Jon Polom

This does not appear to work for containers signed via the "keyless" method in github action workflows. A github workflow to sign a container using the github actions OIDC token...

@cgwalters have you had a chance to review this yet? Presumably what I'm attempting to do is beyond the capabilities of rpm-ostree/skopeo at this time.

Bump on this again for @cgwalters and @RishabhSaini My conclusion at this point is the sigstore/cosign verification support available in rpm-ostree, podman and skopeo cannot support the keyless cosign signature...

> It is possible to verify keyless signatures with podman So I don't disagree that podman can verify keyless signatures in the general sense. The problem is keyless signatures made...

Is rpm-ostree using the signature verification logic in [containers/image](https://github.com/containers/image) and [containers/skopeo](https://github.com/containers/skopeo)? I do see some skopeo proxy errors when signature validation fails. I very quickly looked through the skopeo and...

> I used a github workflow to sign a container using the github actions OIDC token, just as you have done in a previous message of yours. However, my cert...

Ah, I think I see why you did not end up with a container signed with a URI as the SAN. Are you defining a github actions secret called [`GH_PAT`](https://github.com/lukewarmtemp/custom-container-images/blob/7ecea1876666bf5447da6970e89106f8ec7959d3/.github/workflows/docker-image.yml#L35)?...

> Hey @jmpolom @sallyom before trying this again I may ask for your results? 😅 This occurred so far in the past I no longer recall what I was going...

Looks like at some point stylelint changed from outputting problems to `stdout` to `stderr`: https://github.com/stylelint/stylelint/blob/main/docs/migration-guide/to-16.md#breaking-changes

`stylelint -v` does return a version string. Would it be possible to define the `stream` as a function in the linter config as is done for `cmd`? Seems like that...