Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for reading and writing Cosign attachments to c/image/docker #1595

Merged
merged 9 commits into from Jul 7, 2022
Merged

Add support for reading and writing Cosign attachments to c/image/docker #1595

merged 9 commits into from Jul 7, 2022

Commits on Jul 7, 2022

  1. Rename docker/lookaside.go to docker/registries_d.go 

    It's not actually dealing with the lookaside; just with the configuration.
And we are going to introduce more configuration.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    39f9517 View commit details
    Browse the repository at this point in the history

  2. Split registryConfiguration.signatureStorageBaseURL from SignatureSto… 

    …rageBaseURL

This will allow us to only load the configuration once.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    e5ba223 View commit details
    Browse the repository at this point in the history

  3. Split loadRegistryConfiguration from SignatureStorageBaseURL 

    This will allow us to load the configuration and then ask
for multiple items.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    8b63771 View commit details
    Browse the repository at this point in the history

  4. Move loading registries.d from newDockerClientForRef 

    This is a bit more repetitive in most callers.  The benefit is
that we only read the files once per newImageSource, even if there
are multiple mirrors.

We will also read more items from the config.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    8a56e16 View commit details
    Browse the repository at this point in the history

  5. Add use-cosign-attachments to registries.d/*.yaml 

    ... so that users can choose whether to do the extra
manifest lookups, and record signatures.

NOTE: This defaults to false.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    4efefd6 View commit details
    Browse the repository at this point in the history

  6. Make most of dockerImageSource.fetchManifest available in dockerClien… 

    …t.fetchManifest

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    4cb9873 View commit details
    Browse the repository at this point in the history

  7. Move most of dockerImageSource.GetBlob to dockerClient.getBlob 

    We need it for writing signatures.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    6140722 View commit details
    Browse the repository at this point in the history

  8. Split dockerImageDestination.uploadManifest from PutManifest 

    We are going to need a way to upload to a tag without affecting
dockerImageDestination.manifestDigest.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    a3f8f97 View commit details
    Browse the repository at this point in the history

  9. Add support for reading and writing Cosign attachments, incl. signatures 

    NOTE design decisions:
- We can read Cosign data from lookaside
- We ONLY write Cosign data to Cosign attachments, never
  to lookaside; because lookaside is set up by default, that
  would be too confusing.
- We ONLY use Cosign attachments at all if the user opts in
  via registries.d.

  One concern is performance impact of the extra round-trip
  for large-scale operations like (skopeo sync).

  Short-term, a much more worrying is the risk that we probably
  have the "is this failure just a missing atachment manifest,
  or a real failure reading it?" heuristic wrong, so without an
  opt-in, _all_ image reads are going to fail.  This might eventually
  go away after more testing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
    @mtrmac
    mtrmac committed Jul 7, 2022
    Copy the full SHA
    68d7040 View commit details
    Browse the repository at this point in the history