cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Add attest blob functionality

Open mlieberman85 opened this issue 3 years ago • 3 comments

This mostly copies the functionality of image attestation and blob signing.

Signed-off-by: Michael [email protected]

Summary

This will allow users to attest local blobs similar to attesting images, following a similar pattern to signing blobs/images. Currently the code allows for attesting local blobs only. It probably wouldn't take much effort to include just a hash to attest as not all blobs will be available locally for checksumming. This also supports printing attestation locally or uploading it to Rekor.

mlieberman85 avatar Jan 02 '22 22:01 mlieberman85

This is still very much a WIP. Need to add some abstractions to deduplicate some of the code between attest and attestblob.

mlieberman85 avatar Jan 02 '22 22:01 mlieberman85

I have some additional stuff I've changed/added. I'm also going to include signing of the hash directly.

mlieberman85 avatar May 08 '22 15:05 mlieberman85

Codecov Report

Merging #1265 (83034d3) into main (1258512) will decrease coverage by 0.34%. The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1265      +/-   ##
==========================================
- Coverage   33.44%   33.10%   -0.35%     
==========================================
  Files         146      148       +2     
  Lines        9340     9428      +88     
==========================================
- Hits         3124     3121       -3     
- Misses       5843     5933      +90     
- Partials      373      374       +1
Impacted Files Coverage Δ
cmd/cosign/cli/attestblob.go 0.00% <0.00%> (ø)
cmd/cosign/cli/commands.go 0.00% <0.00%> (ø)
cmd/cosign/cli/options/attestblob.go 0.00% <0.00%> (ø)
pkg/cosign/tuf/client.go 61.68% <0.00%> (-0.82%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 1258512...83034d3. Read the comment docs.

codecov-commenter avatar May 09 '22 14:05 codecov-commenter

This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.

github-actions[bot] avatar Aug 31 '22 02:08 github-actions[bot]

This PR was closed because it has been stalled for 10 days with no activity.

github-actions[bot] avatar Sep 10 '22 02:09 github-actions[bot]