-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DO NOT MERGE IRRESPONSIBLE: Cosign integration #1599
Commits on Jul 7, 2022
-
Configuration menu - View commit details
-
Copy full SHA for c9e8f31 - Browse repository at this point
Copy the full SHA c9e8f31View commit details -
Introduce signature.Cosign as a format
Currently, this just allows serializing and deserializing it as a blob. NOTE: This makes an implementation decision about the blob format: we use OpenPGP signatures with no marker, any new formats will start with a zero byte and an ASCII line identifying the format of the rest. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 61d26a4 - Browse repository at this point
Copy the full SHA 61d26a4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6cc05f6 - Browse repository at this point
Copy the full SHA 6cc05f6View commit details -
Rename docker/lookaside.go to docker/registries_d.go
It's not actually dealing with the lookaside; just with the configuration. And we are going to introduce more configuration. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 745953d - Browse repository at this point
Copy the full SHA 745953dView commit details -
Split registryConfiguration.signatureStorageBaseURL from SignatureSto…
…rageBaseURL This will allow us to only load the configuration once. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3e943c8 - Browse repository at this point
Copy the full SHA 3e943c8View commit details -
Split loadRegistryConfiguration from SignatureStorageBaseURL
This will allow us to load the configuration and then ask for multiple items. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 111bc45 - Browse repository at this point
Copy the full SHA 111bc45View commit details -
Move loading registries.d from newDockerClientForRef
This is a bit more repetitive in most callers. The benefit is that we only read the files once per newImageSource, even if there are multiple mirrors. We will also read more items from the config. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0bbee88 - Browse repository at this point
Copy the full SHA 0bbee88View commit details -
FIXME: Add use-cosign-attachments to registries.d/*.yaml
... so that users can choose whether to do the extra manifest lookups, and record signatures. NOTE: This defaults to false. FIXME: Documentation Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8e18111 - Browse repository at this point
Copy the full SHA 8e18111View commit details -
Make most of dockerImageSource.fetchManifest available in dockerClien…
…t.fetchManifest Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c68d0a - Browse repository at this point
Copy the full SHA 1c68d0aView commit details -
Move most of dockerImageSource.GetBlob to dockerClient.getBlob
We need it for writing signatures. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c61ce9 - Browse repository at this point
Copy the full SHA 1c61ce9View commit details -
Split dockerImageDestination.uploadManifest from PutManifest
We are going to need a way to upload to a tag without affecting dockerImageDestination.manifestDigest. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a48ed60 - Browse repository at this point
Copy the full SHA a48ed60View commit details -
Add support for reading and writing Cosign attachments, incl. signatures
NOTE design decisions: - We can read Cosign data from lookaside - We ONLY write Cosign data to Cosign attachments, never to lookaside; because lookaside is set up by default, that would be too confusing. - We ONLY use Cosign attachments at all if the user opts in via registries.d. One concern is performance impact of the extra round-trip for large-scale operations like (skopeo sync). Short-term, a much more worrying is the risk that we probably have the "is this failure just a missing atachment manifest, or a real failure reading it?" heuristic wrong, so without an opt-in, _all_ image reads are going to fail. This might eventually go away after more testing. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1e5089f - Browse repository at this point
Copy the full SHA 1e5089fView commit details -
Configuration menu - View commit details
-
Copy full SHA for a3b4a97 - Browse repository at this point
Copy the full SHA a3b4a97View commit details -
UNTESTED: Add support for creating Cosign signatures
Private key only, no Fulcio/Rekor. The extra dependencies are not ideal, but not too bad (notably the scary go-tuf addition is only a small subpackage), looking only at files added in new subpackage, not additions caused by updates of existing dependencies: vendor/github.com/golang/protobuf/jsonpb/decode.go | 524 ++++++++++++++++ vendor/github.com/golang/protobuf/jsonpb/encode.go | 559 ++++++++++++++++++ vendor/github.com/golang/protobuf/jsonpb/json.go | 69 +++ vendor/github.com/google/go-containerregistry/LICENSE | 202 +++++++ vendor/github.com/google/go-containerregistry/pkg/name/README.md | 3 + vendor/github.com/google/go-containerregistry/pkg/name/check.go | 43 ++ vendor/github.com/google/go-containerregistry/pkg/name/digest.go | 96 +++ vendor/github.com/google/go-containerregistry/pkg/name/doc.go | 42 ++ vendor/github.com/google/go-containerregistry/pkg/name/errors.go | 42 ++ vendor/github.com/google/go-containerregistry/pkg/name/options.go | 83 +++ vendor/github.com/google/go-containerregistry/pkg/name/ref.go | 75 +++ vendor/github.com/google/go-containerregistry/pkg/name/registry.go | 136 +++++ vendor/github.com/google/go-containerregistry/pkg/name/repository.go | 121 ++++ vendor/github.com/google/go-containerregistry/pkg/name/tag.go | 108 ++++ vendor/github.com/letsencrypt/boulder/LICENSE.txt | 375 ++++++++++++ vendor/github.com/letsencrypt/boulder/core/challenges.go | 27 + vendor/github.com/letsencrypt/boulder/core/interfaces.go | 14 + vendor/github.com/letsencrypt/boulder/core/objects.go | 536 +++++++++++++++++ vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go | 1100 ++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/core/proto/core.proto | 95 +++ vendor/github.com/letsencrypt/boulder/core/util.go | 298 ++++++++++ vendor/github.com/letsencrypt/boulder/errors/errors.go | 150 +++++ vendor/github.com/letsencrypt/boulder/features/featureflag_string.go | 45 ++ vendor/github.com/letsencrypt/boulder/features/features.go | 158 +++++ vendor/github.com/letsencrypt/boulder/goodkey/blocked.go | 98 +++ vendor/github.com/letsencrypt/boulder/goodkey/good_key.go | 432 ++++++++++++++ vendor/github.com/letsencrypt/boulder/goodkey/weak.go | 66 +++ vendor/github.com/letsencrypt/boulder/identifier/identifier.go | 32 + vendor/github.com/letsencrypt/boulder/probs/probs.go | 349 +++++++++++ vendor/github.com/letsencrypt/boulder/revocation/reasons.go | 74 +++ vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go | 3449 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto | 272 +++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go | 1515 +++++++++++++++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go | 46 ++ vendor/github.com/sigstore/sigstore/COPYRIGHT.txt | 14 + vendor/github.com/sigstore/sigstore/LICENSE | 202 +++++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/certificate.go | 170 ++++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/generic.go | 31 + vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go | 96 +++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go | 144 +++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go | 174 ++++++ vendor/github.com/sigstore/sigstore/pkg/signature/doc.go | 17 + vendor/github.com/sigstore/sigstore/pkg/signature/ecdsa.go | 244 ++++++++ vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go | 197 ++++++ vendor/github.com/sigstore/sigstore/pkg/signature/message.go | 111 ++++ vendor/github.com/sigstore/sigstore/pkg/signature/options.go | 57 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/context.go | 36 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/digest.go | 35 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/keyversion.go | 50 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/noop.go | 49 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/rand.go | 41 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/remoteverification.go | 32 + vendor/github.com/sigstore/sigstore/pkg/signature/options/rpcauth.go | 58 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/signeropts.go | 40 ++ vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go | 104 ++++ vendor/github.com/sigstore/sigstore/pkg/signature/publickey.go | 25 + vendor/github.com/sigstore/sigstore/pkg/signature/rsapkcs1v15.go | 225 +++++++ vendor/github.com/sigstore/sigstore/pkg/signature/rsapss.go | 260 ++++++++ vendor/github.com/sigstore/sigstore/pkg/signature/signer.go | 89 +++ vendor/github.com/sigstore/sigstore/pkg/signature/signerverifier.go | 69 +++ vendor/github.com/sigstore/sigstore/pkg/signature/util.go | 55 ++ vendor/github.com/sigstore/sigstore/pkg/signature/verifier.go | 100 ++++ vendor/github.com/theupdateframework/go-tuf/LICENSE | 27 + vendor/github.com/theupdateframework/go-tuf/encrypted/encrypted.go | 226 +++++++ vendor/github.com/titanous/rocacheck/LICENSE | 22 + vendor/github.com/titanous/rocacheck/README.md | 7 + vendor/github.com/titanous/rocacheck/rocacheck.go | 52 ++ vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go | 40 ++ vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go | 22 + vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go | 10 + vendor/golang.org/x/crypto/internal/poly1305/poly1305.go | 99 ++++ vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go | 48 ++ vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s | 109 ++++ vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go | 310 ++++++++++ vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go | 48 ++ vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s | 182 ++++++ vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go | 76 +++ vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s | 504 ++++++++++++++++ vendor/golang.org/x/crypto/internal/subtle/aliasing.go | 33 ++ vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go | 36 ++ vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go | 173 ++++++ vendor/golang.org/x/crypto/ocsp/ocsp.go | 789 +++++++++++++++++++++++++ vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go | 144 +++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go | 199 +++++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go | 24 + vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s | 881 +++++++++++++++++++++++++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go | 15 + vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go | 231 ++++++++ vendor/golang.org/x/crypto/scrypt/scrypt.go | 212 +++++++ vendor/golang.org/x/crypto/sha3/doc.go | 66 +++ vendor/golang.org/x/crypto/sha3/hashes.go | 97 +++ vendor/golang.org/x/crypto/sha3/hashes_generic.go | 28 + vendor/golang.org/x/crypto/sha3/keccakf.go | 413 +++++++++++++ vendor/golang.org/x/crypto/sha3/keccakf_amd64.go | 14 + vendor/golang.org/x/crypto/sha3/keccakf_amd64.s | 391 ++++++++++++ vendor/golang.org/x/crypto/sha3/register.go | 19 + vendor/golang.org/x/crypto/sha3/sha3.go | 193 ++++++ vendor/golang.org/x/crypto/sha3/sha3_s390x.go | 285 +++++++++ vendor/golang.org/x/crypto/sha3/sha3_s390x.s | 34 ++ vendor/golang.org/x/crypto/sha3/shake.go | 173 ++++++ vendor/golang.org/x/crypto/sha3/shake_generic.go | 20 + vendor/golang.org/x/crypto/sha3/xor.go | 24 + vendor/golang.org/x/crypto/sha3/xor_generic.go | 28 + vendor/golang.org/x/crypto/sha3/xor_unaligned.go | 68 +++ vendor/google.golang.org/grpc/channelz/channelz.go | 36 ++ vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go | 382 ++++++++++++ vendor/google.golang.org/grpc/internal/pretty/pretty.go | 82 +++ vendor/google.golang.org/protobuf/encoding/protojson/decode.go | 665 +++++++++++++++++++++ vendor/google.golang.org/protobuf/encoding/protojson/doc.go | 11 + vendor/google.golang.org/protobuf/encoding/protojson/encode.go | 344 +++++++++++ vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go | 889 ++++++++++++++++++++++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode.go | 340 +++++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_number.go | 254 ++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_string.go | 91 +++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_token.go | 192 ++++++ vendor/google.golang.org/protobuf/internal/encoding/json/encode.go | 276 +++++++++ vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go | 168 ++++++ Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7ca39ec - Browse repository at this point
Copy the full SHA 7ca39ecView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ddfdb3 - Browse repository at this point
Copy the full SHA 5ddfdb3View commit details -
Fix a long-standing incorrect comment
Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 18de3ff - Browse repository at this point
Copy the full SHA 18de3ffView commit details -
Add private.UnparsedImage, use it for signature handling
Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 464050f - Browse repository at this point
Copy the full SHA 464050fView commit details -
FIXME DO NOT MERGE IRRESPONSIBLE Add Cosign verification support
THIS MUST HAVE TOTAL CODE COVERAGE. type: cosignSigned, with the usual keyData/keyPath. Fulcio/Rekor is plausible _for the off-line rekor log entry proofs_, but not currently implemented. Tests first. NOTE: This only allows a single public key, not a keyring, unlike simple signing. That seems problematic, there are known users of that. But we can fix that later by adding keyDirectory and the like. FIXME: Update documentation of policy.json. Signed-off-by: Miloslav Trmač <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 657eeb5 - Browse repository at this point
Copy the full SHA 657eeb5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 883281f - Browse repository at this point
Copy the full SHA 883281fView commit details -
Configuration menu - View commit details
-
Copy full SHA for e17a67d - Browse repository at this point
Copy the full SHA e17a67dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8a25bbf - Browse repository at this point
Copy the full SHA 8a25bbfView commit details