Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Cosign integration doesn't work with version 2.0.0+ #1182

Closed
ThomasVitale opened this issue Apr 10, 2023 · 1 comment · Fixed by #1197
Closed

The Cosign integration doesn't work with version 2.0.0+ #1182

ThomasVitale opened this issue Apr 10, 2023 · 1 comment · Fixed by #1197

Comments

@ThomasVitale
Copy link
Contributor

Before version 2.0.0, Cosign would generate private keys with the following labels:

-----BEGIN ENCRYPTED COSIGN PRIVATE KEY-----
...
-----END ENCRYPTED COSIGN PRIVATE KEY-----

Since version 2.0.0, the labels used for the private keys have changed to the following:

-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY-----
...
-----END ENCRYPTED SIGSTORE PRIVATE KEY-----

The changes have been made in sigstore/cosign#2471.

That means the cosign generate-key-pair command (used in the tutorial) doesn't work anymore because kpack can't read the new format until the cosign dependency is upgraded in kpack.

I'm available to contribute a pull request, if needed.
@ThomasVitale ThomasVitale mentioned this issue Apr 25, 2023
Merged
@ThomasVitale
Copy link
Contributor Author

I tried to give the change a try in #1197

tomkennedy513 added a commit that referenced this issue May 4, 2023
@tomkennedy513
Merge pull request #1197 from ThomasVitale/gh-1182
6e20ed7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump cosign to v2 and use new APIs
1 participant
@ThomasVitale