From 2aeb53a3b4f17792fbb15bf57d60ac24b27154c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= Date: Wed, 26 Feb 2025 17:11:44 +0100 Subject: [PATCH] fixup! Download and verify cosign signatures --- dangerzone/updater/signatures.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dangerzone/updater/signatures.py b/dangerzone/updater/signatures.py index 4e1cd08..8c2bf6f 100644 --- a/dangerzone/updater/signatures.py +++ b/dangerzone/updater/signatures.py @@ -367,6 +367,8 @@ def store_signatures(signatures: list[Dict], image_digest: str, pubkey: str) -> It can be converted to the one expected by cosign verify --bundle with the `signature_to_bundle()` function. + + This function must be used only if the provided signatures have been verified. """ def _get_digest(sig: Dict) -> str: