diff --git a/cmd/cosign/cli/options/verify.go b/cmd/cosign/cli/options/verify.go index 80fd353234e..4fe8c0d091d 100644 --- a/cmd/cosign/cli/options/verify.go +++ b/cmd/cosign/cli/options/verify.go @@ -22,7 +22,7 @@ import ( type CommonVerifyOptions struct { Offline bool // Force offline verification TSACertChainPath string - SkipTlogVerify bool + IgnoreTlog bool } func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) { @@ -33,8 +33,8 @@ func (o *CommonVerifyOptions) AddFlags(cmd *cobra.Command) { "path to PEM-encoded certificate chain file for the RFC3161 timestamp authority. Must contain the root CA certificate. "+ "Optionally may contain intermediate CA certificates, and may contain the leaf TSA certificate if not present in the timestamp") - cmd.Flags().BoolVar(&o.SkipTlogVerify, "insecure-skip-tlog-verify", false, - "skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts "+ + cmd.Flags().BoolVar(&o.IgnoreTlog, "insecure-ignore-tlog", false, + "ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts "+ "cannot be publicly verified when not included in a log") } diff --git a/cmd/cosign/cli/verify.go b/cmd/cosign/cli/verify.go index 30b781bb265..0522d0aa4c3 100644 --- a/cmd/cosign/cli/verify.go +++ b/cmd/cosign/cli/verify.go @@ -118,14 +118,14 @@ against the transparency log.`, LocalImage: o.LocalImage, Offline: o.CommonVerifyOptions.Offline, TSACertChainPath: o.CommonVerifyOptions.TSACertChainPath, - SkipTlogVerify: o.CommonVerifyOptions.SkipTlogVerify, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, } if o.Registry.AllowInsecure { v.NameOptions = append(v.NameOptions, name.Insecure) } - if o.CommonVerifyOptions.SkipTlogVerify { + if o.CommonVerifyOptions.IgnoreTlog { fmt.Fprintln(os.Stderr, "**Warning** Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.") } @@ -210,7 +210,7 @@ against the transparency log.`, NameOptions: o.Registry.NameOptions(), Offline: o.CommonVerifyOptions.Offline, TSACertChainPath: o.CommonVerifyOptions.TSACertChainPath, - SkipTlogVerify: o.CommonVerifyOptions.SkipTlogVerify, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, } return v.Exec(cmd.Context(), args) @@ -295,7 +295,7 @@ The blob may be specified as a path to a file or - for stdin.`, IgnoreSCT: o.CertVerify.IgnoreSCT, SCTRef: o.CertVerify.SCT, Offline: o.CommonVerifyOptions.Offline, - SkipTlogVerify: o.CommonVerifyOptions.SkipTlogVerify, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, } if err := verifyBlobCmd.Exec(cmd.Context(), args[0]); err != nil { return fmt.Errorf("verifying blob %s: %w", args, err) @@ -354,7 +354,7 @@ The blob may be specified as a path to a file.`, IgnoreSCT: o.CertVerify.IgnoreSCT, SCTRef: o.CertVerify.SCT, Offline: o.CommonVerifyOptions.Offline, - SkipTlogVerify: o.CommonVerifyOptions.SkipTlogVerify, + IgnoreTlog: o.CommonVerifyOptions.IgnoreTlog, } if len(args) != 1 { return fmt.Errorf("no path to blob passed in, run `cosign verify-blob-attestation -h` for more help") diff --git a/cmd/cosign/cli/verify/verify.go b/cmd/cosign/cli/verify/verify.go index 64d8ca0d83c..47c699dabbd 100644 --- a/cmd/cosign/cli/verify/verify.go +++ b/cmd/cosign/cli/verify/verify.go @@ -75,7 +75,7 @@ type VerifyCommand struct { NameOptions []name.Option Offline bool TSACertChainPath string - SkipTlogVerify bool + IgnoreTlog bool } // Exec runs the verification command @@ -121,7 +121,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { SignatureRef: c.SignatureRef, Identities: identities, Offline: c.Offline, - SkipTlogVerify: c.SkipTlogVerify, + IgnoreTlog: c.IgnoreTlog, } if c.CheckClaims { co.ClaimVerifier = cosign.SimpleClaimVerifier @@ -152,7 +152,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) { co.TSARootCertificates = roots } - if !c.SkipTlogVerify { + if !c.IgnoreTlog { if c.RekorURL != "" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { