[RFC-0003] Verify OCI artifacts with cosign static keys

[stefanprodan]

Implement cosign verification as specified in RFC-0003 Flux OCI support for Kubernetes manifests:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
spec:
  interval: 10m
  url: oci://ghcr.io/org/my-app-config
  ref:
    semver: "1.x"
  verify:
    provider: cosign
    secretRef:
      name: cosign-keys
---
apiVersion: v1
kind: Secret
metadata:
  name: cosign-keys
stringData:
  key1.pub: "<public static key1>"
  key2.pub: "<public static key2>"

The RFC mentions only cosgin static keys, where the given secret contains one or more public keys. Besides static keys, cosgin supports keyless signing using OIDC such as GitHub and Google. We need to decide how to enable keyless verification, but for now we should implement the RFC spec.

[stefanprodan]

When verify.secretRef is not specified we could try to do a keyless verification, this will work only for public OCI repositories and will use the default Rekor URL and Fulcio root CA.

[stefanprodan]

For e2e testing I have prepared two OCI repos, one signed using a static key and the other signed using GitHub.

Static key

$ cosign verify --key https://raw.githubusercontent.com/stefanprodan/podinfo/master/.cosign/cosign.pub ghcr.io/stefanprodan/podinfo-deploy:6.2.0

Verification for ghcr.io/stefanprodan/podinfo-deploy:6.2.0 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

[{"critical":{"identity":{"docker-reference":"ghcr.io/stefanprodan/podinfo-deploy"},"image":{"docker-manifest-digest":"sha256:df41ceaea12823eb049ce7e4b80915bb59b8503b9a197accc93ae81b42b5962b"},"type":"cosign container image signature"},"optional":null}]

Keyless GitHub

$ cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.2.0

Verification for ghcr.io/stefanprodan/manifests/podinfo:6.2.0 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

[{"critical":{"identity":{"docker-reference":"ghcr.io/stefanprodan/manifests/podinfo"},"image":{"docker-manifest-digest":"sha256:7a6ac2e83eed5e1af26fb296bf8aba75dd2a6aeaf5a8e059bfb547ee40171214"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEYCIQDT898c/RchieIr06MwS7bPlO/JOdF8imN5S/dWIpQX4AIhAM1UhJG26UG59eHTvI8JfY7RDujBRZQRscEmSCB3fuCm","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjZWQwY2JjNjhmZmQ3OTZlYjAwNmU4MmUxZTliYzdjNzkyOTU4ZGE4OWI1YmJjY2I2ZDE0ODg3M2E2ZTExN2EyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJR2RVajNtMnlmUHhPU0p1bzI2THR0dWlvd0VjMXY3R2VUYXdqNjNQcUJxZkFpQXlRaEZXN3hiZDlZUGg1OFIzMDhzbTlmY3dBNE8vRjV6Vk5DZUtzYUJvemc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUnNla05EUVhneVowRjNTVUpCWjBsVldYaFlWRmRsVDNObVEwWTVSVFJ5Y0hWbWFHRjFZa1V4VGs1M2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcEpkMDlFUlRGTlZFa3hUWHBGZUZkb1kwNU5ha2wzVDBSRk1VMVVUWGROZWtWNFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZhV21oQ2RtaERZazlXY1hkNk5FMW1OVFJ3TjBwUVdqQTJjSEZoVUVsVVl6RTRZMGtLU1dkMU1YZExhbmQxT0VoMmJWVnlTbVpqU0VweVZFeE5hMUl2ZVU5UlJuQk1TVWh4TUZBdlJtWkRUa2hUVjBodE1qWlBRMEZxZDNkblowazBUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlYxWW5aRUNuZGhOMGRGWkRWTU5VNXVNRXRpVVZaTVZGWm1UbWh2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDFsM1dVUldVakJTUVZGSUwwSkdhM2RXTkZwV1lVaFNNR05JVFRaTWVUbHVZVmhTYjJSWFNYVlpNamwwVEROT01GcFhXbWhpYmtKNVlqSlNhQXBpYVRsM1lqSlNjR0p0V25aTWVUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTTBwc1lrZFdhR015VlhWbFZ6RnpVVWhLYkZwdVRYWmtSMFp1Q21ONU9ESk1ha2wxVFVSQk5VSm5iM0pDWjBWRlFWbFBMMDFCUlVKQ1EzUnZaRWhTZDJONmIzWk1NMUoyWVRKV2RVeHRSbXBrUjJ4MlltNU5kVm95YkRBS1lVaFdhV1JZVG14amJVNTJZbTVTYkdKdVVYVlpNamwwVFVKSlIwTnBjMGRCVVZGQ1p6YzRkMEZSU1VWQ1NFSXhZekpuZDA1bldVdExkMWxDUWtGSFJBcDJla0ZDUVhkUmIwNTZiRzFQUkVWNlQwUk5lVTlFYUdsYWFsa3hUa1JLYlZreVNURlpiVkpyVDBSRk1FNUhTVFJOYWxwcFRYcE9hVTE2V214T2VrRldDa0puYjNKQ1owVkZRVmxQTDAxQlJVVkNRV1I1V2xkNGJGbFlUbXhOUTBsSFEybHpSMEZSVVVKbk56aDNRVkZWUlVaSVRqQmFWMXBvWW01Q2VXSXlVbWdLWW1rNWQySXlVbkJpYlZwMlRVSXdSME5wYzBkQlVWRkNaemM0ZDBGUldVVkVNMHBzV201TmRtUkhSbTVqZVRneVRHcEpkVTFFUTBKcFoxbExTM2RaUWdwQ1FVaFhaVkZKUlVGblVqaENTRzlCWlVGQ01rRkJhR2RyZGtGdlZYWTViMUprU0ZKaGVXVkZia1ZXYmtkTGQxZFFZMDAwTUcwemJYWkRTVWRPYlRsNUNrRkJRVUpuY1VkUmRHODBRVUZCVVVSQlJXTjNVbEZKYUVGS2VrMW1SQ3REUzBOb1lsQm9SRWR6VkhSUFIwZElTMmRDTURaUk1GcGlkbGxtZUZBek5rUUtOVlYzTVVGcFFrdE5NVGQzTmpkblpIVklhRmx3WmxGTk0yRTNWbVI0TlhoS2VtSjBLMFowUkVwelRUSXJRWGxYTm1wQlMwSm5aM0ZvYTJwUFVGRlJSQXBCZDA1dlFVUkNiRUZxUVdvMFEyYzBSVWdyZG1sT04wUm5Na2h5ZDJGdFJtZFFjVWRTUzNjMlZHRjZjR3N2VHl0WVVFeERVSGxoYmpreGJGWk9ORFp0Q2xncllTOHpkbFZPV2s1dlEwMVJSQ3RRWW5wbGJHMVpVMFZTVG5vNGJUZENlWEZ6UlhKRk5FbHdWbFZ5UlhNeGVGZHdSRGt5TW5oWWVuTjVVbmxoWVRZS1FrRkNhbEIwTVdjd2JUUlNiV0pKUFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PSJ9fX19","integratedTime":1660567993,"logIndex":3184671,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"Issuer":"https://token.actions.githubusercontent.com","Subject":"https://github.com/stefanprodan/podinfo/.github/workflows/release.yml@refs/tags/6.2.0"}}]

[rashedkvm]

Hi @stefanprodan, if this issue is not assigned yet, I can work on it. Thanks!

[developer-guy]

we (w/@dentrax) are also willing to work on this, thanks 🫶

[makkes]

@rashedkvm @developer-guy I assigned both of you.