Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1465 attestation with private key #1502

Merged
merged 4 commits into from
Jan 26, 2023
Merged

1465 attestation with private key #1502

merged 4 commits into from
Jan 26, 2023

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Jan 20, 2023
edited
Loading

Return PKI options to original documented state

Closes #1465

Users can now add a --key <KEY_PATH> option to the syft attest command. This option will be passed to the shell out command introduced #1442

Users can set the password for the key by using the environment variable SYFT_ATTEST_PASSWORD

Previous versions of syft offered an interactive TUI for typing the password. Because of the nature of the shellout command this option is no longer available

To test:

cosign generate-key-pair
go run ./cmd/syft/main.go attest --key cosign.key <IMAGE_WITH_WRITE_ACCESS>

Screenshot 2023-01-26 at 10 00 29 AM

@github-actions
Copy link

github-actions bot commented Jan 20, 2023
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz
                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                   15.41m ± 24%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             1.709m ±  2%
ImagePackageCatalogers/python-package-cataloger-2                           4.313m ±  1%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   1.422m ±  2%
ImagePackageCatalogers/javascript-package-cataloger-2                       990.5µ ±  3%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   1.151m ±  4%
ImagePackageCatalogers/rpm-db-cataloger-2                                   1.681m ±  2%
ImagePackageCatalogers/java-cataloger-2                                     18.75m ±  4%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     9.390µ ±  3%
ImagePackageCatalogers/apkdb-cataloger-2                                    1.170m ±  3%
ImagePackageCatalogers/go-module-binary-cataloger-2                         19.71µ ±  3%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              1.843m ±  2%
ImagePackageCatalogers/portage-cataloger-2                                  939.3µ ±  2%
ImagePackageCatalogers/sbom-cataloger-2                                     5.708m ±  3%
ImagePackageCatalogers/binary-cataloger-2                                   8.138m ±  2%
geomean                                                                     1.360m

                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.041Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             204.5Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           954.4Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   217.8Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       158.4Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   200.3Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   300.0Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     3.371Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.375Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    181.9Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         2.121Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              377.9Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  138.0Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     724.9Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   1.028Mi ± 0%
geomean                                                                     221.6Ki

                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    85.84k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              4.349k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            16.82k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    5.604k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        3.432k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    4.575k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    8.318k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      58.88k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       32.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     5.331k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           70.00 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               7.206k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   3.683k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                      25.34k ± 0%
ImagePackageCatalogers/binary-cataloger-2                                    36.81k ± 0%
geomean                                                                      5.332k

@spiffcs
fix: add attestation options back
512f679 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
fix: rouge options surrounding hard PKI
81f8fed 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs force-pushed the 1465-attestation-with-private-key branch from f5797e3 to 81f8fed Compare January 20, 2023 19:46
@spiffcs
chore: static-analysis
b89e3da 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
feat: update message for personal PKI
d5cd00d 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
kzantow
kzantow approved these changes Jan 26, 2023
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

internal/config/attest.go
}

func (cfg attest) loadDefaultValues(v *viper.Viper) {
v.SetDefault("attest.key", "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is already set because of the v.BindPFlag("attest.key", flags.Lookup("key")) earlier

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! I removed it and didn't see any change. I would like to keep this though as the default that is called even if v.BindPFlag("attest.key", flags.Lookup("key")) is not invoked during another command.

I don't think v.BindPFlag("attest.key", flags.Lookup("key")) is called during other non attest command executions and having the config set explicit defaults overall seems cleaner than implicitly blank strings if nothing is called.

@spiffcs spiffcs merged commit 8c91605 into main Jan 26, 2023
@spiffcs spiffcs deleted the 1465-attestation-with-private-key branch January 26, 2023 16:19
This was referenced Jan 30, 2023
Closed
Closed
Closed
Closed
Merged
Merged
@Nirusu Nirusu mentioned this pull request Jan 31, 2023
Open
This was referenced Jan 31, 2023
Closed
Closed
Closed
Closed
Closed
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@spiffcs
1465 attestation with private key (anchore#1502)
3368a47 
1465 attestation with private key (anchore#1502)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Attestation with a private key
2 participants
@spiffcs @kzantow