Following this will launch a Sigstore stack running in a RHEL 9 Virtual Machine. This uses an Ansible setup to lauch pods with podman kube-play. Documentation about the components that comprise a keyless Sigstore system is available in the ansible-setup repository.
Follow the RHEL 9 Virtual Machine setup document to spin up a VM with Libvirt.
git clone git@github.com:sabre1041/sigstore-ansible.git
cd sigstore-ansibleSave the following content to inventory file
[sigstore]
<VM_IP_ADDRESS>
[sigstore:vars]
ansible_password=<ROOT_PASSWORD_VM>
ansible_user=redhat
remote_user=root
become=true
become_user=rootAdd the below content.
<VM IP ADDRESS> keycloak.sigstore-dev.ez
<VM_IP_ADDRESS> fulcio.sigstore-dev.ez fulcio
<VM_IP_ADDRESS> rekor.sigstore-dev.ez rekor
<VM_IP_ADDRESS> tuf.sigstore-dev.ez tufYou should now head over to the ansible-setup. Follow the README to download the prerequisites and run the playbook. Also, the ansible-setup describes how to add the self-signed certificates to your local trust-store.
As an example, this is the command used for the VM created above.
# Run the playbook from your local system
ansible-playbook -vv -i inventory playbooks/install.yml -e base_hostname=sigstore-dev.ez -KFinally, cosign can be used locally to sign and verify artifacts.