-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding protobuf bundle support to sign-blob and attest-blob #3752
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3752 +/- ##
==========================================
- Coverage 40.10% 37.67% -2.44%
==========================================
Files 155 201 +46
Lines 10044 12436 +2392
==========================================
+ Hits 4028 4685 +657
- Misses 5530 7175 +1645
- Partials 486 576 +90 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic!! Just a few tiny comments, also needs a rebase.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work on this!
@steiza can you rebase? Just to check, anything else here or any other testing, or is this good to merge? |
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
I think this is good to merge! |
When adding bundles support to `attest-blob`, we sent the wrong data to the timestamp authority to sign. Signed-off-by: Zach Steindler <steiza@github.com>
…les (#3877) * Fix bug in #3752 When adding bundles support to `attest-blob`, we sent the wrong data to the timestamp authority to sign. Signed-off-by: Zach Steindler <steiza@github.com> * Only change timestamp authority signature behavior for new bundles Also add TODO when we get to updating `cosign attest` Signed-off-by: Zach Steindler <steiza@github.com> * Add happy path e2e test Signed-off-by: Zach Steindler <steiza@github.com> --------- Signed-off-by: Zach Steindler <steiza@github.com>
…les (sigstore#3877) * Fix bug in sigstore#3752 When adding bundles support to `attest-blob`, we sent the wrong data to the timestamp authority to sign. Signed-off-by: Zach Steindler <steiza@github.com> * Only change timestamp authority signature behavior for new bundles Also add TODO when we get to updating `cosign attest` Signed-off-by: Zach Steindler <steiza@github.com> * Add happy path e2e test Signed-off-by: Zach Steindler <steiza@github.com> --------- Signed-off-by: Zach Steindler <steiza@github.com>
Summary
This pull requests addresses the first part of #3139: adding protobuf bundle support for
cosign sign-blob
andcosign attest-blob
.You can test this by generating the new bundles, for example signing a local file with a
cosign
provisioned key (requesting a signed timestamp to corroborate):Or using Fulcio to get a signing certificate for an attestation:
You can then verify the public good instance bundle using sigstore-go doing something like:
Release Note
NONE - we probably want to finish #3139 (especially the more comprehensive conformance testing!) before we announce this as released.
Documentation
N/A - same as above