Merge pull request 'Attempt: Use Vanilla Silverblue as Base' (#1) from vanilla-silverblue-base into main

Reviewed-on: https://davejansen.dev/davejansen/fedora-bootc/pulls/1

Update cron schedule so builds only run every three days

Attempt: Add custom containers-policy.json

Actually copy cosign.pub into the build context

Move containers policy file to the right place

Oops :D

Ensure the correct tags are set with new builds

Add my own registries.d policy file, too

Temporarily stop removing system-installed Firefox

I'm trying to debug why my
system-installed-1Password-and-Firefox-flatpak "hack" doesn't work on my
bootc image.

Borrow certain `/etc/passwd` and `/etc/group` clean-up steps from `hhd-dev/rechunk`

One step back

Further reduce. Re-remove system-installed Firefox

Attempt: Separate cleanup step

Add some debug echos, trigger cleanup while mounts are present

Temporarily only look at /etc/group

Attempt to re-add (optionally) writing `passwd` changes

I always forget.

Sunk cost fallacy

"Let's try this again"

I give up. For now.

sys_files/etc/containers/policy.json

@@ -0,0 +1,32 @@
+{
+  "default": [
+    {
+      "type": "reject"
+    }
+  ],
+  "transports": {
+    "docker": {
+      "davejansen.dev": [
+        {
+          "type": "sigstoreSigned",
+          "keyPaths": ["/etc/pki/containers/davejansen.pub"],
+          "signedIdentity": {
+            "type": "matchRepository"
+          }
+        }
+      ],
+      "": [
+        {
+          "type": "insecureAcceptAnything"
+        }
+      ]
+    },
+    "docker-daemon": {
+      "": [
+        {
+          "type": "insecureAcceptAnything"
+        }
+      ]
+    }
+  }
+}

sys_files/etc/containers/registries.d/davejansen.yaml

@@ -0,0 +1,3 @@
+docker:
+  davejansen.dev/davejansen:
+    use-sigstore-attachments: true