Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cosign verification for pluto v5.16.1 fails #475

Closed
2 tasks done
ErickStaal opened this issue Apr 15, 2023 · 2 comments · Fixed by #484
Closed
2 tasks done

Cosign verification for pluto v5.16.1 fails #475

ErickStaal opened this issue Apr 15, 2023 · 2 comments · Fixed by #484
Assignees
@sudermanjr
Labels
bug Something isn't working

Comments

@ErickStaal
Copy link

What happened?

When executing command:

cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub

as provided in the release notes for pluto 5.16.1

The following error appears:

Error: signature not found in transparency log

What did you expect to happen?

Signature verified OK.

How can we reproduce this?

perform the above command.

Version

cosign v2.0.1

Search

  • I did search for other open and closed issues before opening this.

Code of Conduct

  • I agree to follow this project's Code of Conduct

Additional context

No response
@ErickStaal ErickStaal added bug Something isn't working triage This bug needs triage labels Apr 15, 2023
@sudermanjr
Copy link
Member

sudermanjr commented May 15, 2023
edited
Loading

EDIT: This is actually related to cosign adding the transparency log check by default. I need to look into how we should handle this. I believe using --insecure-ignore-tlog when verifying should work.

@sudermanjr sudermanjr removed the triage This bug needs triage label May 15, 2023
@sudermanjr sudermanjr self-assigned this May 15, 2023
@sudermanjr
Copy link
Member

Looking at this issue it seems that they will be naming this flag differently in the future to be less scary. We will not be implementing the transparency log at this time, as it is marked experimental (and I'm not even certain we could do it with how we manage the signing keys)

@sudermanjr sudermanjr mentioned this issue May 15, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sudermanjr sudermanjr

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a cosign 2.x command that works to validate the checksums FairwindsOps/pluto
2 participants
@ErickStaal @sudermanjr