fixup! Add artifacts signing.

Add artifacts signing.
2026-06-05 23:03:40 +00:00 · 2025-12-14 23:56:42 +00:00 · 2025-12-14 23:29:27 +00:00
2 changed files with 31 additions and 0 deletions
@@ -71,3 +71,21 @@ homebrew_casks:
            system_command "/usr/bin/xattr",
                           args: ["-dr", "com.apple.quarantine", "#{staged_path}/kportal"]
          end
+
+signs:
+  - cmd: cosign
+    env:
+      - COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}
+    certificate: "${artifact}.pem"
+    args:
+      - sign-blob
+      - "--key"
+      - "/tmp/cosign.key"
+      - "--output-signature"
+      - "${signature}"
+      - "--output-certificate"
+      - "${certificate}"
+      - "${artifact}"
+      - "--yes"
+    artifacts: checksum
+    output: true
@@ -83,6 +83,19 @@ cd kportal
 make build && make install
 ```

+### Verifying Release Signatures
+
+All release checksums are signed with [cosign](https://github.com/sigstore/cosign). To verify:
+
+```bash
+# Download the checksum file and its signature
+# Then verify with:
+cosign verify-blob \
+  --key https://raw.githubusercontent.com/lukaszraczylo/lukaszraczylo/main/cosign.pub \
+  --signature kportal-<version>-checksums.txt.sig \
+  kportal-<version>-checksums.txt
+```
+
 ## 🚀 Quick Start

 Create `.kportal.yaml`:
Author	SHA1	Message	Date
lukaszraczylo	9fd8f9b03b	fixup! Add artifacts signing.	2025-12-14 23:56:42 +00:00
lukaszraczylo	7032bb5bee	Add artifacts signing.	2025-12-14 23:29:27 +00:00