-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"pem" file of the release aren't PEM files #2666
Comments
Hello @ctron, thanks for raising an issue; I think these files come from here as cosign use GoReleaser to sign binaries. I think at this point, as there is no manual process in here, we cannot do anything about these files, I guess, unless we edit the cosign code to make them base64 decoded, and this would be a |
I think the issue is that you actually base64 them "again". A PEM file already is base64 encoded, adding the header/footer lines. There is no need to base64 encode it twice. Still, a Renaming the file to something other than As
Just don't promise a PEM file :-) |
sorry my typo, I just wanted to say "base64 decoded", not encoded 🤦 |
Btw, I just found a switch |
So basically, we can do that "--b64" trick in the GoReleaser file. |
Agreed that the output formats are a bit of a mess right now; this is something we're aware of and trying to fix. Fixing them by default will be a breaking change unfortunately, so we're planning to do this all at once. Basically, rather than output a certificate AND a signature AND a signed timestamp AND ... we'll stick them all in one My vote would actually be to rename the Goreleaser output to Relevant: |
We decided that it would be a breaking change to rename these files, so we're trying to avoid that. Instead, just documenting a little better. No great solution here unfortunately :/ |
Taking a look at the "pem" files in the release section (like
cosign-2.0.0.rc.1.aarch64.rpm-keyless.pem
), those file aren't PEM files:But base64 encoded PEM files. From my point of view, if a
.pem
file is being distributed, it should actually be a PEM file, and not base64 encoded.The text was updated successfully, but these errors were encountered: