Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add verification for CNAB bundles #17

Merged
merged 3 commits into from
Aug 14, 2019
Merged

Add verification for CNAB bundles #17

merged 3 commits into from
Aug 14, 2019

Conversation

radu-matei
Copy link
Member

@radu-matei radu-matei commented Aug 14, 2019
edited
Loading 

$ ./bin/signy sign --type cnab bundle.json docker.io/radumatei/cnab-signing:v1
Pushed trust data for docker.io/radumatei/cnab-signing:v1: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475
Starting to copy image cnab/helloworld:0.1.1..
Completed image cnab/helloworld:0.1.1 copy 

Generated relocation map: bundle.ImageRelocationMap{"cnab/helloworld:0.1.1":"docker.io/radumatei/cnab-signing@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}

Pushed successfully, with digest "sha256:086ef83113475d4582a7431b4b9bc98634d4f71ad1289cca45e661153fc9a46e"

$ ./bin/signy list docker.io/radumatei/cnab-signing
v1      607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

$ ./bin/signy verify --type cnab docker.io/radumatei/cnab-signing:v1
Pulled trust data for docker.io/radumatei/cnab-signing:v1 - SHA256: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Pulling bundle from registry: docker.io/radumatei/cnab-signing                                                                                         

Relocation map map[cnab/helloworld:0.1.1:radumatei/cnab-signing@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6]

SHA256 of pulled bundle: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

$ ./bin/signy sign --type cnab bundle.json docker.io/radumatei/cnab-signing-another-repo:v42

Root key found, using: 1569d4a83b43c76d65cbcf7f639bde71bc6e27b13b08819a126753c4874479a0
Pushed trust data for docker.io/radumatei/cnab-signing-another-repo:v42: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Starting to copy image cnab/helloworld:0.1.1... 
Completed image cnab/helloworld:0.1.1 copy

Generated relocation map: bundle.ImageRelocationMap{"cnab/helloworld:0.1.1":"docker.io/radumatei/cnab-signing-another-repo@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}

Pushed successfully, with digest "sha256:086ef83113475d4582a7431b4b9bc98634d4f71ad1289cca45e661153fc9a46e"

radu:signy$ ./bin/signy verify --type cnab docker.io/radumatei/cnab-signing-another-repo:v42
Pulled trust data for docker.io/radumatei/cnab-signing-another-repo:v42 - SHA256: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

Pulling bundle from registry: docker.io/radumatei/cnab-signing-another-repo

Relocation map map[cnab/helloworld:0.1.1:radumatei/cnab-signing-another-repo@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6]


SHA256 of pulled bundle: 607ddb1d998e2155104067f99065659b202b0b19fa9ae52349ba3e9248635475

closes #14

Radu M added 2 commits August 14, 2019 04:19
Add verification for CNAB bundles
e5611b7 
Signed-off-by: Radu M <root@radu.sh>
Update dependencies
4c7b2f5 
Signed-off-by: Radu M <root@radu.sh>
radu-matei
radu-matei commented Aug 14, 2019
View reviewed changes
cmd/verify.go Outdated Show resolved Hide resolved
cmd/sign.go Outdated
return trust.SignAndPublish(trustDir, trustServer, s.gun, s.file, tlscacert, s.rootKey)
switch s.artifactType {
case "plaintext":
_, err := trust.SignAndPublish(trustDir, trustServer, s.gun, s.file, tlscacert, s.rootKey)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe display the digest for plain text files as well?

cmd/verify.go Outdated Show resolved Hide resolved
cmd/verify.go Outdated Show resolved Hide resolved
cmd/verify.go Outdated Show resolved Hide resolved
pkg/cnab/push.go Outdated Show resolved Hide resolved
pkg/cnab/push.go
return err
}

resolver := createResolver(nil)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Handle options for pushing an pulling to the registry.

pkg/cnab/push.go

relocationMap, err := remotes.FixupBundle(context.Background(), &b, n, resolver, remotes.WithEventCallback(displayEvent),
remotes.WithInvocationImagePlatforms(nil),
remotes.WithComponentImagePlatforms(nil))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Handle options for pushing an pulling to the registry.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened #18

pkg/trust/sign.go
@@ -51,30 +51,31 @@ func SignAndPublish(trustDir, trustServer, ref, file, tlscacert, rootKey string)
case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist:
rootKeyIDs, err := importRootKey(rootKey, repo, getPassphraseRetriever())
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure existing root keys are passed correctly.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Opened #19

radu-matei
radu-matei commented Aug 14, 2019
View reviewed changes
cmd/verify.go Outdated Show resolved Hide resolved
Refactor verification
eb13b61 
Signed-off-by: Radu M <root@radu.sh>
@radu-matei radu-matei merged commit 4c85865 into cnabio:master Aug 14, 2019
@radu-matei radu-matei deleted the cnab branch August 14, 2019 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle getting the configuration file from Windows
1 participant
@radu-matei