Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ocirepo: add cosign support for insecure HTTP registries #1176

Merged
merged 2 commits into from
Jul 31, 2023
Merged

ocirepo: add cosign support for insecure HTTP registries #1176

merged 2 commits into from
Jul 31, 2023

Conversation

aryan9600
Copy link
Member

Add support for verifying OCI repositories hosted on an HTTP registry (.spec.insecure: true) using Cosign.
Refactor OCI test utils to be more user friendly and enable accurate testing of HTTPS and HTTP OCI registries by circumnavigating Docker's automatic connection downgrade for registries hosted on localhost.

Fixes: #918

stefanprodan
stefanprodan approved these changes Jul 29, 2023
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @aryan9600

@stefanprodan stefanprodan added the area/oci OCI related issues and pull requests label Jul 31, 2023
@aryan9600
ocirepo: add cosign support for insecure http registries
71f1080 
Add support for verifying insecure HTTP OCI repositories with cosign. If
`.spec.insecure` set to true, then cosign uses plain HTTP connections to
communicate with the registry.

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
@aryan9600
oci: add tests for insecure cosign support; refactor test utils
fce7c10 
Add tests to test Cosign support for insecure registries. Furthermore,
refactor OCI test utils to be more user friendly and enable accurate
testing of HTTPS and HTTP OCI registries by circumnavigating Docker's
automatic connection downgrade for registries hosted on localhost.

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
@aryan9600 aryan9600 merged commit 66b93aa into main Jul 31, 2023
10 checks passed
@aryan9600 aryan9600 deleted the cosign-insecure branch July 31, 2023 09:04
@stefanprodan stefanprodan mentioned this pull request Aug 2, 2023
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
area/oci OCI related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for Insecure in cosign verifier
3 participants
@aryan9600 @stefanprodan @hiddeco