From 5ee1a5552e0dd3714a112df7713ebe0881c300de Mon Sep 17 00:00:00 2001 From: Hayden Blauzvern Date: Thu, 12 Jan 2023 00:20:56 +0000 Subject: [PATCH] Fix missing privacy statement, print in multiple locations The statement wasn't being printed, only the confirmation, so updated that and its spacing. Additionally, I added the statement to be printed before using Fulcio in addition to Rekor. It'll only be printed once since we use sync.Once. The motivation for this is that Fulcio includes the certificate in its own CT log, so users should be prompted before. Otherwise, by the time they would say no to the Rekor prompt, the email would already be publicly logged. Updates to #2580 Signed-off-by: Hayden Blauzvern --- cmd/cosign/cli/fulcio/fulcio.go | 15 +++++++++++++ cmd/cosign/cli/sign/privacy/privacy.go | 31 ++++++++++++++++++++++++++ cmd/cosign/cli/sign/sign.go | 20 ++++------------- 3 files changed, 50 insertions(+), 16 deletions(-) create mode 100644 cmd/cosign/cli/sign/privacy/privacy.go diff --git a/cmd/cosign/cli/fulcio/fulcio.go b/cmd/cosign/cli/fulcio/fulcio.go index 2b54cf8de7d..cc72f722985 100644 --- a/cmd/cosign/cli/fulcio/fulcio.go +++ b/cmd/cosign/cli/fulcio/fulcio.go @@ -30,7 +30,9 @@ import ( "golang.org/x/term" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy" "github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio/fulcioroots" + "github.com/sigstore/cosign/v2/internal/ui" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/pkg/providers" "github.com/sigstore/fulcio/pkg/api" @@ -158,6 +160,19 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) { fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.") flow = flowDevice default: + var statementErr error + privacy.StatementOnce.Do(func() { + ui.Info(ctx, privacy.Statement) + ui.Info(ctx, privacy.StatementConfirmation) + if !ko.SkipConfirmation { + if err := ui.ConfirmContinue(ctx); err != nil { + statementErr = err + } + } + }) + if statementErr != nil { + return nil, statementErr + } flow = flowNormal } Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain. diff --git a/cmd/cosign/cli/sign/privacy/privacy.go b/cmd/cosign/cli/sign/privacy/privacy.go new file mode 100644 index 00000000000..bed7ddddb23 --- /dev/null +++ b/cmd/cosign/cli/sign/privacy/privacy.go @@ -0,0 +1,31 @@ +// Copyright 2022 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package privacy + +import "sync" + +const ( + // spacing is intentional to have this indented + Statement = ` + Note that there may be personally identifiable information associated with this signed artifact. + This may include the email address associated with the account with which you authenticate. + This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later. +` + StatementConfirmation = "By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs." +) + +var ( + StatementOnce sync.Once +) diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go index d6cefc0c826..04aea20b1da 100644 --- a/cmd/cosign/cli/sign/sign.go +++ b/cmd/cosign/cli/sign/sign.go @@ -25,7 +25,6 @@ import ( "os" "path/filepath" "strings" - "sync" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" @@ -35,6 +34,7 @@ import ( "github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio/fulcioverifier" "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" "github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor" + "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign/privacy" icos "github.com/sigstore/cosign/v2/internal/pkg/cosign" ifulcio "github.com/sigstore/cosign/v2/internal/pkg/cosign/fulcio" ipayload "github.com/sigstore/cosign/v2/internal/pkg/cosign/payload" @@ -68,25 +68,13 @@ const TagReferenceMessage string = `Image reference %s uses a tag, not a digest, images by tag will be removed in a future release. ` -const ( - // spacing is intentional to have this indented - privacyStatement = ` - Note that there may be personally identifiable information associated with this signed artifact. - This may include the email address associated with the account with which you authenticate. - This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.` - privacyStatementConfirmation = "By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs." -) - -var ( - privacyStatementOnce sync.Once -) - func ShouldUploadToTlog(ctx context.Context, ko options.KeyOpts, ref name.Reference, tlogUpload bool) (bool, error) { upload := shouldUploadToTlog(ctx, ko, ref, tlogUpload) var statementErr error if upload { - privacyStatementOnce.Do(func() { - ui.Info(ctx, privacyStatementConfirmation) + privacy.StatementOnce.Do(func() { + ui.Info(ctx, privacy.Statement) + ui.Info(ctx, privacy.StatementConfirmation) if !ko.SkipConfirmation { if err := ui.ConfirmContinue(ctx); err != nil { statementErr = err