From a27ad0f1cebd84b901224914a84c96a17b50e643 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Tue, 22 Mar 2022 19:14:07 +0100
Subject: [PATCH] Don't fail open in VerifyBundle
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This code path succeeding and bypassing all future checks
worries me greatly, and I can't find any documentation nor explanation
for why that is necessary, so let's close this avenue and see what breaks.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
 pkg/cosign/verify.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go
index b00ed733c75..75dba01b011 100644
--- a/pkg/cosign/verify.go
+++ b/pkg/cosign/verify.go
@@ -753,7 +753,7 @@ func VerifyBundle(ctx context.Context, sig oci.Signature) (bool, error) {
 	if err != nil {
 		return false, err
 	} else if cert == nil {
-		return true, nil
+		return false, errors.New("signature does not include a certificate")
 	}
 
 	// verify the cert against the integrated time