DO NOT MERGE IRRESPONSIBLE: Cosign integration #1599
Conversation
mtrmac
force-pushed
the
cosign-integration
branch
from
640ae0a
to
fc4612a
Compare
copy/copy.go
Outdated
| SignBy string // If non-empty, asks for a signature to be added during the copy, and specifies a key ID, as accepted by signature.NewGPGSigningMechanism().SignDockerManifest(), | ||
| SignPassphrase string // Passphare to use when signing with the key ID from `SignBy`. | ||
| SignByCosignPrivateKeyFile string // If non-empty, asks for a signature to be added during the copy, using a Cosign private key file at the provided path. | ||
| SignByCosignPrivateKeyPassphrase []byte // Passphare to use when signing with `SignByCosignPrivateKeyFile`. |
There was a problem hiding this comment.
| SignByCosignPrivateKeyPassphrase []byte // Passphare to use when signing with `SignByCosignPrivateKeyFile`. | |
| SignCosignPrivateKeyPassphrase []byte // Passphare to use when signing with `SignByCosignPrivateKeyFile`. |
Just to be consistent with SignBy and SignPassphrase
| @@ -596,6 +637,125 @@ func (d *dockerImageDestination) putOneSignature(url *url.URL, signature []byte) | |||
| } | |||
| } | |||
|
|
|||
| func (d *dockerImageDestination) putSignaturesToCosignAttachments(ctx context.Context, signatures []signature.Cosign, manifestDigest digest.Digest) error { | |||
There was a problem hiding this comment.
I think it could be useful to add some (debug) logs and status on the report writer.
There was a problem hiding this comment.
Debug logs added in #1595 .
We can add a report writer, or progress bar updates, with the new private interfaces; that would require a bit of new interfaces / infrastructure.
docker/docker_image_dest.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| sigDesc.Annotations = sig.UntrustedAnnotations |
There was a problem hiding this comment.
I think that using sig is dangerous. If there are multiple signatures, wouldn't all users of UntrustedAnnotations point to the field of the last item in the slice?
There was a problem hiding this comment.
Fresher eyes after my lunch break are not concerned anymore. Only pointers to members of the loop variable are dangerous.
There was a problem hiding this comment.
Nevertheless, doing more explicit copies when creating/consuming signatures would be worth the peace of mind.
There was a problem hiding this comment.
As of updated #1595 , signature objects are only accessible via copying constructors and copying getters.
docker/docker_image_dest.go
Outdated
| } | ||
|
|
||
| sigDesc, err := d.putBlobBytesAsOCI(ctx, sig.UntrustedPayload, sig.UntrustedMIMEType, private.PutBlobOptions{ | ||
| Cache: none.NoCache, // FIXME: Pass BlobInfoCache to signature accessors? Or is this just pointless noise?? |
There was a problem hiding this comment.
@mtrmac, do you think the blob cache could speed things up?
There was a problem hiding this comment.
Those FIXMEs are because I just wasn’t ready to deal with that interface change at that time either way. We could pass that.
Looking at it more, the info cache (which is what the above is) is useful for:
- compressed/uncompressed correspondence. Irrelevant because we are not changing that for signatures, and a signature payload is not likely to match a “real” layer.
TryReusingBlob*, where we are consuming the cache (the call fromPutBlob*is write only). And it doesn’t even make much sense — I’d naively, without measurement, expect most of the cost of dealing with these small blobs to be the round-trips, so any extra round-trips checking for blobs to mount instead of just writing them are likely to make things worse.
So none.NoCache might be the right thing to do here anyway: At least with the current attachment implementation, we would just be adding entries (which we never delete) and growing the database for no benefit.
WRT the blob data cache, note that it is write-through; if attached to a destination, it writes the data to local storage in addition to writing them to a destination. So that’s not making writes any faster. The blob cache helps on reads, and that might be somewhat significant here if network reads are slower than disk reads (which is reportedly not always the case…). So… how often does one pull an image after pushing it? If it happens frequently, I’d expect the image to already be in c/storage (… and, true, we do a copy with most of the round-trips anyway…) In that case I think teaching the copy code not to copy an already-existing image (or just already-existing signatures?) would be better than the blob cache, because c/storage has delete operations and is under better user control.
In general, it is a bit of a concern that working with the cosign attachments is round-trip heavy (though not much heavier than a https:// look-side). We might eventually want to worry about optimizing out individual redundant attachment copies, especially if some of them could grow quite large (SBOMs? I have never seen one in the wild). And, potentially much worse, we might need to stream the attachment payloads instead of just reading them into memory.
I think we can deal later with that if it ever shows up as an user-reported issue. The new …WithFormat API shows we have the conceptual flexibility.
There was a problem hiding this comment.
Replaced the FIXMEs with comments in #1595 .
docker/docker_image_dest.go
Outdated
| } | ||
|
|
||
| for _, sig := range signatures { | ||
| found := false |
There was a problem hiding this comment.
Nit: can we rename found to something similar to alreadyOnRegistry? It adds some more context that would help me brain-parse the code.
| } | ||
| sigDesc.Annotations = sig.UntrustedAnnotations | ||
| ociManifest.Layers = append(ociManifest.Layers, sigDesc) | ||
| ociConfig.RootFS.DiffIDs = append(ociConfig.RootFS.DiffIDs, sigDesc.Digest) |
There was a problem hiding this comment.
Are the diff IDs needed? I couldn't find something in the cosign spec but recall that cosign just ships an empty config.
There was a problem hiding this comment.
I don’t know.
It’s quite possible they aren’t needed. I also thought cosign ships a completely empty config, but when looking what to write into that config, I found DiffID entries in a Cosign-generated file. That might be a go-containerregistry artifact, the API has concepts like “add a layer” which adds it both to the manifest and to DiffIDs.
At least distribution/distribution seems not to care, except if the client is schema1-only.
Historically Quay has been the registry with the strictest validation we’ve been hearing about, I have no idea what they do.
There was a problem hiding this comment.
Thanks for checking!
I also suspect go-containerregistry to be the source. I am totally fine to add the DiffIDs.
There was a problem hiding this comment.
It’s a good thing to point out and to track — if we don’t need to add DiffIDs, we would eliminate a blob write for the config on every copy that adds signatures to an existing image with signatures.
mtrmac
force-pushed
the
cosign-integration
branch
2 times, most recently
from
6a7bbad
to
6a1b669
Compare
Currently, this just allows serializing and deserializing it as a blob. NOTE: This makes an implementation decision about the blob format: we use OpenPGP signatures with no marker, any new formats will start with a zero byte and an ASCII line identifying the format of the rest. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It's not actually dealing with the lookaside; just with the configuration. And we are going to introduce more configuration. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…rageBaseURL This will allow us to only load the configuration once. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will allow us to load the configuration and then ask for multiple items. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is a bit more repetitive in most callers. The benefit is that we only read the files once per newImageSource, even if there are multiple mirrors. We will also read more items from the config. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... so that users can choose whether to do the extra manifest lookups, and record signatures. NOTE: This defaults to false. FIXME: Documentation Signed-off-by: Miloslav Trmač <mitr@redhat.com>
…t.fetchManifest Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We need it for writing signatures. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We are going to need a way to upload to a tag without affecting dockerImageDestination.manifestDigest. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
