-
**バグの説明**
以下のエラーでイメージのプッシュができない。
```
Run echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
Generating ephemeral keys...
Retrieving signed certificate...
Error: signing [ghcr.io/kyn…
-
Hi,
I am trying to use this action in one of my self-hosted [ARC](https://github.com/actions/actions-runner-controller) runners, but I get this error:
`Error: Failed to get ID token: error in sec…
-
It looks like `d.txt.good.sigstore`'s leaf certificate has an extension for `1.3.6.1.4.1.57264.1.8` (i.e. OIDC Issuer V2) but not `1.3.6.1.4.1.57264.1.1` (i.e. the original OIDC Issuer extension).
…
-
When running `kwctl verify` as follows, mirroring a failure shown on integration tests in CI, I get:
```
2024-03-20T10:36:23.248610Z WARN kwctl: Cannot fetch TUF repository: TufError(ParseMetadata …
-
**Description**
I am trying to write some go code to run rootless buildah. I was trying to make it work by myself, but it wasn't successful. I read the docs and also did some fmt.Println in sourc…
-
Currently, we could only have one securesign stack deployed per cluster because of the way the routes are defined. For example
```
kubectl get routes -n securesign
NAME HOST/PORT…
-
sigstore-python's internal key management is currently a bit of a mess. The following parties are at play:
1. TUF/the trust root/bundle: this is the ultimate source of all of our "a priori" key mat…
-
Current TrustUpdater implementation (the tuf component in sigstore-python) always returns keys/certs that have status "Active". Verification should also use status "Expired". I'm not 100% sure if this…
-
**Description**
I have been following [this blog](https://blog.sigstore.dev/sigstore-bring-your-own-stuf-with-tuf-40febfd2badd/) to run a sigstore setup including Rekor, Fulcio, and TUF locally. Ev…
-
We started discussing what code review attestations should look like, and @iamwillbar suggested checking if we could define a generalized predicate for reviews. We could then derive code review and ot…