This automates, and enhances the manual approach to running local Sigstore outlined in Sigstore the local way.
The sigstore-local-deployment provides:
- Container image signing
- Signing action with cosign
- Image uploaded to local OCI registry
- Rekor transparency log to provide a second immutable source of truth to the system
See make help
for details of make targets.
Currently only RHEL/Fedora is fully supported. MacOS support is in progress.
The following packages are required:
- mariadb-server
- git
- golang
- softhsm
- opensc
To install these run:
sudo make install-packages-linux
or
make install-packages-mac
The following are provided are go packages (see make help
for target details):
- Simple OCI registry
- cosign
- trillian_log_server
- trillian_log_signer
- createtree
- ko
These can be installed by running:
make install-registry
make install-cosign
make install-trillian
make install-ko
The easiest way to create a Cosign environment is by running:
make quickstart
Once this has been completed run the following to test the installation:
make post-deploy-tests
All backgrounds processes (Registry, cosign, Trillian etc) are logged via systemd journal, so use journalctl
to view these.