Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify local blobs #83

Open
lkatalin opened this issue Jul 21, 2022 · 3 comments
Open

Verify local blobs #83

lkatalin opened this issue Jul 21, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@lkatalin
Copy link
Contributor

From @lukehinds

Currently sigstore-rs verifies a cosign signature stashed in an OCI registy, but we might also want to attest blobs locally (exist in rekor and signed with an ODIC account or pub key that we provide). We would likely want a client to perform this, but we expose the ABI in sigstore-rs to allow them to so so
@lkatalin lkatalin added the enhancement New feature or request label Jul 21, 2022
@mlieberman85
Copy link

I have a PR for this for "cosign" but be aware that there's currently a bug in Rekor: sigstore/rekor#582 so you can't actually verify the signature from Rekor. You will need to keep the signature locally.

@lkatalin
Copy link
Contributor Author

I have a PR for this for "cosign" but be aware that there's currently a bug in Rekor: sigstore/rekor#582 so you can't actually verify the signature from Rekor. You will need to keep the signature locally.

Thanks for pointing that out! Looks like the issue is now resolved.

@mlieberman85
Copy link

Yep, just got merged. Not 100% sure when it'll be released though.

@woodruffw woodruffw mentioned this issue Jun 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlieberman85 @lkatalin