From ad63daf476cc02ba4edfd1c85fb5b4c695521748 Mon Sep 17 00:00:00 2001
From: Stefan Agner <stefan@agner.ch>
Date: Wed, 20 Mar 2024 15:17:18 +0100
Subject: [PATCH] Disable cosign signature verification (#197)

The current version of cosign deployed in the latest builder doesn't
work with the currently deployed TUF Trust Root on the sigstore servers
(see also https://blog.sigstore.dev/tuf-root-update/).

Remove the cosign identity information to temporarily disable signature
verification. This allows to build a new release with a newer cosign.
---
 build.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/build.yaml b/build.yaml
index 9233890..c8d9882 100644
--- a/build.yaml
+++ b/build.yaml
@@ -5,9 +5,6 @@ build_from:
   armhf: "ghcr.io/home-assistant/armhf-base:3.18"
   amd64: "ghcr.io/home-assistant/amd64-base:3.18"
   i386: "ghcr.io/home-assistant/i386-base:3.18"
-cosign:
-  base_identity: https://github.com/home-assistant/docker-base/.*
-  identity: https://github.com/home-assistant/builder/.*
 args:
   YQ_VERSION: "v4.13.2"
   COSIGN_VERSION: "2.2.3"