Feature: Allow cosign to sign digests before they are uploaded. #2959
Conversation
mattmoor
force-pushed
the
sign-without-accessing
branch
from
8059c2f
to
cd988ee
Compare
Codecov Report
@@ Coverage Diff @@
## main #2959 +/- ##
==========================================
+ Coverage 30.26% 30.81% +0.54%
==========================================
Files 151 152 +1
Lines 9469 9552 +83
==========================================
+ Hits 2866 2943 +77
- Misses 6158 6163 +5
- Partials 445 446 +1
|
mattmoor
force-pushed
the
sign-without-accessing
branch
from
cd988ee
to
d6d95ed
Compare
|
I changed it to a hardcoded digest since the |
|
I'm going to fix |
mattmoor
force-pushed
the
sign-without-accessing
branch
from
d6d95ed
to
885c5a7
Compare
|
Ok, so the CI failure is a legit failure, and I'm glad it caught this because there's a subtle bug with this approach! Essentially the I think this will require some changes more integrated into |
mattmoor
force-pushed
the
sign-without-accessing
branch
from
885c5a7
to
8a77fc8
Compare
|
Ok, this no longer uses It felt wrong to automatically do this in |
|
Blah, it still needs some work to pass tests. |
mattmoor
force-pushed
the
sign-without-accessing
branch
from
8a77fc8
to
2122ce1
Compare
馃巵 This feature allows `cosign` to sign and attest a digest that doesn't exist yet, to support scenarios such as signing an image prior to pushing it. This adapts the ideas from the two prior approaches, which were closed by stale-bot. Fixes: sigstore#1905 /kind feature Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
mattmoor
force-pushed
the
sign-without-accessing
branch
from
2122ce1
to
0bd02a0
Compare
|
This is RFAL! |
| "foo": "bar" | ||
| } | ||
| EOF | ||
| ./cosign attest --key ${signing_key} --type custom --predicate "${PREDICATE_FILE}" "$img3@sha256:17b14220441083f55dfa21e1deb3720457d3c2d571219801d629b43c53b99627" |
There was a problem hiding this comment.
Can you attest something else and check that both are present, to guard against the overwriting behavior you discovered?
There was a problem hiding this comment.
There's already a Go test that checks exactly that (which is what caught the bug!), and I'm not sure doing it for the "unknown" case (or in bash) adds much value 馃槄
| } | ||
| // We don't actually need to access the remote entity to attach things to it | ||
| // so we use a placeholder here. | ||
| se := ociremote.SignedUnknown(digest) |
There was a problem hiding this comment.
WDYT about s/Unknown/Digest/ everywhere? Unknown doesn't feel quite right to me.
There was a problem hiding this comment.
I worry that Digest isn't clear enough, since it is effectively what SignedEntity is (especially after my PR to add Digest to oci.SignedEntity).
That said, I don't feel particularly strongly about the naming here :bikeshed:
| @@ -179,7 +179,9 @@ func SignCmd(ro *options.RootOptions, ko options.KeyOpts, signOpts options.SignO | |||
|
|
|||
| if digest, ok := ref.(name.Digest); ok && !signOpts.Recursive { | |||
| se, err := ociremote.SignedEntity(ref, opts...) | |||
| if err != nil { | |||
| if err == ociremote.ErrEntityNotFound { | |||
| se = ociremote.SignedUnknown(digest) | |||
There was a problem hiding this comment.
Are you sure we always want to do this on 404?
There was a problem hiding this comment.
I think yes, but do you have an alternative in mind?
Co-authored-by: Jon Johnson <jonjohnsonjr@gmail.com> Signed-off-by: Matt Moore <mattomata@gmail.com>
|
Ping. I think this looks good (I have no power to approve), and I'm not sure any of the remaining comments are blocking. I don't want to lose momentum on this long-standing feature request. 馃 |
There was a problem hiding this comment.
This lgtm
Will wait for @jonjohnsonjr because made some comments here
|
This is not great because OCI referrers stuff expects a whole descriptor (digest+size+mediaType). It would be better if this took a Descriptor, assuming we want to adopt the OCI referrers stuff down the road. |
Good point. However, in that case, I think we can just set the We can either establish this convention and use it, or try to specify this better in OCI image-spec. Supporting this case has been a goal of OCI referrers, and if implementers like cosign don't know how to achieve it then OCI should help them. Or if they want to solve it with this convention, that works too, we just need registries not to validate that the size+mediaType matches reality. |
Digests need to be fully self-describing, the absence of this property was (as you know) a CVE. |
Sure, but it's nice to know the size prior to decoding the payload, which you can do once you have an entrypoint into the dag. If you want to go against the grain, that's fine, but I'd file an issue with OCI. |
|
|
I'll go ahead and merge since it seems like next steps are to file an issue with OCI (sorry if I'm reading this thread wrong!). |
馃巵 This feature allows
cosignto sign a digest that doesn't exist yet, to support scenarios such as signing an image prior to pushing it.This adapts the ideas from the two prior approaches, which were closed by stale-bot.
Fixes: #1905
/kind feature
Release Note
cosigncan now be used to sign digests before the image has been pushed to a registry (this only supports shallow signing of digests, so tag-based signing and recursive signing are not supported because both need the image structure available)Documentation