Enable fetching signatures without remote get. (#4047)

Signed-off-by: Daniel Haus <dhaus@redhat.com> Signed-off-by: Tomasz Janiszewski <tomek@redhat.com> Co-authored-by: Daniel Haus <dhaus@redhat.com>
sigstore · Feb 19, 2025 · d6aeeb2 · d6aeeb2
1 parent 26d0ee5
commit d6aeeb2
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/pkg/cosign/fetch.go b/pkg/cosign/fetch.go
@@ -74,8 +74,15 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 	if err != nil {
 		return nil, err
 	}
+	sigs, err := FetchSignatures(simg)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", ref, err)
+	}
+	return sigs, nil
+}
 
-	sigs, err := simg.Signatures()
+func FetchSignatures(se oci.SignedEntity) ([]SignedPayload, error) {
+	sigs, err := se.Signatures()
 	if err != nil {
 		return nil, fmt.Errorf("remote image: %w", err)
 	}
@@ -84,7 +91,7 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 		return nil, fmt.Errorf("fetching signatures: %w", err)
 	}
 	if len(l) == 0 {
-		return nil, fmt.Errorf("no signatures associated with %s", ref)
+		return nil, errors.New("no signatures associated")
 	}
 	if len(l) > maxAllowedSigsOrAtts {
 		return nil, fmt.Errorf("maximum number of signatures on an image is %d, found %d", maxAllowedSigsOrAtts, len(l))