-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for new bundle specification for attesting/verifying OCI image attestations #3889
base: main
Are you sure you want to change the base?
Add support for new bundle specification for attesting/verifying OCI image attestations #3889
Conversation
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
4af8cc0
to
e509ec5
Compare
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3889 +/- ##
==========================================
- Coverage 40.10% 35.81% -4.29%
==========================================
Files 155 210 +55
Lines 10044 13666 +3622
==========================================
+ Hits 4028 4895 +867
- Misses 5530 8142 +2612
- Partials 486 629 +143 ☔ View full report in Codecov by Sentry. |
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
This reverts commit 67d421a. Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
af5093d
to
524f558
Compare
…cheme natively Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
cosign verify-attestation
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
// Wrap TrustedMaterial | ||
vTrustedMaterial := &verifyTrustedMaterial{TrustedMaterial: co.TrustedMaterial} | ||
|
||
// If TrustedMaterial is not set, fetch it from TUF (TODO: should this even be done? Old verifier requires co.RootCerts to be set) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If they haven't set --trusted-root
then they could be using other flags or relying on the TUF v1 setup which might be pointed to something other than the public good instance. I understand that this is only meant to be called when --new-bundle-format
is set but I'm worried that this would be surprising behavior if the PGI trusted root is used while the cached TUF metadata is pointed somewhere else.
} | ||
|
||
for _, verified := range bundlesVerified { | ||
atLeastOneBundleVerified = atLeastOneBundleVerified || verified |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you clarify why it's okay for only one bundle to be verified?
@@ -25,7 +25,9 @@ import ( | |||
func Referrers(d name.Digest, artifactType string, opts ...Option) (*v1.IndexManifest, error) { | |||
o := makeOptions(name.Repository{}, opts...) | |||
rOpt := o.ROpt | |||
rOpt = append(rOpt, remote.WithFilter("artifactType", artifactType)) | |||
if artifactType != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there not a more specific artifact type we can filter by when getting attestations?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The artifactType
for bundles is something like application/vnd.dev.sigstore.bundle.v0.3+json
. Since the version number is baked into the type, we can't use the filter feature here. Therefore, getBundles
uses an empty string as the artifactType in the call to Referrers.
@@ -361,7 +377,7 @@ func attestVerify(t *testing.T, predicateType, attestation, goodCue, badCue stri | |||
} | |||
|
|||
// Now attest the image | |||
ko := options.KeyOpts{KeyRef: privKeyPath, PassFunc: passFunc} | |||
ko := options.KeyOpts{KeyRef: privKeyPath, PassFunc: passFunc, NewBundleFormat: newBundleFormat} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe out of scope for this PR but a note for the future, this is setting NewBundleFormat
without setting TrustedRootPath
, which means the TrustedMaterial
will default to using PGI. We're trying to avoid making external network calls to live services. The only reason that isn't a problem here is because this test is using a local key pair and is not uploading to Rekor, so it doesn't matter what verification material is used. But a useful test in the future might be to have this use ephemeral keys from Fulcio (localhost:5555) and upload the entry to Rekor (localhost:3000) so that the full verification path with a locally generated trust root could be tested.
@@ -156,13 +163,113 @@ type CheckOpts struct { | |||
// IgnoreTlog skip tlog verification | |||
IgnoreTlog bool | |||
|
|||
// UseSignedTimestamps use signed timestamps if available | |||
UseSignedTimestamps bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this potentially something that could be split out into its own PR, so that each PR has a clear singular focus?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good idea for something we can split out... I think this is needed because the existing timestamp verification in cosign doesn't work with TUF/PGI, and is only enforced if you provide a timestamp cert chain to the verification subcommands.
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Signed-off-by: Cody Soyland <[email protected]>
Co-authored-by: Colleen Murphy <[email protected]> Signed-off-by: Cody Soyland <[email protected]>
) | ||
|
||
// VerifyNewBundle verifies a SigstoreBundle with the given parameters | ||
func VerifyNewBundle(_ context.Context, co *CheckOpts, artifactPolicyOption verify.ArtifactPolicyOption, bundle verify.SignedEntity) (*verify.VerificationResult, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider splitting this into separate PR and refactoring existing verifyNewBundle
.
Summary
This PR adds support for the new Cosign Bundle Specification in
cosign attest
andcosign verify-attestation
.Related: #3139
To test, run the following (replacing
MY_IDENTITY
,MY_ISSUER
,MY_TRUSTED_ROOT
andMY_IMAGE
as needed -- trusted root is optional). Note that the new OCI support requires passing--new-bundle-format
into both commands.Full example (using
crane
, but can instead usedocker tag
/docker push
):To show that it uses the OCI 1.1 referrers API, you can use
oras
:Release Note
Documentation