install cosign differently

Crow-Control · Crow-Control · commit d04077d2d8b2 · 2025-10-02T15:31:58.000+02:00
diff --git a/apps/python/Dockerfile b/apps/python/Dockerfile
@@ -37,12 +37,13 @@ RUN set -eux; \
         xz-utils \
         zlib1g-dev \
         dpkg-dev \
-        cosign \
     ; \
     rm -rf /var/lib/apt/lists/*
 
 # Download and verify Python with Sigstore
 RUN set -eux; \
+    https://github.com/sigstore/cosign/releases/latest/download/cosign_2.6.0_amd64.deb; \
+    dpkg -i cosign_2.6.0_amd64.deb; \
     wget -O python.tar.xz "https://www.python.org/ftp/python/${VERSION%%[a-z]*}/Python-${VERSION}.tar.xz"; \
     wget -O python.tar.xz.sigstore "https://www.python.org/ftp/python/${VERSION%%[a-z]*}/Python-${VERSION}.tar.xz.sigstore"; \
     cosign verify-blob --cert python.tar.xz.sigstore python.tar.xz; \
