Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for verifying attestations (updated) #49

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add support for verifying attestations (updated) #49

wants to merge 12 commits into from

Conversation

evenh
Copy link

@evenh evenh commented Mar 29, 2023

An updated version of #8

ribbybibby and others added 12 commits January 11, 2022 16:06
@ribbybibby
Support different verification options per image
7307a7b 
Different images will require different verification options. This
commit adds configuration that allows you to define different
'verifiers' for specific image references, or image reference patterns.

At the moment it supports verification by public key, or the existing
options, but should be expanded to include all supported options.

Also modifies the response from the provider to include an error
per-image checked, rather than returning any error as a 'system' error.

I've also removed the _invalid suffix from the key returned in the
response when there's an error. The presence of the 'error' field
indicates this better, I think.

Signed-off-by: Rob Best <[email protected]>
adding support for verifying attestations
48085b9 
Signed-off-by: Tom Meadows <[email protected]>
@ribbybibby
Allow multiple verifiers for images
5facf03 
An image can have multiple signatures and therefore in some cases you'll
want multiple verifiers for the same images.

Signed-off-by: Rob Best <[email protected]>
fixing for linter
9353f2a 
Signed-off-by: Tom Meadows <[email protected]>
added formatting to return payloads
0368d29 
Signed-off-by: Tom Meadows <[email protected]>
@ribbybibby
Multiple verifiers for image reference
74e720a 
Modify the configuration so that multiple verifiers can be associated
directly with an image reference/pattern. Images will only be verified
for the first pattern they match.

This makes it possible to provide multiple verification options for a
specific image pattern/reference but also fall through to a less-specific
pattern (with different verification options) for images that don't
match a more specific pattern.

Signed-off-by: Rob Best <[email protected]>
@ribbybibby
Remove redundant line from template
235527f 
Checking the count of errors is enough.

Signed-off-by: Rob Best <[email protected]>
rebasing and making changes to config
aa94800 
Signed-off-by: Tom Meadows <[email protected]>
@ribbybibby
Add license header
4fb8e4f 
Signed-off-by: Rob Best <[email protected]>
@ribbybibby
Fix golangci-lint errors
69b8fb6 
Signed-off-by: Rob Best <[email protected]>
resolving conflicts from merge with verifiers branch
f23b1f2 
Signed-off-by: Tom Meadows <[email protected]>
@evenh
Merge branch 'main' into verify-attestations
ad3dc7b 
Signed-off-by: Even Holthe <[email protected]>
@evenh evenh force-pushed the updated-verify-attestations branch from 3f91518 to ad3dc7b Compare March 29, 2023 12:32
@evenh evenh changed the title Support different verification options per image More Add support for verifying attestations (updated) Mar 29, 2023
@evenh evenh changed the title More Add support for verifying attestations (updated) Add support for verifying attestations (updated) Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@evenh @ribbybibby