NOTE design decisions: - We can read Cosign data from lookaside - We ONLY write Cosign data to Cosign attachments, never to lookaside; because lookaside is set up by default, that would be too confusing. - We ONLY use Cosign attachments at all if the user opts in via registries.d. One concern is performance impact of the extra round-trip for large-scale operations like (skopeo sync). Short-term, a much more worrying is the risk that we probably have the "is this failure just a missing atachment manifest, or a real failure reading it?" heuristic wrong, so without an opt-in, _all_ image reads are going to fail. This might eventually go away after more testing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Private key only, no Fulcio/Rekor. The extra dependencies are not ideal, but not too bad (notably the scary go-tuf addition is only a small subpackage), looking only at files added in new subpackage, not additions caused by updates of existing dependencies: vendor/github.com/golang/protobuf/jsonpb/decode.go | 524 ++++++++++++++++ vendor/github.com/golang/protobuf/jsonpb/encode.go | 559 ++++++++++++++++++ vendor/github.com/golang/protobuf/jsonpb/json.go | 69 +++ vendor/github.com/google/go-containerregistry/LICENSE | 202 +++++++ vendor/github.com/google/go-containerregistry/pkg/name/README.md | 3 + vendor/github.com/google/go-containerregistry/pkg/name/check.go | 43 ++ vendor/github.com/google/go-containerregistry/pkg/name/digest.go | 96 +++ vendor/github.com/google/go-containerregistry/pkg/name/doc.go | 42 ++ vendor/github.com/google/go-containerregistry/pkg/name/errors.go | 42 ++ vendor/github.com/google/go-containerregistry/pkg/name/options.go | 83 +++ vendor/github.com/google/go-containerregistry/pkg/name/ref.go | 75 +++ vendor/github.com/google/go-containerregistry/pkg/name/registry.go | 136 +++++ vendor/github.com/google/go-containerregistry/pkg/name/repository.go | 121 ++++ vendor/github.com/google/go-containerregistry/pkg/name/tag.go | 108 ++++ vendor/github.com/letsencrypt/boulder/LICENSE.txt | 375 ++++++++++++ vendor/github.com/letsencrypt/boulder/core/challenges.go | 27 + vendor/github.com/letsencrypt/boulder/core/interfaces.go | 14 + vendor/github.com/letsencrypt/boulder/core/objects.go | 536 +++++++++++++++++ vendor/github.com/letsencrypt/boulder/core/proto/core.pb.go | 1100 ++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/core/proto/core.proto | 95 +++ vendor/github.com/letsencrypt/boulder/core/util.go | 298 ++++++++++ vendor/github.com/letsencrypt/boulder/errors/errors.go | 150 +++++ vendor/github.com/letsencrypt/boulder/features/featureflag_string.go | 45 ++ vendor/github.com/letsencrypt/boulder/features/features.go | 158 +++++ vendor/github.com/letsencrypt/boulder/goodkey/blocked.go | 98 +++ vendor/github.com/letsencrypt/boulder/goodkey/good_key.go | 432 ++++++++++++++ vendor/github.com/letsencrypt/boulder/goodkey/weak.go | 66 +++ vendor/github.com/letsencrypt/boulder/identifier/identifier.go | 32 + vendor/github.com/letsencrypt/boulder/probs/probs.go | 349 +++++++++++ vendor/github.com/letsencrypt/boulder/revocation/reasons.go | 74 +++ vendor/github.com/letsencrypt/boulder/sa/proto/sa.pb.go | 3449 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/sa.proto | 272 +++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/sa_grpc.pb.go | 1515 +++++++++++++++++++++++++++++++++++++++++++++++ vendor/github.com/letsencrypt/boulder/sa/proto/subsets.go | 46 ++ vendor/github.com/sigstore/sigstore/COPYRIGHT.txt | 14 + vendor/github.com/sigstore/sigstore/LICENSE | 202 +++++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/certificate.go | 170 ++++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/generic.go | 31 + vendor/github.com/sigstore/sigstore/pkg/cryptoutils/password.go | 96 +++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/privatekey.go | 144 +++++ vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go | 174 ++++++ vendor/github.com/sigstore/sigstore/pkg/signature/doc.go | 17 + vendor/github.com/sigstore/sigstore/pkg/signature/ecdsa.go | 244 ++++++++ vendor/github.com/sigstore/sigstore/pkg/signature/ed25519.go | 197 ++++++ vendor/github.com/sigstore/sigstore/pkg/signature/message.go | 111 ++++ vendor/github.com/sigstore/sigstore/pkg/signature/options.go | 57 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/context.go | 36 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/digest.go | 35 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/keyversion.go | 50 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/noop.go | 49 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/rand.go | 41 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/remoteverification.go | 32 + vendor/github.com/sigstore/sigstore/pkg/signature/options/rpcauth.go | 58 ++ vendor/github.com/sigstore/sigstore/pkg/signature/options/signeropts.go | 40 ++ vendor/github.com/sigstore/sigstore/pkg/signature/payload/payload.go | 104 ++++ vendor/github.com/sigstore/sigstore/pkg/signature/publickey.go | 25 + vendor/github.com/sigstore/sigstore/pkg/signature/rsapkcs1v15.go | 225 +++++++ vendor/github.com/sigstore/sigstore/pkg/signature/rsapss.go | 260 ++++++++ vendor/github.com/sigstore/sigstore/pkg/signature/signer.go | 89 +++ vendor/github.com/sigstore/sigstore/pkg/signature/signerverifier.go | 69 +++ vendor/github.com/sigstore/sigstore/pkg/signature/util.go | 55 ++ vendor/github.com/sigstore/sigstore/pkg/signature/verifier.go | 100 ++++ vendor/github.com/theupdateframework/go-tuf/LICENSE | 27 + vendor/github.com/theupdateframework/go-tuf/encrypted/encrypted.go | 226 +++++++ vendor/github.com/titanous/rocacheck/LICENSE | 22 + vendor/github.com/titanous/rocacheck/README.md | 7 + vendor/github.com/titanous/rocacheck/rocacheck.go | 52 ++ vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go | 40 ++ vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go | 22 + vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go | 10 + vendor/golang.org/x/crypto/internal/poly1305/poly1305.go | 99 ++++ vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go | 48 ++ vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s | 109 ++++ vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go | 310 ++++++++++ vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go | 48 ++ vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s | 182 ++++++ vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go | 76 +++ vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s | 504 ++++++++++++++++ vendor/golang.org/x/crypto/internal/subtle/aliasing.go | 33 ++ vendor/golang.org/x/crypto/internal/subtle/aliasing_purego.go | 36 ++ vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go | 173 ++++++ vendor/golang.org/x/crypto/ocsp/ocsp.go | 789 +++++++++++++++++++++++++ vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go | 144 +++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go | 199 +++++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go | 24 + vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s | 881 +++++++++++++++++++++++++++ vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go | 15 + vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go | 231 ++++++++ vendor/golang.org/x/crypto/scrypt/scrypt.go | 212 +++++++ vendor/golang.org/x/crypto/sha3/doc.go | 66 +++ vendor/golang.org/x/crypto/sha3/hashes.go | 97 +++ vendor/golang.org/x/crypto/sha3/hashes_generic.go | 28 + vendor/golang.org/x/crypto/sha3/keccakf.go | 413 +++++++++++++ vendor/golang.org/x/crypto/sha3/keccakf_amd64.go | 14 + vendor/golang.org/x/crypto/sha3/keccakf_amd64.s | 391 ++++++++++++ vendor/golang.org/x/crypto/sha3/register.go | 19 + vendor/golang.org/x/crypto/sha3/sha3.go | 193 ++++++ vendor/golang.org/x/crypto/sha3/sha3_s390x.go | 285 +++++++++ vendor/golang.org/x/crypto/sha3/sha3_s390x.s | 34 ++ vendor/golang.org/x/crypto/sha3/shake.go | 173 ++++++ vendor/golang.org/x/crypto/sha3/shake_generic.go | 20 + vendor/golang.org/x/crypto/sha3/xor.go | 24 + vendor/golang.org/x/crypto/sha3/xor_generic.go | 28 + vendor/golang.org/x/crypto/sha3/xor_unaligned.go | 68 +++ vendor/google.golang.org/grpc/channelz/channelz.go | 36 ++ vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go | 382 ++++++++++++ vendor/google.golang.org/grpc/internal/pretty/pretty.go | 82 +++ vendor/google.golang.org/protobuf/encoding/protojson/decode.go | 665 +++++++++++++++++++++ vendor/google.golang.org/protobuf/encoding/protojson/doc.go | 11 + vendor/google.golang.org/protobuf/encoding/protojson/encode.go | 344 +++++++++++ vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go | 889 ++++++++++++++++++++++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode.go | 340 +++++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_number.go | 254 ++++++++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_string.go | 91 +++ vendor/google.golang.org/protobuf/internal/encoding/json/decode_token.go | 192 ++++++ vendor/google.golang.org/protobuf/internal/encoding/json/encode.go | 276 +++++++++ vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go | 168 ++++++ Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
THIS MUST HAVE TOTAL CODE COVERAGE. type: cosignSigned, with the usual keyData/keyPath. Fulcio/Rekor is plausible _for the off-line rekor log entry proofs_, but not currently implemented. Tests first. NOTE: This only allows a single public key, not a keyring, unlike simple signing. That seems problematic, there are known users of that. But we can fix that later by adding keyDirectory and the like. FIXME: Update documentation of policy.json. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
mtrmac
force-pushed
the
cosign-integration
branch
from
6a1b669
to
8a25bbf
Compare
This is a single integration branch of the Cosign prototypes.
💀💀💀DO NOT MERGE THIS WITHOUT ADDING TEST COVERAGE
See #1598.
(Outstanding) merge/review order: