cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Attached attestations in keyless mode not returned with verify-attestations

Open chipzoller opened this issue 3 years ago • 6 comments

Description

In keyless mode with Cosign 1.9, an attestation that is attached to a container image using cosign attach attestation is not returned in a cosign verify-attestations command with others which were created with cosign attest. It will be returned only in a cosign download attestation command.

chipzoller avatar Jun 25 '22 13:06 chipzoller

I think the issue here is that the verification bundle is stored outside of the attestation. It gets attached correctly, but isn't returned because there isn't enough information to verify the signature portion.

A fix would be to upload the verification bundle if present on disk, either via flags or some discovery scheme.

dlorenc avatar Jun 25 '22 15:06 dlorenc

For those following along at home here are the commands to reproduce:

# create an attestation
$ COSIGN_EXPERIMENTAL=1 cosign attest --no-upload --type slsaprovenance --predicate predicate.json <image> >cosign.attestation.intoto.jsonl

# Attach the attestation
$ COSIGN_EXPERIMENTAL=1 cosign attach attestation --attestation cosign.attestation.intoto.jsonl <image>

# Verify the attestation
$ COSIGN_EXPERIMENTAL=1 cosign verify-attestation <image>
Error: no matching attestations:
no certificate found on attestation

ianlewis avatar Jun 27 '22 06:06 ianlewis

Some background:

The reason we want to do this is that we want to support generating SLSA provenance safely in a generic way using a reusable GitHub Actions workflow. This generates some generic provenance including metadata about the GitHub Actions environment, workflow run etc. and signs it using the reusable workflow's identity. More docs here.

In this case the user can build the container themselves and pass the digest as a generic digest to the workflow (the workflow doesn't know it's a container. Just the subject name and digest) which generates provenance. Afterward they can upload the generated provenance to their container registry using cosign attach attestation. Here's an example: https://github.com/ianlewis/actions-test/blob/main/.github/workflows/generic-container.yml

@dlorenc Any pointers to docs or code on how the verification bundle is defined and stored would be helpful.

ianlewis avatar Jun 27 '22 07:06 ianlewis

/cc @asraa

laurentsimon avatar Jun 27 '22 19:06 laurentsimon

@ianlewis we need help pushing on this if the container provenance generators (current and future) are supposed to use this attach flow rather than the strip-attest flow.

chipzoller avatar Jul 22 '22 12:07 chipzoller

@chipzoller Right now the container workflow is using cosign attest to sign and upload the provenance. We just generate and give it a predicate.

ianlewis avatar Jul 25 '22 00:07 ianlewis