Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement cryptographic validation of all payload and metadata in a zarf package #23

Closed
RothAndrew opened this issue Sep 7, 2021 · 3 comments · Fixed by #1467
Closed

Implement cryptographic validation of all payload and metadata in a zarf package #23

RothAndrew opened this issue Sep 7, 2021 · 3 comments · Fixed by #1467
Labels
enhancement ✨ New feature or request packager sbom Software Bill of Materials

Comments

@RothAndrew
Copy link
Contributor

Implement hashing/signing for all elements of the package to ensure authenticity and integrity of the artifacts.

Migrated from https://repo1.dso.mil/platform-one/big-bang/apps/product-tools/zarf/-/issues/36
@jeff-mccoy jeff-mccoy added the sbom Software Bill of Materials label Sep 16, 2021
@RothAndrew RothAndrew mentioned this issue Oct 1, 2021
Closed
@RothAndrew RothAndrew added this to the sbom milestone Feb 4, 2022
jeff-mccoy added a commit that referenced this issue Feb 8, 2022
@jeff-mccoy
change ZarfFile Url param to Source for remote/local. Closes #23
28c4a5b 
Signed-off-by: Jeff McCoy <code@jeffm.us>
@jeff-mccoy jeff-mccoy added enhancement ✨ New feature or request packager labels Feb 25, 2022
@jeff-mccoy jeff-mccoy modified the milestones: sbom, Zarf GA Mar 7, 2022
@jeff-mccoy jeff-mccoy removed this from the Zarf GA milestone Jun 29, 2022
@Racer159 Racer159 self-assigned this Sep 9, 2022
@JasonvanBrackel
Copy link
Contributor

JasonvanBrackel commented Sep 15, 2022
edited
Loading

@Racer159 Are you actively working on this? If so could you please move it to doing now on the project board? I may get rid of it if we don't fine value in it long term, but I like the visual nature of it.

@JasonvanBrackel
Copy link
Contributor

JasonvanBrackel commented Sep 15, 2022
edited
Loading

#32 May be related / be a subtask of this.

@JasonvanBrackel JasonvanBrackel mentioned this issue Sep 15, 2022
Closed
@Racer159 Racer159 removed their assignment Sep 19, 2022
@Racer159
Copy link
Contributor

Dropped myself as an assignee, this is still a backlog task, I just added myself to not forget about it at the time

Noxsios pushed a commit that referenced this issue Mar 8, 2023
@jeff-mccoy
change ZarfFile Url param to Source for remote/local. Closes #23
15578dc 
Signed-off-by: Jeff McCoy <code@jeffm.us>
@Racer159 Racer159 mentioned this issue Mar 27, 2023
Merged
Racer159 added a commit that referenced this issue Mar 31, 2023
@YrrepNoj @Noxsios @Racer159
Feature: Validate package contents and verify package signatures (#1467)
9846cf4 
Fixes: #23

---------

Signed-off-by: Jon Perry <yrrepnoj@gmail.com>
Co-authored-by: razzle <harry@razzle.cloud>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement ✨ New feature or request packager sbom Software Bill of Materials
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature: Validate package contents and verify package signatures zarf-dev/zarf
4 participants
@jeff-mccoy @JasonvanBrackel @Racer159 @RothAndrew