Cannot pull sigstore signed image with podman

[mcritchlow]

Hello, I have a project in Gitlab which is building, signing and verifying (via Cosign) some Fedora Silverblue images[1] following the recommended documentation[2].

In the CI pipeline, the signed images can be verified as expected. Similarly, in a (local) alpine container, if i do a separate verification, I'm greeted with:

/ # cosign verify registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images/sericea:stable --certificate-identity "https://gitlab.com/ucsdlibrary/development/silverblue-custom-images//.gitlab-ci.yml@refs/heads/trunk" --certificate-oidc-issuer
"https://gitlab.com" | jq

Verification for registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images/sericea:stable --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The code-signing certificate was verified using trusted certificate authority certificates
[
  {
    "critical": {
      "identity": {
        "docker-reference": "registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images/sericea"
      },
      "image": {
        "docker-manifest-digest": "sha256:a99acd2fab606e9047d0319ee8c01a1cee48c46177d3d9c69a407cbfbe7051d9"
      },
      "type": "cosign container image signature"
    },
    "optional": {
      "1.3.6.1.4.1.57264.1.1": "https://gitlab.com",
      "Bundle": {
        "SignedEntryTimestamp": "MEQCIGJrSMYufqoMuzMXaJ7Dm8CYCyvvO/+3ssfTY8/W7BixAiAH8MEU3VSO3YRPTnO7zuiFzEKkuIp3/VlTT1PH4ndK3w==",
        "Payload": {
          "body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjNDNlMmRmNTJmMDQyMzViNmFjMDk0YWZmYjYzNDVjZWYyYTAzYzVkYzI1NjY4NDdkMzI2NDM5OGM4N2Y1ZTYzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUNQMXZoSExzdVo1WWc3WG1LMGpNMy8wSVZrdmtzOEw4VzE0TEZRZFM4eXJ3SWhBUFpIVS9TZnMvYWp0Wk5xZ2RTRGtTeVpDblZFUnQxVFFUaUxZWFNMN1JXQSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVZFFha05EUW1OUFowRjNTVUpCWjBsVlYyTnlNak5NY0RaNVZuVnNjMHA0YVZwdldGRjBUMUJWYmtGbmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDE2U1hkTlZGVjZUbXBGZVZkb1kwNU5hbEYzVFhwSmQwMVVWVEJPYWtWNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVY1VEVKVWVFTjJUMGM0ZWpnMmVXSjVlbWQ2Tm1KaE4xQkZSMmhuTVc4ek1rVjNPRGNLTTBSVFVVazFiM3BMTW1KeU9EVXJUako0ZFhoc1psUm5aVFJQVkZkNFVrWk5hMmRNTlZBM1FXMVdhMFpIYTNOalNIRlBRMEpQU1hkbloxUmxUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZaY0d0TENtOHdWWGt3TWtkeGFXWndhRkJyWTNWMlVVeEhPRkJ6ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDJObldVUldVakJTUVZGSUwwSkhaM2RhYjFwcllVaFNNR05JVFRaTWVUbHVZVmhTYzFsWFNYVlpNamwwVEROV2FtTXlVbk5oVjBwNVdWaEtOUXBNTWxKc1pHMVdjMkl6UW5SYVZ6VXdURE5PY0dKSVdteGpiVXB6WkZkVmRGa3pWbnBrUnpsMFRGZHNkRmxYWkd4amVUaDJURzFrY0dSSGVHaFphVEZxQ21GVE5UVmlWM2hCWTIxV2JXTjVPVzlhVjBaclkzazVNR051Vm5WaGVrRm5RbWR2Y2tKblJVVkJXVTh2VFVGRlFrSkNTbTlrU0ZKM1kzcHZka3d5WkhBS1pFZDRhRmxwTldwaU1qQjNTV2RaUzB0M1dVSkNRVWRFZG5wQlFrTkJVVlZFUWtwdlpFaFNkMk42YjNaTU1tUndaRWQ0YUZscE5XcGlNakIzWkVGWlN3cExkMWxDUWtGSFJIWjZRVUpEVVZKdFJFZFNiMlJJVW5kamVtOTJUREprY0dSSGVHaFphVFZxWWpJd2RtUlhUbnBhUjNod1dXNUthR051YTNaYVIxWXlDbHBYZUhaalJ6RnNZbTVSZG1NeWJITmtiVlo1V1cxNE1WcFRNV3BrV0U0d1lqSXdkR0ZYTVdoYU1sWjZUSGs0ZFZveWJEQmlSMFpwVEZkT2NFeHViSFFLWWtWQ2VWcFhXbnBNTW1oc1dWZFNla3d6VW5sa1Z6VnlUVVJuUjBOcGMwZEJVVkZDWnpjNGQwRlJiMFZMWjNkdlRUSkpNMWw2VFROUFZFRXhXWHBHYkFwT2FscHBUa1JCTWsxVVdtdGFSMUpxVDBSV2FGcHFWWGRPUjA1dFdYcFNiVnBxVG0xTlJFRmlRbWR2Y2tKblJVVkJXVTh2VFVGRlRFSkJNRTFETTA1c0NtSkhXWFJoUnpsNlpFZFdhMDFHVFVkRGFYTkhRVkZSUW1jM09IZEJVWGRGVWxGNFJHRklVakJqU0UwMlRIazVibUZZVW5OWlYwbDFXVEk1ZEV3elZtb0tZekpTYzJGWFNubFpXRW8xVERKU2JHUnRWbk5pTTBKMFdsYzFNRXd6VG5CaVNGcHNZMjFLYzJSWFZYUlpNMVo2WkVjNWRFeFhiSFJaVjJSc1kzcEJOQXBDWjI5eVFtZEZSVUZaVHk5TlFVVk9Ra052VFV0RVRtbE9NazE2VG5wcmQwNVhUWGhhVkZreVdXcFJkMDVxUlRKYVIxSnJXWHBuTVZsWFdURk5SRkpxQ2xwdFRUQmFiVmw2V21wQmQwbEJXVXRMZDFsQ1FrRkhSSFo2UVVKRVoxRlRSRUpDZVZwWFducE1NbWhzV1ZkU2Vrd3pVbmxrVnpWeVRVSm5SME5wYzBjS1FWRlJRbWMzT0hkQlVUaEZRMmQzU1U1VVZUUlBSR3Q1VFdwbmQwOW5XVXRMZDFsQ1FrRkhSSFo2UVVKRlFWRnpSRU53YjJSSVVuZGplbTkyVERKa2NBcGtSM2hvV1drMWFtSXlNSFprVjA1NldrZDRjRmx1U21oamJtdDJXa2RXTWxwWGVIWmpSekZzWW01UmQwWjNXVXRMZDFsQ1FrRkhSSFo2UVVKRlVWRktDa1JCWXpOTmFtYzFUVlJKTVUxSVVVZERhWE5IUVZGUlFtYzNPSGRCVWtsRldtZDRhMkZJVWpCalNFMDJUSGs1Ym1GWVVuTlpWMGwxV1RJNWRFd3pWbW9LWXpKU2MyRlhTbmxaV0VvMVRESlNiR1J0Vm5OaU0wSjBXbGMxTUV3elRuQmlTRnBzWTIxS2MyUlhWWFJaTTFaNlpFYzVkRXhYYkhSWlYyUnNZM2s0ZGdwTWJXUndaRWQ0YUZscE1XcGhVelUxWWxkNFFXTnRWbTFqZVRsdldsZEdhMk41T1RCamJsWjFZWHBCTkVKbmIzSkNaMFZGUVZsUEwwMUJSVlJDUTI5TkNrdEVUbWxPTWsxNlRucHJkMDVYVFhoYVZGa3lXV3BSZDA1cVJUSmFSMUpyV1hwbk1WbFhXVEZOUkZKcVdtMU5NRnB0V1hwYWFrRjNSa0ZaUzB0M1dVSUtRa0ZIUkhaNlFVSkdRVkZIUkVGU2QyUllUbTlOUjFWSFEybHpSMEZSVVVKbk56aDNRVkpWUlZaM2VGWmhTRkl3WTBoTk5reDVPVzVoV0ZKeldWZEpkUXBaTWpsMFRETldhbU15VW5OaFYwcDVXVmhLTlV3eVVteGtiVlp6WWpOQ2RGcFhOVEJNTTA1d1lraGFiR050U25Oa1YxVjBXVE5XZW1SSE9YUk1WMngwQ2xsWFpHeGplVGgwVERKd2RsbHVUWFpPYWxGNlQwUnJkMDlVUVROUFZFRlhRbWR2Y2tKblJVVkJXVTh2VFVGRlYwSkJaMDFDYmtJeFdXMTRjRmw2UTBJS2FXZFpTMHQzV1VKQ1FVaFhaVkZKUlVGblVqaENTRzlCWlVGQ01rRk9NRGxOUjNKSGVIaEZlVmw0YTJWSVNteHVUbmRMYVZOc05qUXphbmwwTHpSbFN3cGpiMEYyUzJVMlQwRkJRVUpxYkhsQ1pWQkJRVUZCVVVSQlJXTjNVbEZKWjFaSWIxQjRWVWM1VERWT1lUTkVLMlYwWm5CcmNHTkhkRmRUUjJSSVQyeHRDbXRKUVU5elducDRSRVV3UTBsUlJHRktlV1UwVDJkWFoya3lOWFk0Y0hGU1VUbDZWbUYzTDFOcmNWZFJRMXB5YUVWbmNrdEpVSGR0ZVZSQlMwSm5aM0VLYUd0cVQxQlJVVVJCZDA1d1FVUkNiVUZxUlVFM05rRmlSVGxKYUNzMGNWZExOVVJJYWtGRE4yOVlaazh6TjFkNFJHVk9NM1pFTURGTWJUbG9PSGx2YXdwelRHMWhTRXMxY0ZnMlVIbzJkVlZ1VW1waUswRnFSVUZyU1doNWVHdDBXblpDYW5WdFIzQk1Ta1pDWkdsclVYWldZMndyY1hCUmJtRmpSM2RyTlZGQkNubzVMeXRLVlVGUWVVVm5jV053Um5oTE5GSlVURXhUYUFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSJ9fX19",
          "integratedTime": 1710948973,
          "logIndex": 79784198,
          "logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"
        }
      },
      "Issuer": "https://gitlab.com",
      "Subject": "https://gitlab.com/ucsdlibrary/development/silverblue-custom-images//.gitlab-ci.yml@refs/heads/trunk"
    }
  }
]

