-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Allow cosign to sign digests before they are uploaded. #2959
Conversation
8059c2f
to
cd988ee
Compare
Codecov Report
@@ Coverage Diff @@
## main #2959 +/- ##
==========================================
+ Coverage 30.26% 30.81% +0.54%
==========================================
Files 151 152 +1
Lines 9469 9552 +83
==========================================
+ Hits 2866 2943 +77
- Misses 6158 6163 +5
- Partials 445 446 +1
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
cd988ee
to
d6d95ed
Compare
I changed it to a hardcoded digest since the |
I'm going to fix |
d6d95ed
to
885c5a7
Compare
Ok, so the CI failure is a legit failure, and I'm glad it caught this because there's a subtle bug with this approach! Essentially the I think this will require some changes more integrated into |
885c5a7
to
8a77fc8
Compare
Ok, this no longer uses It felt wrong to automatically do this in |
Blah, it still needs some work to pass tests. |
8a77fc8
to
2122ce1
Compare
🎁 This feature allows `cosign` to sign and attest a digest that doesn't exist yet, to support scenarios such as signing an image prior to pushing it. This adapts the ideas from the two prior approaches, which were closed by stale-bot. Fixes: sigstore#1905 /kind feature Signed-off-by: Matt Moore <[email protected]>
2122ce1
to
0bd02a0
Compare
This is RFAL! |
"foo": "bar" | ||
} | ||
EOF | ||
./cosign attest --key ${signing_key} --type custom --predicate "${PREDICATE_FILE}" "$img3@sha256:17b14220441083f55dfa21e1deb3720457d3c2d571219801d629b43c53b99627" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you attest something else and check that both are present, to guard against the overwriting behavior you discovered?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's already a Go test that checks exactly that (which is what caught the bug!), and I'm not sure doing it for the "unknown" case (or in bash) adds much value 😅
} | ||
// We don't actually need to access the remote entity to attach things to it | ||
// so we use a placeholder here. | ||
se := ociremote.SignedUnknown(digest) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WDYT about s/Unknown/Digest/
everywhere? Unknown doesn't feel quite right to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I worry that Digest isn't clear enough, since it is effectively what SignedEntity
is (especially after my PR to add Digest
to oci.SignedEntity
).
That said, I don't feel particularly strongly about the naming here :bikeshed:
@@ -179,7 +179,9 @@ func SignCmd(ro *options.RootOptions, ko options.KeyOpts, signOpts options.SignO | |||
|
|||
if digest, ok := ref.(name.Digest); ok && !signOpts.Recursive { | |||
se, err := ociremote.SignedEntity(ref, opts...) | |||
if err != nil { | |||
if err == ociremote.ErrEntityNotFound { | |||
se = ociremote.SignedUnknown(digest) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure we always want to do this on 404?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think yes, but do you have an alternative in mind?
Co-authored-by: Jon Johnson <[email protected]> Signed-off-by: Matt Moore <[email protected]>
Ping. I think this looks good (I have no power to approve), and I'm not sure any of the remaining comments are blocking. I don't want to lose momentum on this long-standing feature request. 🤞 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This lgtm
Will wait for @jonjohnsonjr because made some comments here
This is not great because OCI referrers stuff expects a whole descriptor (digest+size+mediaType). It would be better if this took a Descriptor, assuming we want to adopt the OCI referrers stuff down the road. |
Good point. However, in that case, I think we can just set the
We can either establish this convention and use it, or try to specify this better in OCI image-spec. Supporting this case has been a goal of OCI referrers, and if implementers like cosign don't know how to achieve it then OCI should help them. Or if they want to solve it with this convention, that works too, we just need registries not to validate that the size+mediaType matches reality. |
Digests need to be fully self-describing, the absence of this property was (as you know) a CVE. |
Sure, but it's nice to know the size prior to decoding the payload, which you can do once you have an entrypoint into the dag. If you want to go against the grain, that's fine, but I'd file an issue with OCI. |
|
I'll go ahead and merge since it seems like next steps are to file an issue with OCI (sorry if I'm reading this thread wrong!). |
🎁 This feature allows
cosign
to sign a digest that doesn't exist yet, to support scenarios such as signing an image prior to pushing it.This adapts the ideas from the two prior approaches, which were closed by stale-bot.
Fixes: #1905
/kind feature
Release Note
cosign
can now be used to sign digests before the image has been pushed to a registry (this only supports shallow signing of digests, so tag-based signing and recursive signing are not supported because both need the image structure available)Documentation