roof fa746a3b30 fix: restore cosign pubkey on setup so clean reinstall keeps image verification ...

`make reinstall`/`uninstall` run `rm -rf config/`, which deletes the git-tracked
config/cosign/cosign.pub. Nothing recreated it, so after any clean reinstall the
bind-mounted key was missing and cosign verification failed for EVERY store
service under the default enforce mode ("loading public key: open
/app/config/cosign/cosign.pub: no such file or directory") — store installs were
completely broken on a fresh install. Found during clean-build pic1 verification.

setup_cell.ensure_cosign_pubkey() now restores the key from git HEAD on every
setup (best-effort; warns rather than fails outside a git checkout). Also fixes
the stale service_composer comment that claimed a Dockerfile COPY that never
existed.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-15 11:32:19 -04:00

..

check_deps.sh

fix: use SUDO_USER for docker group to get the invoking user not root

2026-04-22 09:32:43 -04:00

ddns_update.py

Integrate DDNS registration and IP update into installer

2026-05-10 02:28:02 -04:00

pic.service

Phase 1: first-run setup wizard, bash installer, Docker profiles

2026-05-09 08:05:38 -04:00

reset_admin_password.py

fix(scripts): api code lives at /app/api/ inside container, not /app/

2026-05-01 11:50:56 -04:00

sanity_check.py

fix: remove legacy service dirs from setup_cell, update sanity_check for optional services

2026-05-29 17:22:42 -04:00

setup_cell.py

fix: restore cosign pubkey on setup so clean reinstall keeps image verification

2026-06-15 11:32:19 -04:00

setup-network.sh

wip: wireguard

2025-09-14 03:31:14 -05:00