Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

attest-blob: add functionality for keyless signing #2515

Merged
merged 6 commits into from
Jan 4, 2023
Merged

attest-blob: add functionality for keyless signing #2515

merged 6 commits into from
Jan 4, 2023

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Dec 6, 2022
edited
Loading

Signed-off-by: Asra Ali asraa@google.com

I realized that the sign path didn't exist for keyless here, so it didn't make sense to implement #2389 before I did this one.

Summary

Release Note

  • feat: adds support for keyless signing for attestations on blob through attest-blob

Documentation

@asraa asraa force-pushed the attest-blob-keyless branch 3 times, most recently from e4a74f1 to d0e2841 Compare December 6, 2022 16:56
@codecov-commenter
Copy link

codecov-commenter commented Dec 6, 2022
edited
Loading

Codecov Report

Merging #2515 (d80e7af) into main (631a26f) will decrease coverage by 0.69%.
The diff coverage is 8.12%.

@@            Coverage Diff             @@
##             main    #2515      +/-   ##
==========================================
- Coverage   30.79%   30.09%   -0.70%     
==========================================
  Files         144      146       +2     
  Lines        8754     9113     +359     
==========================================
+ Hits         2696     2743      +47     
- Misses       5667     5961     +294     
- Partials      391      409      +18
Impacted Files Coverage Δ
cmd/cosign/cli/attest_blob.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/attest_blob.go 0.00% <0.00%> (ø)
cmd/cosign/cli/attest/attest_blob.go 29.37% <13.82%> (ø)
cmd/cosign/cli/attest/attest.go 0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@asraa asraa force-pushed the attest-blob-keyless branch 2 times, most recently from 5282bf6 to 432c8f0 Compare December 7, 2022 19:11
@asraa asraa marked this pull request as ready for review December 7, 2022 19:11
@asraa asraa requested a review from znewman01 December 7, 2022 19:11
@asraa
Copy link
Contributor Author

asraa commented Dec 7, 2022
edited
Loading

@znewman01 @priyawadhwa @haydentherapper PTAL! I added preliminary tests that are focused on key signing functionality and CLI functionality. I'll be going back to the verification piece of this too.

znewman01
znewman01 previously approved these changes Dec 9, 2022
View reviewed changes
Copy link
Contributor

@znewman01 znewman01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo nits

Feels like we could use a refactor to pull out the "output" flags into one place (both the flags and actually writing out to a file) but happy to have that happen later.

cmd/cosign/cli/attest/attest_blob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/attest/attest_blob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/attest/attest_blob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/attest/attest_blob.go Outdated Show resolved Hide resolved
cmd/cosign/cli/options/attest_blob.go Outdated Show resolved Hide resolved
@haydentherapper haydentherapper mentioned this pull request Dec 12, 2022
Closed
3 tasks
@asraa
Copy link
Contributor Author

asraa commented Dec 22, 2022

Sorry for the delay, but rebased and comments addressed.

znewman01
znewman01 previously approved these changes Dec 23, 2022
View reviewed changes
znewman01
znewman01 previously approved these changes Jan 2, 2023
View reviewed changes
cmd/cosign/cli/attest/attest_blob.go Show resolved Hide resolved
@asraa asraa requested a review from znewman01 January 3, 2023 15:14
haydentherapper
haydentherapper reviewed Jan 4, 2023
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one comment about ondisk format for the ts

@asraa
attest-blob: add support for keyless
c85b89d 
Signed-off-by: Asra Ali <asraa@google.com>

make tlog upload default true and always print cert in bundle

Signed-off-by: Asra Ali <asraa@google.com>

docgen

Signed-off-by: Asra Ali <asraa@google.com>
@asraa
address comments
66b482c 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update docs
0b0857d 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update return
bd22a84 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
update timestamp bundle path
a8434a4 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa
fix merge conflicts
d80e7af 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa merged commit 0081e1a into sigstore:main Jan 4, 2023
@github-actions github-actions bot added this to the v1.14.0 milestone Jan 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@znewman01 znewman01 Awaiting requested review from znewman01

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.14.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@asraa @codecov-commenter @znewman01 @haydentherapper