EOF'
 }
 EOF
 
-# Configure the MicroShift remote registries to use sigstore attachments
-# Note that registry.redhat.io.yaml should already be present.
-cat > /etc/containers/registries.d/registry.quay.io.yaml <<'EOF'
-docker:
-    quay.io/openshift-release-dev:
-        use-sigstore-attachments: true
-EOF
-
 # Configure the MicroShift local registries to use sigstore attachments
 cat > /etc/containers/registries.d/registry.quay.local.yaml <<'EOF'
 docker:
