From 0f4611efd64d93cf837da791a6e47c4f6c6734c8 Mon Sep 17 00:00:00 2001
From: thespad <spad@linuxserver.io>
Date: Tue, 28 Oct 2025 23:11:35 +0000
Subject: [PATCH] Update signing bundles for cosign v3

---
 Dockerfile         | 6 +++---
 Dockerfile.aarch64 | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 29362c3..2993e27 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -50,9 +50,9 @@ RUN --mount=type=bind,from=cosign-bin,source=/ko-app/cosign,target=/usr/local/bi
     /tmp/lychee.zip -L \
     "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip" && \
   curl -o \
-    /tmp/lychee.zip.asc -L \
-    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip.asc" && \
-  cosign verify-blob --key /config/lychee.pub --signature /tmp/lychee.zip.asc /tmp/lychee.zip && \
+    /tmp/lychee.zip.sigstore.json -L \
+    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip.sigstore.json" && \
+  cosign verify-blob --key /config/lychee.pub --bundle /tmp/lychee.zip.sigstore.json /tmp/lychee.zip && \
   unzip -q /tmp/lychee.zip -d /app && \
   mv /app/Lychee /app/www && \
   echo "**** install composer dependencies ****" && \
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index 2af4917..55eb447 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -50,9 +50,9 @@ RUN --mount=type=bind,from=cosign-bin,source=/ko-app/cosign,target=/usr/local/bi
     /tmp/lychee.zip -L \
     "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip" && \
   curl -o \
-    /tmp/lychee.zip.asc -L \
-    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip.asc" && \
-  cosign verify-blob --key /config/lychee.pub --signature /tmp/lychee.zip.asc /tmp/lychee.zip && \
+    /tmp/lychee.zip.sigstore.json -L \
+    "https://github.com/LycheeOrg/Lychee/releases/download/${LYCHEE_VERSION}/Lychee.zip.sigstore.json" && \
+  cosign verify-blob --key /config/lychee.pub --bundle /tmp/lychee.zip.sigstore.json /tmp/lychee.zip && \
   unzip -q /tmp/lychee.zip -d /app && \
   mv /app/Lychee /app/www && \
   echo "**** install composer dependencies ****" && \