diff --git a/cmd/cosign/cli/verify/verify_attestation.go b/cmd/cosign/cli/verify/verify_attestation.go index 7ef89f3ad54..027e2cd78af 100644 --- a/cmd/cosign/cli/verify/verify_attestation.go +++ b/cmd/cosign/cli/verify/verify_attestation.go @@ -64,7 +64,7 @@ type VerifyAttestationCommand struct { NameOptions []name.Option Offline bool TSACertChainPath string - SkipTlogVerify bool + IgnoreTlog bool } // Exec runs the verification command @@ -101,7 +101,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e IgnoreSCT: c.IgnoreSCT, Identities: identities, Offline: c.Offline, - SkipTlogVerify: c.SkipTlogVerify, + IgnoreTlog: c.IgnoreTlog, } if c.CheckClaims { co.ClaimVerifier = cosign.IntotoSubjectClaimVerifier @@ -137,7 +137,7 @@ func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (e co.TSAIntermediateCertificates = intermediates co.TSARootCertificates = roots } - if !c.SkipTlogVerify { + if !c.IgnoreTlog { if c.RekorURL != "" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { diff --git a/cmd/cosign/cli/verify/verify_blob.go b/cmd/cosign/cli/verify/verify_blob.go index b371dd45907..7dc81bc5b39 100644 --- a/cmd/cosign/cli/verify/verify_blob.go +++ b/cmd/cosign/cli/verify/verify_blob.go @@ -62,7 +62,7 @@ type VerifyBlobCmd struct { IgnoreSCT bool SCTRef string Offline bool - SkipTlogVerify bool + IgnoreTlog bool } // nolint @@ -108,7 +108,7 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error { IgnoreSCT: c.IgnoreSCT, Identities: identities, Offline: c.Offline, - SkipTlogVerify: c.SkipTlogVerify, + IgnoreTlog: c.IgnoreTlog, } if c.RFC3161TimestampPath != "" && c.KeyOpts.TSACertChainPath == "" { return fmt.Errorf("timestamp-certificate-chain is required to validate a RFC3161 timestamp") @@ -138,7 +138,7 @@ func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error { co.TSARootCertificates = roots } - if !c.SkipTlogVerify { + if !c.IgnoreTlog { if c.RekorURL != "" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { diff --git a/cmd/cosign/cli/verify/verify_blob_attestation.go b/cmd/cosign/cli/verify/verify_blob_attestation.go index 1f0f7dff6c9..38491a47bbd 100644 --- a/cmd/cosign/cli/verify/verify_blob_attestation.go +++ b/cmd/cosign/cli/verify/verify_blob_attestation.go @@ -61,10 +61,10 @@ type VerifyBlobAttestationCommand struct { CertGithubWorkflowRepository string CertGithubWorkflowRef string - IgnoreSCT bool - SCTRef string - Offline bool - SkipTlogVerify bool + IgnoreSCT bool + SCTRef string + Offline bool + IgnoreTlog bool CheckClaims bool PredicateType string @@ -106,7 +106,7 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st CertGithubWorkflowRef: c.CertGithubWorkflowRef, IgnoreSCT: c.IgnoreSCT, Offline: c.Offline, - SkipTlogVerify: c.SkipTlogVerify, + IgnoreTlog: c.IgnoreTlog, } if c.CheckClaims { co.ClaimVerifier = cosign.IntotoSubjectClaimVerifier @@ -159,7 +159,7 @@ func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath st co.TSARootCertificates = roots } - if !c.SkipTlogVerify { + if !c.IgnoreTlog { if c.RekorURL != "" { rekorClient, err := rekor.NewClient(c.RekorURL) if err != nil { diff --git a/cmd/cosign/cli/verify/verify_blob_attestation_test.go b/cmd/cosign/cli/verify/verify_blob_attestation_test.go index bb9f5a58029..c053481c074 100644 --- a/cmd/cosign/cli/verify/verify_blob_attestation_test.go +++ b/cmd/cosign/cli/verify/verify_blob_attestation_test.go @@ -104,11 +104,11 @@ func TestVerifyBlobAttestation(t *testing.T) { sigRef := writeBlobFile(t, td, string(decodedSig), "signature") cmd := VerifyBlobAttestationCommand{ - KeyOpts: options.KeyOpts{KeyRef: keyRef}, - SignaturePath: sigRef, - SkipTlogVerify: true, - CheckClaims: true, - PredicateType: test.predicateType, + KeyOpts: options.KeyOpts{KeyRef: keyRef}, + SignaturePath: sigRef, + IgnoreTlog: true, + CheckClaims: true, + PredicateType: