From 60750ddf2b07eb351a309a60ae813aa54929754c Mon Sep 17 00:00:00 2001
From: Vyacheslav Bocharov <adeep@lexina.in>
Date: Sun, 20 Aug 2023 13:10:44 +0300
Subject: [PATCH] JH: Add resign build_from image

---
 builder.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/builder.sh b/builder.sh
index a47724b..fbee411 100755
--- a/builder.sh
+++ b/builder.sh
@@ -312,7 +312,14 @@ function run_build() {
 
     # Validate the base image
     if ! cosign_verify "${cosign_base_issuer}" "${cosign_base_identity}" "${build_from}" "${docker_platform}" "true"; then
-        bashio::exit.nok "Invalid base image ${build_from}"
+
+        bashio::log.warning "Validation of base image ${build_from} fails (cosign)!"
+        cosign_sign "${build_from}"
+        if bashio::var.false "${success}"; then
+          bashio::log.info "Failed to resign the base image ${build_from} (cosign)"
+          bashio::exit.nok "Invalid base image ${build_from}"
+        fi
+        bashio::log.info "Signed ${image} with ${trust} (cosign)"
     fi
 
     # Arch specific Dockerfile