Does cosign supports signing of local images ? #596
Comments
shimish2
changed the title
|
Hey! Unfortunately we don't support this today, you can see some of the discussion over at #60. There are a lot of caveats involved in the way digests get calculated with a local docker daemon - the digest might not even exist. What's the overall flow you're trying to achieve? There might be other ways to do it. |
|
It's a normal flow as same as remote image, able to sign & verify locally and by local I mean local oci images. |
|
As @dlorenc said, the thing being signed (the image manifest) doesn't get created until an image is pushed to a repo and doesn't generally get persisted on image pulls. It's not clear how the UX for signing or verifying local images would work |
|
I'm thinking through a similar workflow. The build pipeline may be performed in a disconnected environment without access to a registry or the general internet. The output of the container image build could be an OCI Layout tar file that includes an index.json that has the descriptor of the image that would be pushed to the registry. If there's a way to sign a digest without pushing the result, just generating another OCI Layout tar that contains a signature, that would be the ideal scenario, but I'd settle for a signature. Then at the end of the build when the image and signature have been generated, they can be uploaded to a registry. @dlorenc would it be enough to accept an image reference with a digest (vs a tag) without querying a registry to lookup that digest? I think some logic would need to be moved around for the recursive handling of an Index, but seems like it should be feasible. |
+1, yeah I don't see any issues there. |
|
I tried using #903 but it doesn't work for me. Even though the digest is correct, cosign will try to reach the registry where the image is stored. The use case here is zero-trust in the registry. Currently I have to have some trust in the registry that it doesn't mingle with my content after I pushed it but before I signed it. |
|
If you have the digest, and you're signing that, then you have zero trust in the registry. The registry can't change the content without changing the digest. |
|
@sudo-bmitch Agreed, but I couldn't get |
|
@dmesser best guess is something changed to sign the entire descriptor and a digest isn't enough. The fix for that would be using an OCI Layout. But the underlying problem you wanted to solve shouldn't be an issue. |
|
Is using an OCI layout referring to an on-disk representation where I can direct |
|
It's referring to the on-disk format. There's still a lot to develop for this (not just in cosign), and you'd need a separate step to copy the signed image to a registry later. I was talking about this at Open Source Summit this year showing a lot of the gaps left to be resolved, and why we should want to solve them. |
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 5 days with no activity. |
Question
Does cosign supports signing of local images ?
I am trying to sign a local image but getting this error
The text was updated successfully, but these errors were encountered: