Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement signed images verification #94

Closed
wants to merge 8 commits into from
Closed

Implement signed images verification #94

wants to merge 8 commits into from

Conversation

dimitar-dimitrow
Copy link
Contributor

@dimitar-dimitrow dimitar-dimitrow commented Nov 17, 2022
edited by e-grigorov
Loading

[#67] Implement signed images verification

  • API for providing verification configuration per container
  • container-management flag for providing global verification configuration
  • verification manager API
  • verification manager implementation based on cosign
  • needed utility methods for parsing and validation
  • needed modification to pass current unit test
  • new dependencies are covered in NOTICE file

Signed-off-by: Dimitar Dimitrov dimitar.dimitrov3@bosch.io

@e-grigorov e-grigorov linked an issue Nov 17, 2022 that may be closed by this pull request
Implement signed images verification #67
Closed
@dimitar-dimitrow dimitar-dimitrow added this to the M3 milestone Nov 17, 2022
k-gostev
k-gostev reviewed Nov 18, 2022
View reviewed changes
Copy link
Member

@k-gostev k-gostev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of nits

containerm/ctr/ctr_verify_mgr.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_client_internal.go Outdated Show resolved Hide resolved
e-grigorov
e-grigorov suggested changes Nov 18, 2022
View reviewed changes
containerm/containers/types/verify_config.go Outdated Show resolved Hide resolved
containerm/ctr/ctr_verify_mgr.go Outdated Show resolved Hide resolved
containerm/daemon/daemon_config_util.go Outdated Show resolved Hide resolved
@dimitar-dimitrow dimitar-dimitrow mentioned this pull request Nov 28, 2022
Closed
k-gostev
k-gostev approved these changes Nov 30, 2022
View reviewed changes
Copy link
Member

@k-gostev k-gostev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

k-gostev
k-gostev suggested changes Dec 16, 2022
View reviewed changes
containerm/ctr/ctrd_client_internal.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_client_internal.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_client_internal.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_client_internal_test.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_verification_mgr.go Outdated Show resolved Hide resolved
containerm/ctr/ctrd_verification_util.go Outdated Show resolved Hide resolved
containerm/util/containers_validation.go Outdated Show resolved Hide resolved
containerm/util/util_verification.go Outdated Show resolved Hide resolved
@k-gostev k-gostev removed this from the M3 milestone May 30, 2023
@k-gostev k-gostev changed the base branch from main to dev-m5 October 16, 2023 13:25
@dimitar-dimitrow
Implement signed images verification
69379eb 
[67] Implement signed images verification
- API for providing verification configuration per container
- container-management flag for providing global verification configuration
- verification manager API
- verification manager implementation based on cosign
- needed utility methods for parsing and validation
- needed modification to pass current unit test
- new dependencies are covered in NOTICE file

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Implement signed images verification
ac61d7c 
[67] Implement signed images verification
- refactor verification mgr API
- use spi for pull, get and delete of signature
- use verification prefix instead of ver

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Implement signed images verification
228738c 
[67] Implement signed images verification
- verify_config -> verification_config

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Implement signed images verification
bd4c0a8 
[67] Minor fixes
- ctr_verification... renamed to ctrd_verification...
- typos and other adjustments

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Implement signed images verification
7e9fdb8 
[67] Fixed comments
- changed API order and move to var args
- verification logic moved from getImage to verifyImage
- removed validation of verification configuration, errors would pop up during parsing
- unit tests fixed accordingly

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Implement signed images verification
340ebd7 
[67] Minor improvements

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Sorted imports and keep variables at the minimal scope
d184590 
[67] Implement signed images verification

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow
Updated copyright date and notice file, renamed verification files in…
4313786 
… ctr package

[67] Implement signed images verification

Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.io>
@dimitar-dimitrow dimitar-dimitrow removed a link to an issue Nov 22, 2023
Implement signed images verification #67
Closed
@dimitar-dimitrow dimitar-dimitrow deleted the signed-image-support branch February 7, 2024 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k-gostev k-gostev k-gostev requested changes

@konstantina-gramatova konstantina-gramatova Awaiting requested review from konstantina-gramatova

@e-grigorov e-grigorov Awaiting requested review from e-grigorov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dimitar-dimitrow @e-grigorov @k-gostev