test.predicateType, } err = cmd.Exec(ctx, test.blobPath) diff --git a/cmd/cosign/cli/verify/verify_blob_test.go b/cmd/cosign/cli/verify/verify_blob_test.go index b0eb5ed74db..6a891c15099 100644 --- a/cmd/cosign/cli/verify/verify_blob_test.go +++ b/cmd/cosign/cli/verify/verify_blob_test.go @@ -573,9 +573,9 @@ func TestVerifyBlob(t *testing.T) { CertIdentity: identity, CertOidcIssuer: issuer, }, - IgnoreSCT: true, - CertChain: chainPath, - SkipTlogVerify: tt.skipTlogVerify, + IgnoreSCT: true, + CertChain: chainPath, + IgnoreTlog: tt.skipTlogVerify, } blobPath := writeBlobFile(t, td, string(blobBytes), "blob.txt") if tt.signature != "" { diff --git a/doc/cosign_dockerfile_verify.md b/doc/cosign_dockerfile_verify.md index 222b11a31c0..4ddcc802eb7 100644 --- a/doc/cosign_dockerfile_verify.md +++ b/doc/cosign_dockerfile_verify.md @@ -72,7 +72,7 @@ cosign dockerfile verify [flags] --check-claims whether to check the claims found (default true) -h, --help help for verify --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --key string path to the public key file, KMS URI or Kubernetes Secret --local-image whether the specified image is a path to an image saved locally via 'cosign save' diff --git a/doc/cosign_manifest_verify.md b/doc/cosign_manifest_verify.md index 62e5bf33bf8..92471eb9f52 100644 --- a/doc/cosign_manifest_verify.md +++ b/doc/cosign_manifest_verify.md @@ -66,7 +66,7 @@ cosign manifest verify [flags] --check-claims whether to check the claims found (default true) -h, --help help for verify --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --key string path to the public key file, KMS URI or Kubernetes Secret --local-image whether the specified image is a path to an image saved locally via 'cosign save' diff --git a/doc/cosign_verify-attestation.md b/doc/cosign_verify-attestation.md index 9179646a819..2fe3f19efea 100644 --- a/doc/cosign_verify-attestation.md +++ b/doc/cosign_verify-attestation.md @@ -73,7 +73,7 @@ cosign verify-attestation [flags] --check-claims whether to check the claims found (default true) -h, --help help for verify-attestation --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --key string path to the public key file, KMS URI or Kubernetes Secret --local-image whether the specified image is a path to an image saved locally via 'cosign save' diff --git a/doc/cosign_verify-blob-attestation.md b/doc/cosign_verify-blob-attestation.md index fe567e89fe3..f9ba60e25dd 100644 --- a/doc/cosign_verify-blob-attestation.md +++ b/doc/cosign_verify-blob-attestation.md @@ -43,7 +43,7 @@ cosign verify-blob-attestation [flags] --check-claims whether to check the claims found (default true) -h, --help help for verify-blob-attestation --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --key string path to the public key file, KMS URI or Kubernetes Secret --offline only allow offline verification --rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_verify-blob.md b/doc/cosign_verify-blob.md index 7c5162db52c..6ef5f908b58 100644 --- a/doc/cosign_verify-blob.md +++ b/doc/cosign_verify-blob.md @@ -72,7 +72,7 @@ cosign verify-blob [flags] --certificate-oidc-issuer-regexp string A regular expression alternative to --certificate-oidc-issuer. Accepts the Go regular expression syntax described at https://golang.org/s/re2syntax. Either --certificate-oidc-issuer or --certificate-oidc-issuer-regexp must be set for keyless flows. -h, --help help for verify-blob --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --key string path to the public key file, KMS URI or Kubernetes Secret --offline only allow offline verification --rekor-url string [EXPERIMENTAL] address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_verify.md b/doc/cosign_verify.md index 6ff985f2c97..13e77b0616c 100644 --- a/doc/cosign_verify.md +++ b/doc/cosign_verify.md @@ -82,7 +82,7 @@ cosign verify [flags] --check-claims whether to check the claims found (default true) -h, --help help for verify --insecure-ignore-sct when set, verification will not check that a certificate contains an embedded SCT, a proof of inclusion in a certificate transparency log - --insecure-skip-tlog-verify skip transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log + --insecure-ignore-tlog ignore transparency log verification, to be used when an artifact signature has not been uploaded to the transparency log. Artifacts cannot be publicly verified when not included in a log --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --key string path to the public key file, KMS URI or Kubernetes Secret --local-image whether the specified image is a path to an image saved locally via 'cosign save' diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go index 58b55b2a376..4e9e43c236b 100644 --- a/pkg/cosign/verify.go +++ b/pkg/cosign/verify.go @@ -137,8 +137,8 @@ type CheckOpts struct { // TSAIntermediateCertificates are the set of intermediates for chain building TSAIntermediateCertificates []*x509.Certificate - // SkipTlogVerify skip tlog verification - SkipTlogVerify bool + // IgnoreTlog skip tlog verification + IgnoreTlog bool } // This is a substitutable signature verification function that can be used for verifying @@ -596,7 +596,7 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash, } } - if !co.SkipTlogVerify { + if !co.IgnoreTlog { bundleVerified, err = VerifyBundle(sig, co) if err != nil { return false, fmt.Errorf("error verifying bundle: %w", err) @@ -708,6 +708,10 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash, // if no timestamp has been provided, use the current time if !expirationChecked { if err := CheckExpiry(cert, time.Now()); err != nil { + // If certificate is expired and not signed timestamp was provided then error the following message. Otherwise throw an expiration error. + if co.IgnoreTlog && acceptableRFC3161Time == nil { + return false, &VerificationError{"expected a signed timestamp to verify an expired certificate"} + } return false, fmt.Errorf("checking expiry on certificate with bundle: %w", err) } } diff --git a/pkg/cosign/verify_test.go b/pkg/cosign/verify_test.go index 6e0bfa6b86c..3141516bf41 100644 --- a/pkg/cosign/verify_test.go +++ b/pkg/cosign/verify_test.go @@ -155,10 +155,10 @@ func TestVerifyImageSignature(t *testing.T) { static.WithCertChain(pemLeaf, appendSlices([][]byte{pemSub, pemRoot}))) verified, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{ - RootCerts: rootPool, - IgnoreSCT: true, - SkipTlogVerify: true, - Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}}) + RootCerts: rootPool, + IgnoreSCT: true, + IgnoreTlog: true, + Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}}) if err != nil { t.Fatalf("unexpected error while verifying signature, expected no error, got %v", err) } @@ -191,7 +191,7 @@ func TestVerifyImageSignatureMultipleSubs(t *testing.T) { base64.StdEncoding.EncodeToString(signature), static.WithCertChain(pemLeaf, appendSlices([][]byte{pemSub3, pemSub2, pemSub1, pemRoot}))) verified, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{ RootCerts: rootPool, - IgnoreSCT: true, SkipTlogVerify: true, + IgnoreSCT: true, IgnoreTlog: true, Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}}) if err != nil { t.Fatalf("unexpected error while verifying signature, expected no error, got %v", err) @@ -363,10 +363,10 @@ func TestVerifyImageSignatureWithOnlyRoot(t *testing.T) { ociSig, _ := static.NewSignature(payload, base64.StdEncoding.EncodeToString(signature), static.WithCertChain(pemLeaf, pemRoot)) verified, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{ - RootCerts: rootPool, - IgnoreSCT: true, - Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}, - SkipTlogVerify: