Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Sign all images in manifest #148

Merged
merged 2 commits into from
Mar 29, 2024

Conversation

prydom
Copy link
Contributor

@prydom prydom commented Mar 29, 2024

Resolves #147

cosign sign only signs the provided digest by default. If that digest is a manifest which is currently the default for images built with Docker due to https://docs.docker.com/build/attestations/attestation-storage/, we also want to sign each image with --recursive so that they can be pulled by any container managers which enforce that (e.g. podman).

Refer to https://github.com/sigstore/cosign/blob/main/doc/cosign_sign.md for more details.

Resolves blue-build#147
`cosign sign` only signs the provided digest by
default. If that digest is a manifest, we also want to sign each image
so that they can be pulled by any container managers which enforce that
(e.g. podman).
@prydom prydom requested a review from gmpinder as a code owner March 29, 2024 23:05
@gmpinder
Copy link
Member

There's an existing problem with the docker workflow that will fail for fork PRs. I'll check on the results later after it's merged

@gmpinder gmpinder merged commit 1074a54 into blue-build:main Mar 29, 2024
2 of 3 checks passed
@gmpinder
Copy link
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

fix: cosign sign is not recursive leading to podman being unable to pull the image
2 participants