Open asraa opened 2 years ago
bobcallaway
commented
2 years ago depending on how this is implemented, it might be useful to include https://github.com/opencontainers/image-spec/blob/main/annotations.md if we have access to those values at time of validation of the signature
dlorenc
commented
2 years ago +1! I think we probably want to actually switch the way we sign containers from SimpleSigning over to the OCI Descriptor, but we could always support both in rekor: https://github.com/sigstore/cosign/issues/2
asraa
commented
2 years ago +1! I think we probably want to actually switch the way we sign containers from SimpleSigning over to the OCI Descriptor, but we could always support both in rekor: sigstore/cosign#2
Since are both relatively small JSON payloads, maybe we can upload the JSON payloads themselves as the artifact content (and store their digest)? That way we can extract the image references to key, and will also have annotations on them in the upload.
(What do you think you would need the annotations for at validation time? Are you imagining indexing them/storing them as additional info?)
dlorenc
commented
2 years ago Since are both relatively small JSON payloads, maybe we can upload the JSON payloads themselves as the artifact content (and store their digest)? That way we can extract the image references to key, and will also have annotations on them in the upload.
I actually can't quite remember why cosign switched to the HashedRekord type. I think you might have done the change. I'm not too opinionated either way.
dlorenc
commented
2 years ago Ah I remember now! sign-blob needed to use the HashedRekord type, but signing a container could use the other one!
asraa
commented
2 years ago Ah I remember now! sign-blob needed to use the HashedRekord type, but signing a container could use the other one!
Yep that's what I imagine! I also made some tweaks to the PR (which I will update in a few hours) because I think we may want to enable a private mode even for the container signing, so I'm allowing only specifying hash of the signed payload instead of a consistency hash. So the container type can also go "private mode".
On the other hand "private" container type == HashedRekord essentially....
Description
This would be a rekor type specifically for container signatures (https://github.com/containers/image/blob/main/docs/containers-signature.5.md). This came up because cosign upload the hash of the entire signed payload, and rekor does not understand that payload.
For container signatures (not blobs), we may want to use a specific "containerType" so that rekor users can search for the sha256 of the image signed.
c/f https://sigstore.slack.com/archives/C01DGF0G8U9/p1642619114104300