From 4580e7b1fc400bc8acc06825672561ac13e93d49 Mon Sep 17 00:00:00 2001
From: Daniel Haus <dhaus@redhat.com>
Date: Wed, 24 May 2023 14:54:29 +0200
Subject: [PATCH] Enable fetching signatures without remote get.

Signed-off-by: Daniel Haus <dhaus@redhat.com>
Signed-off-by: Tomasz Janiszewski <tomek@redhat.com>
---
 pkg/cosign/fetch.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkg/cosign/fetch.go b/pkg/cosign/fetch.go
index 88bfeee23b2..2f32a265058 100644
--- a/pkg/cosign/fetch.go
+++ b/pkg/cosign/fetch.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"runtime"
@@ -26,6 +27,7 @@ import (
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/sigstore/cosign/v2/pkg/cosign/bundle"
+	"github.com/sigstore/cosign/v2/pkg/oci"
 	ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote"
 	"golang.org/x/sync/errgroup"
 )
@@ -67,8 +69,15 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 	if err != nil {
 		return nil, err
 	}
+	sigs, err := FetchSignatures(simg)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", ref, err)
+	}
+	return sigs, nil
+}
 
-	sigs, err := simg.Signatures()
+func FetchSignatures(se oci.SignedEntity) ([]SignedPayload, error) {
+	sigs, err := se.Signatures()
 	if err != nil {
 		return nil, fmt.Errorf("remote image: %w", err)
 	}
@@ -77,7 +86,7 @@ func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...
 		return nil, fmt.Errorf("fetching signatures: %w", err)
 	}
 	if len(l) == 0 {
-		return nil, fmt.Errorf("no signatures associated with %s", ref)
+		return nil, errors.New("no signatures associated")
 	}
 
 	signatures := make([]SignedPayload, len(l))