Skip to content

feat: update inspect command with timestamping #998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
11 commits merged into from Jul 30, 2024
Merged

feat: update inspect command with timestamping #998

11 commits merged into from Jul 30, 2024

Conversation

@ghost
Copy link

@ghost ghost commented Jul 26, 2024
edited by ghost
Loading

This PR updates notation inspect command with timestamping. Resolves #997
Example results:

notation inspect $IMAGE

Inspecting all signatures for signed artifact
myRegistry/myRepo@sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda
└── application/vnd.cncf.notary.signature
    └── sha256:20171244b2291f7e854e595a20842faa581d82ebcd85266543390d5ca4b73551
        ├── media type: application/cose
        ├── signature algorithm: RSASSA-PSS-SHA-256
        ├── signed attributes
        │   ├── signingScheme: notary.x509
        │   └── signingTime: Fri Jul 26 14:50:29 2024
        ├── user defined attributes
        │   └── (empty)
        ├── unsigned attributes
        │   ├── timestamp signature
        │   │   ├── timestamp: [Fri Jul 26 06:50:37 2024, Fri Jul 26 06:50:37 2024]
        │   │   └── certificates
        │   │       ├── SHA256 fingerprint: d2f6e46ded7422ccd1d440576841366f828ada559aae3316af4d1a9ad40c7828
        │   │       │   ├── issued to: CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US
        │   │       │   ├── issued by: CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US
        │   │       │   └── expiry: Fri Oct 13 23:59:59 2034
        │   │       ├── SHA256 fingerprint: 281734d4592d1291d27190709cb510b07e22c405d5e0d6119b70e73589f98acf
        │   │       │   ├── issued to: CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US
        │   │       │   ├── issued by: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
        │   │       │   └── expiry: Sun Mar 22 23:59:59 2037
        │   │       └── SHA256 fingerprint: 33846b545a49c9be4903c60e01713c1bd4e4ef31ea65cd95d69e62794f30b941
        │   │           ├── issued to: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
        │   │           ├── issued by: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
        │   │           └── expiry: Sun Nov  9 23:59:59 2031
        │   └── signingAgent: Notation/1.0.0 azure-kv/1.2.0
......

Example of JSON output:

notation inspect $IMAGE -o json

{
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "Signatures": [
        {
            "mediaType": "application/cose",
            "digest": "sha256:20171244b2291f7e854e595a20842faa581d82ebcd85266543390d5ca4b73551",
            "signatureAlgorithm": "RSASSA-PSS-SHA-256",
            "signedAttributes": {
                "signingScheme": "notary.x509",
                "signingTime": "2024-07-26T14:50:29+08:00"
            },
            "userDefinedAttributes": null,
            "unsignedAttributes": {
                "signingAgent": "Notation/1.0.0 azure-kv/1.2.0",
                "timestampSignature": {
                    "timestamp": "[2024-07-26T06:50:37Z, 2024-07-26T06:50:37Z]",
                    "certificates": [
                        {
                            "SHA256Fingerprint": "d2f6e46ded7422ccd1d440576841366f828ada559aae3316af4d1a9ad40c7828",
                            "issuedTo": "CN=DigiCert Timestamp 2023,O=DigiCert\\, Inc.,C=US",
                            "issuedBy": "CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\\, Inc.,C=US",
                            "expiry": "2034-10-13T23:59:59Z"
                        },
                        {
                            "SHA256Fingerprint": "281734d4592d1291d27190709cb510b07e22c405d5e0d6119b70e73589f98acf",
                            "issuedTo": "CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\\, Inc.,C=US",
                            "issuedBy": "CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US",
                            "expiry": "2037-03-22T23:59:59Z"
                        },
                        {
                            "SHA256Fingerprint": "33846b545a49c9be4903c60e01713c1bd4e4ef31ea65cd95d69e62794f30b941",
                            "issuedTo": "CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US",
                            "issuedBy": "CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US",
                            "expiry": "2031-11-09T23:59:59Z"
                        }
                    ]
                }
            },
......

