search

cnabio / signy

Go implementation for CNAB content trust verification using TUF, Notary, and in-toto
MIT License
31 stars 11 forks source link

Add verification for CNAB bundles #17

Closed radu-matei closed 5 years ago

radu-matei commented 5 years ago 
$ ./bin/signy sign --type cnab bundle.json docker.io/radumatei/cnab-signing:v1
Pushed trust data for docker.io/radumatei/cnab-signing:v1: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475
Starting to copy image cnab/helloworld:0.1.1..
Completed image cnab/helloworld:0.1.1 copy 

Generated relocation map: bundle.ImageRelocationMap{"cnab/helloworld:0.1.1":"docker.io/radumatei/cnab-signing@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}

Pushed successfully, with digest "sha256:086ef83113475d4582a7431b4b9bc98634d4f71ad1289cca45e661153fc9a46e"

$ ./bin/signy list docker.io/radumatei/cnab-signing
v1      607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

$ ./bin/signy verify --type cnab docker.io/radumatei/cnab-signing:v1
Pulled trust data for docker.io/radumatei/cnab-signing:v1 - SHA256: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Pulling bundle from registry: docker.io/radumatei/cnab-signing                                                                                         

Relocation map map[cnab/helloworld:0.1.1:radumatei/cnab-signing@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6]

SHA256 of pulled bundle: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

$ ./bin/signy sign --type cnab bundle.json docker.io/radumatei/cnab-signing-another-repo:v42

Root key found, using: 1569d4a83b43c76d65cbcf7f639bde71bc6e27b13b08819a126753c4874479a0
Pushed trust data for docker.io/radumatei/cnab-signing-another-repo:v42: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Starting to copy image cnab/helloworld:0.1.1... 
Completed image cnab/helloworld:0.1.1 copy

Generated relocation map: bundle.ImageRelocationMap{"cnab/helloworld:0.1.1":"docker.io/radumatei/cnab-signing-another-repo@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}

Pushed successfully, with digest "sha256:086ef83113475d4582a7431b4b9bc98634d4f71ad1289cca45e661153fc9a46e"

radu:signy$ ./bin/signy verify --type cnab docker.io/radumatei/cnab-signing-another-repo:v42
Pulled trust data for docker.io/radumatei/cnab-signing-another-repo:v42 - SHA256: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Pulling bundle from registry: docker.io/radumatei/cnab-signing-another-repo

Relocation map map[cnab/helloworld:0.1.1:radumatei/cnab-signing-another-repo@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6]

SHA256 of pulled bundle: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

closes #14