Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix: Remove an extra registry request from verification path.
🐛 Remove an extra registry request when supplied with a digest. The current logic calls `getSignedEntity` which must determine the media type of the referenced entity in order to produce an appropriately types `SignedEntity`. However, we are only interested in the attached signatures (or attestations) and not the underlying structure, so when we are passed a digest, this roundtrip is entirely superfluous. This changes this logic to explicitly resolve the digest (since verification wants to know the `v1.Hash`), which is free for digests. Then we explicitly invoke `ociremote.Signatures()` on one of `ociremote.{Signature,Attestation}Tag`, which is also free (since we always pass the digest). /kind bug Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
- Loading branch information