Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1465 attestation with private key #1502

Merged
merged 4 commits into from
Jan 26, 2023
Merged

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Jan 20, 2023

Return PKI options to original documented state

Closes #1465

Users can now add a --key <KEY_PATH> option to the syft attest command. This option will be passed to the shell out command introduced #1442

Users can set the password for the key by using the environment variable SYFT_ATTEST_PASSWORD

Previous versions of syft offered an interactive TUI for typing the password. Because of the nature of the shellout command this option is no longer available

To test:

cosign generate-key-pair
go run ./cmd/syft/main.go attest --key cosign.key <IMAGE_WITH_WRITE_ACCESS>

Screenshot 2023-01-26 at 10 00 29 AM

@github-actions
Copy link

github-actions bot commented Jan 20, 2023

Benchmark Test Results

Benchmark results from the latest changes vs base branch
goos: linux
goarch: amd64
pkg: github.com/anchore/syft/test/integration
cpu: Intel(R) Xeon(R) Platinum 8171M CPU @ 2.60GHz
                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │            sec/op            │
ImagePackageCatalogers/alpmdb-cataloger-2                                   15.41m ± 24%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             1.709m ±  2%
ImagePackageCatalogers/python-package-cataloger-2                           4.313m ±  1%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   1.422m ±  2%
ImagePackageCatalogers/javascript-package-cataloger-2                       990.5µ ±  3%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   1.151m ±  4%
ImagePackageCatalogers/rpm-db-cataloger-2                                   1.681m ±  2%
ImagePackageCatalogers/java-cataloger-2                                     18.75m ±  4%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     9.390µ ±  3%
ImagePackageCatalogers/apkdb-cataloger-2                                    1.170m ±  3%
ImagePackageCatalogers/go-module-binary-cataloger-2                         19.71µ ±  3%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              1.843m ±  2%
ImagePackageCatalogers/portage-cataloger-2                                  939.3µ ±  2%
ImagePackageCatalogers/sbom-cataloger-2                                     5.708m ±  3%
ImagePackageCatalogers/binary-cataloger-2                                   8.138m ±  2%
geomean                                                                     1.360m

                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │             B/op             │
ImagePackageCatalogers/alpmdb-cataloger-2                                   5.041Mi ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                             204.5Ki ± 0%
ImagePackageCatalogers/python-package-cataloger-2                           954.4Ki ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                   217.8Ki ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                       158.4Ki ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                   200.3Ki ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                   300.0Ki ± 0%
ImagePackageCatalogers/java-cataloger-2                                     3.371Mi ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                     1.375Ki ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                    181.9Ki ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                         2.121Ki ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                              377.9Ki ± 0%
ImagePackageCatalogers/portage-cataloger-2                                  138.0Ki ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                     724.9Ki ± 0%
ImagePackageCatalogers/binary-cataloger-2                                   1.028Mi ± 0%
geomean                                                                     221.6Ki

                                                          │ ./.tmp/benchmark-bb079a1.txt │
                                                          │          allocs/op           │
ImagePackageCatalogers/alpmdb-cataloger-2                                    85.84k ± 0%
ImagePackageCatalogers/ruby-gemspec-cataloger-2                              4.349k ± 0%
ImagePackageCatalogers/python-package-cataloger-2                            16.82k ± 0%
ImagePackageCatalogers/php-composer-installed-cataloger-2                    5.604k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2                        3.432k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2                                    4.575k ± 0%
ImagePackageCatalogers/rpm-db-cataloger-2                                    8.318k ± 0%
ImagePackageCatalogers/java-cataloger-2                                      58.88k ± 0%
ImagePackageCatalogers/graalvm-native-image-cataloger-2                       32.00 ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                                     5.331k ± 0%
ImagePackageCatalogers/go-module-binary-cataloger-2                           70.00 ± 0%
ImagePackageCatalogers/dotnet-deps-cataloger-2                               7.206k ± 0%
ImagePackageCatalogers/portage-cataloger-2                                   3.683k ± 0%
ImagePackageCatalogers/sbom-cataloger-2                                      25.34k ± 0%
ImagePackageCatalogers/binary-cataloger-2                                    36.81k ± 0%
geomean                                                                      5.332k

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs force-pushed the 1465-attestation-with-private-key branch from f5797e3 to 81f8fed Compare January 20, 2023 19:46
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

}

func (cfg attest) loadDefaultValues(v *viper.Viper) {
v.SetDefault("attest.key", "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is already set because of the v.BindPFlag("attest.key", flags.Lookup("key")) earlier

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! I removed it and didn't see any change. I would like to keep this though as the default that is called even if v.BindPFlag("attest.key", flags.Lookup("key")) is not invoked during another command.

I don't think v.BindPFlag("attest.key", flags.Lookup("key")) is called during other non attest command executions and having the config set explicit defaults overall seems cleaner than implicitly blank strings if nothing is called.

@spiffcs spiffcs merged commit 8c91605 into main Jan 26, 2023
@spiffcs spiffcs deleted the 1465-attestation-with-private-key branch January 26, 2023 16:19
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
1465 attestation with private key (anchore#1502)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Attestation with a private key
2 participants