Example when failed to parse timestamp countersignature:

{
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "Signatures": [
        {
            "mediaType": "application/cose",
            "digest": "sha256:85f04ea6891da367b825866c53b27999e6cdf3bae8b2fe33eb1433d938c0f3e1",
            "signatureAlgorithm": "RSASSA-PSS-SHA-256",
            "signedAttributes": {
                "signingScheme": "notary.x509",
                "signingTime": "2024-07-29T10:40:55+08:00"
            },
            "userDefinedAttributes": null,
            "unsignedAttributes": {
                "signingAgent": "Notation/1.0.0 azure-kv/1.0.1",
                "timestampSignature": {
                    "error": "failed to parse timestamp countersignature"
                }
            },
......

Patrick Zheng added 2 commits July 26, 2024 15:10
updated timestamp countersignature under inspect
2e06733 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
fixed E2E test
e619835 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
fixed E2E test
387cd5b 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
@codecov
Copy link

codecov bot commented Jul 26, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 77.55102% with 11 lines in your changes missing coverage. Please review.

Project coverage is 71.92%. Comparing base (9c15eec) to head (7375966).

Files Patch % Lines
cmd/notation/inspect.go 77.55% 8 Missing and 3 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #998      +/-   ##
==========================================
+ Coverage   71.88%   71.92%   +0.03%     
==========================================
  Files          46       46              
  Lines        2230     2265      +35     
==========================================
+ Hits         1603     1629      +26     
- Misses        431      438       +7     
- Partials      196      198       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

update
feba5b1 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT reviewed Jul 26, 2024
View reviewed changes
JeyJeyGao
JeyJeyGao reviewed Jul 26, 2024
View reviewed changes
Patrick Zheng added 3 commits July 26, 2024 18:56
updated per code review
e00452f 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
add test
05f5270 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
fixed json
61ffb06 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
@ghost ghost requested review from JeyJeyGao and shizhMSFT July 29, 2024 03:25
junczhu
junczhu approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@junczhu junczhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

shizhMSFT
shizhMSFT reviewed Jul 29, 2024
View reviewed changes
updated per code review
b6d6637 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
@ghost ghost requested a review from shizhMSFT July 29, 2024 08:21
updated per code review
d91177f 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
shizhMSFT
shizhMSFT previously approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

priteshbandi
priteshbandi reviewed Jul 29, 2024
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with couple of nits

updated per code review
a67038e 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
updated per code review
7375966 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
@ghost ghost requested review from priteshbandi and shizhMSFT July 30, 2024 00:38
priteshbandi
priteshbandi approved these changes Jul 30, 2024
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

shizhMSFT
shizhMSFT approved these changes Jul 30, 2024
View reviewed changes
Copy link
Contributor

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ghost ghost merged commit dc9ad63 into notaryproject:main Jul 30, 2024
@ghost ghost deleted the inspect branch July 30, 2024 02:04
@ghost ghost mentioned this pull request Aug 20, 2024
Merged
7 tasks
7h3-3mp7y-m4n pushed a commit to 7h3-3mp7y-m4n/notation that referenced this pull request Mar 29, 2025
@7h3-3mp7y-m4n
feat: update inspect command with timestamping (notaryproject#998)
765bf13 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
FeynmanZhou pushed a commit to FeynmanZhou/notation that referenced this pull request May 15, 2025
@FeynmanZhou
feat: update inspect command with timestamping (notaryproject#998)
4b97d2b 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

@vaninrao10 vaninrao10 Awaiting requested review from vaninrao10 vaninrao10 is a code owner

@yizha1 yizha1 Awaiting requested review from yizha1 yizha1 is a code owner

@JeyJeyGao JeyJeyGao Awaiting requested review from JeyJeyGao

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Notation inspect command timestamp signature support

4 participants

@priteshbandi @shizhMSFT @JeyJeyGao @junczhu