feat: add support attaching a Rekor bundle to a container #3246
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Codecov Report
@@ Coverage Diff @@
## main #3246 +/- ##
==========================================
+ Coverage 30.35% 30.93% +0.58%
==========================================
Files 155 155
Lines 9845 9931 +86
==========================================
+ Hits 2988 3072 +84
+ Misses 6410 6406 -4
- Partials 447 453 +6
|
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
haydentherapper
requested changes
Sep 18, 2023
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
haydentherapper
requested changes
Oct 17, 2023
cmd/cosign/cli/attach/sig.go
Outdated
| @@ -95,9 +97,24 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, | |||
| return err | |||
| } | |||
| } | |||
| bundle := bundle.TimestampToRFC3161Timestamp(timeStampedSig) | |||
| TSBundle := bundle.TimestampToRFC3161Timestamp(timeStampedSig) | |||
There was a problem hiding this comment.
lowercase variable, so tsBundle
cmd/cosign/cli/options/attach.go
Outdated
| @@ -57,6 +58,8 @@ func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command) { | |||
| "signing certificate and end with the root certificate. Included in the OCI Signature") | |||
| cmd.Flags().StringVar(&o.TimeStampedSig, "tsr", "", | |||
| "path to the Time Stamped Signature Response from RFC3161 compliant TSA") | |||
| cmd.Flags().StringVar(&o.RekorBundle, "rekor", "", | |||
There was a problem hiding this comment.
Can we name the flag rekor-response? This helps us to distinguish from the upcoming "sigstore bundle" format we plan to integrate.
There was a problem hiding this comment.
Hi, what is the sigstore bundle 👀
There was a problem hiding this comment.
https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto - sigstore-go and other newer clients use this rather than have separate outputs for cert, sig, rekor, etc
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
|
@haydentherapper Added the changes |
haydentherapper
approved these changes
Oct 17, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closes: #2904
cosign attachsupports attaching signatures, but not Rekor bundles. This PR adds support attaching a Rekor bundle to a containerRelease Note
added support attaching a Rekor bundle to a container
Documentation