Support image signing and verification

[ningziwen]

What is the problem you're trying to solve?.
Nerdctl has signing and verification by Cosign and Notation as experimental features today.
https://github.com/containerd/nerdctl/blob/main/docs/cosign.md
https://github.com/containerd/nerdctl/blob/main/docs/notation.md

However, without the binaries installed in Finch VM, the signing and verification related functionalities are not working in Finch and would throw

cosign executable not found in path $PATH

Describe the feature you'd like
Package Cosign and Notation in Finch VM.

Additional context
Add any other context or screenshots about the feature request here.

[ningziwen]

One blocker of adding Cosign is that there is one step in cosign that requires users passing cosign password as environment variable.

finch <sub_command> actually calls limactl shell finch sudo nerdctl <sub_command>. limactl shell can't pass-through environment variable today. Created an issue in Lima to understand if it is expected.

If Lima wants to suppport env pass-through by limactl shell, we can add -E after sudo to make nerdctl command use the COSIGN_PASSWORD env var.

Otherwise, we will need to inject COSIGN_PASSWORD=<pass> between sudo and nerdctl to handle it specially.

---

Will inject COSIGN_PASSWORD=<pass> between sudo and nerdctl based on Lima's response.

[ningziwen]

Another blocker is in the latest Cosign 2.0.0, cosign sign needs to pass --yes to prevent prompt.
Making the change in Nerdctl. containerd/nerdctl#2109

[ningziwen]

This change updated the OS image which includes Cosign binary. The overall Finch size will increase by around 40MB with this OS image. As there are other pending Cosign changes, we may need to only package Cosign which increases 40MB size, but without making Cosign work in the next version. Considering the size increasing is not significant and it will anyways increase later, I think it is ok to not revert the OS image change. Let me know if anyone has concerns. cc @estesp @pendo324

[ningziwen]

Logging the recent work of Cosign experiemental support here:

• There was a regression for Cosign in nerdctl 1.3.0 and it was fixed in nerdctl 1.3.1 now. Nerdctl 1.3.1 is already merged in Finch.
• Cosign released 2.0.1 recently, and the key generated by 2.0.1 can't be used to sign in 2.0.0 because of this change. So upgraded the Cosign in Finch to 2.0.1.
• There were error message change in Cosign 2.0.1. Changed the e2e tests to match it.
• Noticed keyless verification with Cosign 2.0.0+ is not working in nerdctl (and also Finch). Raised an issue in nerdctl and fixing it. This fix will come later as follow up and won't block the Finch release.

[ningziwen]

About Notation, Nerdctl Notation integration is done. containerd/nerdctl#1974

The major blocker of Finch Notation integration is Docker credential sharing (Issue). Without it, Notation login and logout are required to manage Notation credentials. Providing extra commands in Finch or asking users to log in Finch VM to run it are both not desirable. When the issue is resolved, Notation can share the credentials of Docker/Nerdctl so Finch login/logout can manage it.

Once it is completed, we may consider integrating Notation 1.0 RC as experimental support.

Before Notation 1.0, there is a risk of spec change, implementation change, and other experience gaps like plugin installation(Issue) and local key signing(Issue). So the full support in Finch will be after Notation 1.0.

[weikequ]

Notation 1.0 is out: https://github.com/notaryproject/notation/releases/tag/v1.0.0