true}) + RootCerts: rootPool, + IgnoreSCT: true, + Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}, + IgnoreTlog: true}) if err != nil { t.Fatalf("unexpected error while verifying signature, expected no error, got %v", err) } @@ -393,10 +393,10 @@ func TestVerifyImageSignatureWithMissingSub(t *testing.T) { ociSig, _ := static.NewSignature(payload, base64.StdEncoding.EncodeToString(signature), static.WithCertChain(pemLeaf, pemRoot)) verified, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{ - RootCerts: rootPool, - IgnoreSCT: true, - Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}, - SkipTlogVerify: true}) + RootCerts: rootPool, + IgnoreSCT: true, + Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}, + IgnoreTlog: true}) if err == nil { t.Fatal("expected error while verifying signature") } @@ -438,7 +438,7 @@ func TestVerifyImageSignatureWithExistingSub(t *testing.T) { IntermediateCerts: subPool, IgnoreSCT: true, Identities: []Identity{{Subject: "subject@mail.com", Issuer: "oidc-issuer"}}, - SkipTlogVerify: true}) + IgnoreTlog: true}) if err == nil { t.Fatal("expected error while verifying signature") } @@ -556,7 +556,7 @@ func TestVerifyImageSignatureWithSigVerifierAndTSA(t *testing.T) { TSACertificate: leaves[0], TSAIntermediateCertificates: intermediates, TSARootCertificates: roots, - SkipTlogVerify: true, + IgnoreTlog: true, }); err != nil || bundleVerified { // bundle is not verified since there's no Rekor bundle t.Fatalf("unexpected error while verifying signature, got %v", err) } diff --git a/test/e2e_test.go b/test/e2e_test.go index f84f76b2014..a3eb8853a65 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -85,13 +85,13 @@ var passFunc = func(_ bool) ([]byte, error) { var verify = func(keyRef, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string) error { cmd := cliverify.VerifyCommand{ - KeyRef: keyRef, - RekorURL: rekorURL, - CheckClaims: checkClaims, - Annotations: sigs.AnnotationsMap{Annotations: annotations}, - Attachment: attachment, - HashAlgorithm: crypto.SHA256, - SkipTlogVerify: true, + KeyRef: keyRef, + RekorURL: rekorURL, + CheckClaims: checkClaims, + Annotations: sigs.AnnotationsMap{Annotations: annotations}, + Attachment: attachment, + HashAlgorithm: crypto.SHA256, + IgnoreTlog: true, } args := []string{imageRef} @@ -107,7 +107,7 @@ var verifyTSA = func(keyRef, imageRef string, checkClaims bool, annotations map[ Attachment: attachment, HashAlgorithm: crypto.SHA256, TSACertChainPath: tsaCertChain, - SkipTlogVerify: skipTlogVerify, + IgnoreTlog: skipTlogVerify, } args := []string{imageRef} @@ -118,13 +118,13 @@ var verifyTSA = func(keyRef, imageRef string, checkClaims bool, annotations map[ // Used to verify local images stored on disk var verifyLocal = func(keyRef, path string, checkClaims bool, annotations map[string]interface{}, attachment string) error { cmd := cliverify.VerifyCommand{ - KeyRef: keyRef, - CheckClaims: checkClaims, - Annotations: sigs.AnnotationsMap{Annotations: annotations}, - Attachment: attachment, - HashAlgorithm: crypto.SHA256, - LocalImage: true, - SkipTlogVerify: true, + KeyRef: keyRef, + CheckClaims: checkClaims, + Annotations: sigs.AnnotationsMap{Annotations: annotations}, + Attachment: attachment, + HashAlgorithm: crypto.SHA256, + LocalImage: true, + IgnoreTlog: true, } args := []string{path} @@ -314,8 +314,8 @@ func attestVerify(t *testing.T, predicateType, attestation, goodCue, badCue stri // Verify should fail at first verifyAttestation := cliverify.VerifyAttestationCommand{ - KeyRef: pubKeyPath, - SkipTlogVerify: true, + KeyRef: pubKeyPath, + IgnoreTlog: true, } // Fail case when using without type and policy flag @@ -575,7 +575,7 @@ func TestAttestationRFC3161Timestamp(t *testing.T) { verifyAttestation := cliverify.VerifyAttestationCommand{ KeyRef: pubKeyPath, TSACertChainPath: file.Name(), - SkipTlogVerify: true, + IgnoreTlog: true, PredicateType: "slsaprovenance", } @@ -897,14 +897,14 @@ func TestSignBlob(t *testing.T) { } // Verify should fail on a bad input cmd1 := cliverify.VerifyBlobCmd{ - KeyOpts: ko1, - SigRef: "badsig", - SkipTlogVerify: true, + KeyOpts: ko1, + SigRef: "badsig", + IgnoreTlog: true, } cmd2 := cliverify.VerifyBlobCmd{ - KeyOpts: ko2, - SigRef: "badsig", - SkipTlogVerify: true, + KeyOpts: ko2, + SigRef: "badsig", + IgnoreTlog: true, } mustErr(cmd1.Exec(ctx, blob), t) mustErr(cmd2.Exec(ctx, blob), t) @@ -948,8 +948,8 @@ func TestSignBlobBundle(t *testing.T) { } // Verify should fail on a bad input verifyBlobCmd := cliverify.VerifyBlobCmd{ - KeyOpts: ko1, - SkipTlogVerify: true, + KeyOpts: ko1, + IgnoreTlog: true, } mustErr(verifyBlobCmd.Exec(ctx, bp), t) @@ -973,7 +973,7 @@ func TestSignBlobBundle(t *testing.T) { // Point to a fake rekor server to make sure offline verification of the tlog entry works os.Setenv(serverEnv, "notreal") - verifyBlobCmd.SkipTlogVerify = false + verifyBlobCmd.IgnoreTlog = false must(verifyBlobCmd.Exec(ctx, bp), t) } @@ -1029,8 +1029,8 @@ func TestSignBlobRFC3161TimestampBundle(t *testing.T) { } // Verify should fail on a bad input verifyBlobCmd := cliverify.VerifyBlobCmd{ - KeyOpts: ko1, - SkipTlogVerify: true, + KeyOpts: ko1, + IgnoreTlog: true, } mustErr(verifyBlobCmd.Exec(ctx, bp), t) @@ -1054,7 +1054,7 @@ func TestSignBlobRFC3161TimestampBundle(t *testing.T) { t.Fatal(err) } // Point to a fake rekor server to make sure offline verification of the tlog entry works - verifyBlobCmd.SkipTlogVerify = false + verifyBlobCmd.IgnoreTlog = false must(verifyBlobCmd.Exec(ctx, bp), t) } @@ -1412,8 +1412,8 @@ func TestSaveLoadAttestation(t *testing.T) { // Use cue to verify attestation on the new image policyPath := filepath.Join(td, "policy.cue") verifyAttestation := cliverify.VerifyAttestationCommand{ - KeyRef: pubKeyPath, - SkipTlogVerify: true, + KeyRef: pubKeyPath, + IgnoreTlog: true, } verifyAttestation.PredicateType = "slsaprovenance" verifyAttestation.Policies = []string{policyPath} @@ -1853,11 +1853,11 @@ func TestAttestBlobSignVerify(t *testing.T) { KeyRef: pubKeyPath1, } blobVerifyAttestationCmd := cliverify.VerifyBlobAttestationCommand{ - KeyOpts: ko, - SignaturePath: outputSignature, - PredicateType: predicateType, - SkipTlogVerify: true, - CheckClaims: true, + KeyOpts: ko, + SignaturePath: outputSignature, + PredicateType: predicateType, + IgnoreTlog: true, + CheckClaims: true, } // Verify should fail on a bad input mustErr(blobVerifyAttestationCmd.Exec(ctx, bp), t) diff --git a/test/e2e_test.ps1 b/test/e2e_test.ps1 index 2d0c91f7621..9d2973c447d 100644 --- a/test/e2e_test.ps1 +++ b/test/e2e_test.ps1 @@ -36,7 +36,7 @@ $verification_key = "cosign.pub" $test_img = "ghcr.io/distroless/static" Write-Output $pass | .\cosign.exe sign --key $signing_key --output-signature interactive.sig --tlog-upload=false $test_img -.\cosign.exe verify --key $verification_key --signature interactive.sig --insecure-skip-tlog-verify=true $test_img +.\cosign.exe verify --key $verification_key --signature interactive.sig --insecure-ignore-tlog=true $test_img Pop-Location diff --git a/test/e2e_test_secrets.sh b/test/e2e_test_secrets.sh index 010ab01df70..59ff687b565 100755 --- a/test/e2e_test_secrets.sh +++ b/test/e2e_test_secrets.sh @@ -167,7 +167,7 @@ crane delete $dgst || true cat /dev/urandom | head -n 10 | base64 > randomblob dgst=$(./cosign upload blob -f randomblob ${blobimg}) ./cosign sign --key ${signing_key} --tlog-upload=false ${dgst} -./cosign verify --key ${verification_key} --insecure-skip-tlog-verify=true ${dgst} # For sanity +./cosign verify --key ${verification_key} --insecure-ignore-tlog=true ${dgst} # For sanity # clean up a bit crane delete $blobimg || true