Skip to content

Add a Cosign signature format carrier#1594

Merged
mtrmac merged 1 commit intocontainers:mainfrom
mtrmac:cosign-signature-format
Jul 7, 2022
Merged

Add a Cosign signature format carrier#1594
mtrmac merged 1 commit intocontainers:mainfrom
mtrmac:cosign-signature-format

Conversation

@mtrmac
Copy link
Copy Markdown
Collaborator

@mtrmac mtrmac commented Jul 5, 2022
edited
Loading

⚠️ Warning: This is write-only code, as in I haven’t read it after myself, and it has no tests yet.

This is just a way to represent the signature, for other code to read/write it, or create/consume it.

NOTE: This, along with #1593, makes a design decision about how we are going to represent signatures as []byte in stable storage. That has long-term consequences.

Depends on unmerged #1593.

@mtrmac mtrmac force-pushed the cosign-signature-format branch from 1447883 to 2f6f7a5 Compare July 6, 2022 00:09
This was referenced Jul 6, 2022
Merged
Merged
Merged
Closed
@mtrmac mtrmac force-pushed the cosign-signature-format branch from 2f6f7a5 to 97eed15 Compare July 6, 2022 14:20
@mtrmac
Copy link
Copy Markdown
Collaborator Author

mtrmac commented Jul 6, 2022

  • Encapsulated the signature data to make sure underlying slices are not shared/modified.
  • Added unit tests for internal/signature.Cosign to make sure the blob formatting actually works.

Ready for review, apart from the previous-PR dependency.

@mtrmac mtrmac force-pushed the cosign-signature-format branch from 97eed15 to cd1d264 Compare July 6, 2022 16:07
vrothberg
vrothberg reviewed Jul 7, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, feel free to merge once the merge-rebase dance is done

@mtrmac mtrmac force-pushed the cosign-signature-format branch from cd1d264 to 61d26a4 Compare July 7, 2022 11:49
@mtrmac
Introduce signature.Cosign as a format
c8e8246 
Currently, this just allows serializing and deserializing
it as a blob.

NOTE: This makes an implementation decision about the blob format:
we use OpenPGP signatures with no marker, any new formats will
start with a zero byte and an ASCII line identifying the format of the rest.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
@mtrmac mtrmac force-pushed the cosign-signature-format branch from 61d26a4 to c8e8246 Compare July 7, 2022 12:04
@mtrmac mtrmac marked this pull request as ready for review July 7, 2022 12:04
@mtrmac mtrmac merged commit df27ae0 into containers:main Jul 7, 2022
@mtrmac mtrmac deleted the cosign-signature-format branch July 7, 2022 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mtrmac @vrothberg