Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable signing and verifying image without registry access #4014

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enable signing and verifying image without registry access #4014

wants to merge 1 commit into from
+86 −13

Conversation

bkabrda
Copy link
Contributor

@bkabrda bkabrda commented Jan 16, 2025

Summary

Fixes #3832.
This PR essentially enables:

  • Signing an image with the --upload=false flag even if the image registry is (temporarily) unavailable.
  • Properly verifying and image offline with certificate, payload and signature

I tried my best to test all the code paths that go through this function, but to be honest there are so many that I'm not 100 % everything is still correct - a thorough review would be appreciated.

Release Note

  • It is now possible to sign an image when the image registry is unreachable when using --upload=false.
  • The TLog search now works properly when verifying image using disconnected certificate, payload and signature.

Documentation

I don't believe this PR requires documentation change.

@bkabrda
Enable signing and verifying image without registry access
4535d70 
Signed-off-by: Slavek Kabrda <bkabrda@redhat.com>
@codecov Codecov
Copy link

codecov bot commented Jan 16, 2025

Codecov Report

Attention: Patch coverage is 18.51852% with 22 lines in your changes missing coverage. Please review.

Project coverage is 36.44%. Comparing base (2ef6022) to head (4535d70).
Report is 278 commits behind head on main.

Files with missing lines Patch % Lines
pkg/cosign/verify.go 20.00% 18 Missing and 2 partials ⚠️
cmd/cosign/cli/sign/sign.go 0.00% 1 Missing ⚠️
cmd/cosign/cli/verify/verify.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4014      +/-   ##
==========================================
- Coverage   40.10%   36.44%   -3.66%     
==========================================
  Files         155      209      +54     
  Lines       10044    13371    +3327     
==========================================
+ Hits         4028     4873     +845     
- Misses       5530     7875    +2345     
- Partials      486      623     +137

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow signing local image without registry access
1 participant
@bkabrda