Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add privacy statement for PII storage #1909

Merged
merged 1 commit into from May 25, 2022
Merged

Add privacy statement for PII storage #1909

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/cosign/cli/clean.go
View file
Open in desktop
Expand Up @@ -51,7 +51,7 @@ func Clean() *cobra.Command {

func CleanCmd(ctx context.Context, regOpts options.RegistryOptions, cleanType, imageRef string, force bool) error {
if !force {
ok, err := cosign.ConfirmPrompt(prompt(cleanType))
ok, err := cosign.ConfirmPromptDestructive(prompt(cleanType))
if err != nil {
return err
}
Expand Down
6 changes: 6 additions & 0 deletions cmd/cosign/cli/commands.go
View file
Open in desktop
Expand Up @@ -26,6 +26,7 @@ import (

cranecmd "github.com/google/go-containerregistry/cmd/crane/cmd"
"github.com/sigstore/cosign/cmd/cosign/cli/options"
"github.com/sigstore/cosign/pkg/cosign"
)

var (
Expand Down Expand Up @@ -73,6 +74,11 @@ func New() *cobra.Command {
if ro.Verbose {
logs.Debug.SetOutput(os.Stderr)
}

if ro.SkipConfirmation {
cosign.SetSkipConfirmation(ro.SkipConfirmation)
}

return nil
},
PersistentPostRun: func(cmd *cobra.Command, args []string) {
Expand Down
16 changes: 16 additions & 0 deletions cmd/cosign/cli/fulcio/fulcio.go
View file
Open in desktop
Expand Up @@ -22,6 +22,7 @@ import (
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"errors"
"fmt"
"net/url"
"os"
Expand All @@ -41,6 +42,12 @@ const (
FlowNormal = "normal"
FlowDevice = "device"
FlowToken = "token"
// spacing is intentional to have this indented
PrivacyStatement = `
Note that there may be personally identifiable information associated with this signed artifact.
This may include the email address associated with the account with which you authenticate.
This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.`
PrivacyStatementConfirmation = " By typing 'y', you attest that you grant (or have permission to grant) and agree to have this information stored permanently in transparency logs."
)

type oidcConnector interface {
Expand Down Expand Up @@ -135,6 +142,8 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
}
fmt.Fprintln(os.Stderr, "Retrieving signed certificate...")

fmt.Fprintln(os.Stderr, PrivacyStatement)

var flow string
switch {
case ko.FulcioAuthFlow != "":
Expand All @@ -146,6 +155,13 @@ func NewSigner(ctx context.Context, ko options.KeyOpts) (*Signer, error) {
fmt.Fprintln(os.Stderr, "Non-interactive mode detected, using device flow.")
flow = FlowDevice
default:
ok, err := cosign.ConfirmPrompt(PrivacyStatementConfirmation)
if err != nil {
return nil, err
}
if !ok {
return nil, errors.New("no confirmation")
}
flow = FlowNormal
}
Resp, err := GetCert(ctx, priv, idToken, flow, ko.OIDCIssuer, ko.OIDCClientID, ko.OIDCClientSecret, ko.OIDCRedirectURL, fClient) // TODO, use the chain.
Expand Down
10 changes: 7 additions & 3 deletions cmd/cosign/cli/options/root.go
View file
Open in desktop
Expand Up @@ -23,9 +23,10 @@ import (

// RootOptions define flags and options for the root cosign cli.
type RootOptions struct {
OutputFile string
Verbose bool
Timeout time.Duration
OutputFile string
Verbose bool
Timeout time.Duration
SkipConfirmation bool
}

// DefaultTimeout specifies the default timeout for commands.
Expand All @@ -43,4 +44,7 @@ func (o *RootOptions) AddFlags(cmd *cobra.Command) {

cmd.PersistentFlags().DurationVarP(&o.Timeout, "timeout", "t", DefaultTimeout,
"timeout for commands")

cmd.PersistentFlags().BoolVarP(&o.SkipConfirmation, "yes", "y", false,
"skip confirmation prompts for non-destructive operations")
}
1 change: 1 addition & 0 deletions doc/cosign.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_attach.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_attach_attestation.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_attach_sbom.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_attach_signature.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_attest.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_clean.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_completion.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_copy.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_dockerfile.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_dockerfile_verify.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_download.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_download_attestation.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_download_sbom.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_download_signature.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_generate-key-pair.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_generate.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_import-key-pair.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_initialize.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_load.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_login.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_manifest.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_manifest_verify.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_attestation.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_generate-key.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_reset.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_set-management-key.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_set-pin.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_set-puk.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_piv-tool_unblock.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_pkcs11-tool.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_pkcs11-tool_list-keys-uris.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_pkcs11-tool_list-tokens.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_policy.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_policy_init.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_policy_sign.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/cosign_public-key.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.