The Issuer is what I currently have mapped to oidcIssuer in policy.json

The Subject is what I currently have mapped to subjectEmail in policy.json

The relevant contents of policy.json:

    "transports": {
        "docker": {
            "registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images": [
                {
                    "type": "sigstoreSigned",
                    "signedIdentity": {
                        "type": "matchRepository"
                    },
                    "fulcio": {
                        "caPath": "/etc/pki/fulcio_v1.crt.pem",
                        "oidcIssuer": "https://gitlab.com",
                        "subjectEmail": "https://gitlab.com/ucsdlibrary/development/silverblue-custom-images//.gitlab-ci.yml@refs/heads/trunk"
                    },
                    "rekorPublicKeyPath": "/etc/pki/rekor.pub"
                }
            ],

And the registries.d entry:

docker:
  registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images:
    use-sigstore-attachments: true

However when trying to do a podman pull I get:

[mcritchlow@lib-mcritchlow ~]$ podman pull registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images/sericea:stable
Trying to pull registry.gitlab.com/ucsdlibrary/development/silverblue-custom-images/sericea:stable...
Error: Source image rejected: Required email https://gitlab.com/ucsdlibrary/development/silverblue-custom-images//.gitlab-ci.yml@refs/heads/trunk not found (got []string(nil))

It feels like there's a missing configuration detail regarding Required email. Was I wrong to assume that Subject from the cosign verification output and Gitlab documentation maps to subjectEmail? Any help/guidance would be much appreciated. Thank you!.

1. https://gitlab.com/ucsdlibrary/development/silverblue-custom-images
2. https://docs.gitlab.com/ee/ci/yaml/signing_examples.html#signing

[mtrmac]

Thanks for reaching out.

Yes, subjectEmail matches email. The …@refs/heads/trunk value clearly isn’t an email.

policy.json does not currently implement the full space of more than a dozen of values Fulcio might include in the certificate. (And I think fairly strongly that “subject of an undefined kind matches this string” is not sufficiently precise for a security policy.)

Compare the long discussion in #2235.

[mcritchlow]

Ah, that makes sense. Thank you for the response!

So ideally, if I'm reading #2235 correctly, if implemented my policy.json would instead use a uri property or something along those lines to distinguish between an actual email address and the URI that the Gitlab OIDC certificate-identify generates and uses for signing.

So at the moment, this is not implemented and I would need to either use a personal key to sign to work around this rather than using the Gitlab OIDC keyless solution, or wait. Is that right?

[mtrmac]

With #2235, I think it probably be closer to subjectAutomatedBuildConfigURI than just uri. But, yes, either way, a new field.

[mcritchlow]

Got it, thank you. I'll close this then and subscribe to #2235. Thanks again for the help