From 6a8bcc4705c1e8b7a421ced6fe47d113e2dd5499 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Thu, 4 Jan 2024 01:42:55 +0530 Subject: [PATCH 1/6] parse the rekor bundle separately Signed-off-by: Vivek Kumar Sahu rename RekorBundle to RekorResponse Signed-off-by: Vivek Kumar Sahu add e2e test for rekor bundle Signed-off-by: Vivek Kumar Sahu added proper description Signed-off-by: Vivek Kumar Sahu handle nil value for rekorBundle Signed-off-by: Vivek Kumar Sahu fix e2e test failure Signed-off-by: Vivek Kumar Sahu updated the logic Signed-off-by: Vivek Kumar Sahu updated logic for rekor bundle Signed-off-by: Vivek Kumar Sahu specify whether bundle or rekor-bundle is passed Signed-off-by: Vivek Kumar Sahu --- cmd/cosign/cli/attach.go | 2 +- cmd/cosign/cli/attach/sig.go | 26 ++++++++++++++++------ cmd/cosign/cli/options/attach.go | 8 ++++--- doc/cosign_attach_signature.md | 2 +- test/e2e_test.go | 37 +++++++++++++++++++++----------- 5 files changed, 51 insertions(+), 24 deletions(-) diff --git a/cmd/cosign/cli/attach.go b/cmd/cosign/cli/attach.go index f8c384f97ac..e532745d6a0 100644 --- a/cmd/cosign/cli/attach.go +++ b/cmd/cosign/cli/attach.go @@ -66,7 +66,7 @@ func attachSignature() *cobra.Command { PersistentPreRun: options.BindViper, Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - return attach.SignatureCmd(cmd.Context(), o.Registry, o.Signature, o.Payload, o.Cert, o.CertChain, o.TimeStampedSig, o.RekorBundle, args[0]) + return attach.SignatureCmd(cmd.Context(), o.Registry, o.Signature, o.Payload, o.Cert, o.CertChain, o.TimeStampedSig, o.RekorResponse, args[0]) }, } diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go index a4162a67e87..3736ebdc87c 100644 --- a/cmd/cosign/cli/attach/sig.go +++ b/cmd/cosign/cli/attach/sig.go @@ -19,6 +19,7 @@ import ( "context" "encoding/json" "errors" + "fmt" "io" "os" "path/filepath" @@ -32,7 +33,7 @@ import ( "github.com/sigstore/cosign/v2/pkg/oci/static" ) -func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, payloadRef, certRef, certChainRef, timeStampedSigRef, rekorBundleRef, imageRef string) error { +func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, payloadRef, certRef, certChainRef, timeStampedSigRef, rekorResponseRef, imageRef string) error { b64SigBytes, err := signatureBytes(sigRef) if err != nil { return err @@ -98,20 +99,31 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, } } tsBundle := bundle.TimestampToRFC3161Timestamp(timeStampedSig) - - if rekorBundleRef != "" { - rekorBundleByte, err := os.ReadFile(filepath.Clean(rekorBundleRef)) + if rekorResponseRef != "" { + rekorResponseByte, err := os.ReadFile(filepath.Clean(rekorResponseRef)) if err != nil { return err } var localCosignPayload cosign.LocalSignedPayload - err = json.Unmarshal(rekorBundleByte, &localCosignPayload) - if err != nil { + if err := json.Unmarshal(rekorResponseByte, &localCosignPayload); err == nil { + rekorBundle = localCosignPayload.Bundle + if rekorBundle == nil && localCosignPayload.Cert == "" && localCosignPayload.Base64Signature == "" { + fmt.Printf("rekor-bundle is passed") + err = json.Unmarshal(rekorResponseByte, &rekorBundle) + if err != nil { + return err + } + } else { + fmt.Printf("Bundle is passed") + } + } else { return err } - rekorBundle = localCosignPayload.Bundle + if rekorBundle == nil { + return fmt.Errorf("unable to parse Rekor response to attach to image") + } } newSig, err := mutate.Signature(sig, mutate.WithCertChain(cert, certChain), mutate.WithRFC3161Timestamp(tsBundle), mutate.WithBundle(rekorBundle)) diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go index cb7b9a2ceb3..9504e4e057b 100644 --- a/cmd/cosign/cli/options/attach.go +++ b/cmd/cosign/cli/options/attach.go @@ -32,7 +32,7 @@ type AttachSignatureOptions struct { Cert string CertChain string TimeStampedSig string - RekorBundle string + RekorResponse string Registry RegistryOptions } @@ -58,8 +58,10 @@ func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command) { "signing certificate and end with the root certificate. Included in the OCI Signature") cmd.Flags().StringVar(&o.TimeStampedSig, "tsr", "", "path to the Time Stamped Signature Response from RFC3161 compliant TSA") - cmd.Flags().StringVar(&o.RekorBundle, "rekor-response", "", - "path to the rekor bundle") + cmd.Flags().StringVar(&o.RekorResponse, "rekor-response", "", + "NOTE: the path can be either bundle, i.e. `bundle.json` which can be retrieve as o/p of command "+ + "`cosign sign --bundle < bundle.json >` or "+ + "rekor bundle formatted from rekor-response.") } // AttachSBOMOptions is the top level wrapper for the attach sbom command. diff --git a/doc/cosign_attach_signature.md b/doc/cosign_attach_signature.md index 21e96f4f589..13e7f170f55 100644 --- a/doc/cosign_attach_signature.md +++ b/doc/cosign_attach_signature.md @@ -43,7 +43,7 @@ cosign attach signature [flags] --registry-password string registry basic auth password --registry-token string registry bearer auth token --registry-username string registry basic auth username - --rekor-response string path to the rekor bundle + --rekor-response bundle.json NOTE: the path can be either bundle, i.e. bundle.json which can be retrieve as o/p of command `cosign sign --bundle < bundle.json >` or rekor bundle formatted from rekor-response. --signature string path to the signature, or {-} for stdin --tsr string path to the Time Stamped Signature Response from RFC3161 compliant TSA ``` diff --git a/test/e2e_test.go b/test/e2e_test.go index 09c397eb176..4f07de6ff3d 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -236,7 +236,6 @@ func TestSignVerifyClean(t *testing.T) { } func TestImportSignVerifyClean(t *testing.T) { - repo, stop := reg(t) defer stop() td := t.TempDir() @@ -968,34 +967,50 @@ func TestAttachWithRekorBundle(t *testing.T) { certchainRef := mkfile(string(append(pemSub[:], pemRoot[:]...)), td, t) + localRekorBundle := &bundle.RekorBundle{ + SignedEntryTimestamp: strfmt.Base64("MEUCIEDcarEwRYkrxE9ne+kzEVvUhnWaauYzxhUyXOLy1hwAAiEA4VdVCvNRs+D/5o33C2KBy+q2YX3lP4Y7nqRFU+K3hi0="), + Payload: bundle.RekorPayload{ + Body: "REMOVED", + IntegratedTime: 1631646761, + LogIndex: 693591, + LogID: "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d", + }, + } + localPayload := cosign.LocalSignedPayload{ Base64Signature: b64signature, Cert: string(pemLeaf), - Bundle: &bundle.RekorBundle{ - SignedEntryTimestamp: strfmt.Base64("MEUCIEDcarEwRYkrxE9ne+kzEVvUhnWaauYzxhUyXOLy1hwAAiEA4VdVCvNRs+D/5o33C2KBy+q2YX3lP4Y7nqRFU+K3hi0="), - Payload: bundle.RekorPayload{ - Body: "REMOVED", - IntegratedTime: 1631646761, - LogIndex: 693591, - LogID: "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d", - }, - }, + Bundle: localRekorBundle, } jsonBundle, err := json.Marshal(localPayload) if err != nil { t.Fatal(err) } + jsonRekorBundle, err := json.Marshal(localRekorBundle) + if err != nil { + t.Fatal(err) + } + bundlePath := filepath.Join(td, "bundle.json") if err := os.WriteFile(bundlePath, jsonBundle, 0644); err != nil { t.Fatal(err) } + rekorBundlePath := filepath.Join(td, "bundle2.json") + if err := os.WriteFile(rekorBundlePath, jsonRekorBundle, 0644); err != nil { + t.Fatal(err) + } + // Upload it! err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", bundlePath, imgName) if err != nil { t.Fatal(err) } + err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", rekorBundlePath, imgName) + if err != nil { + t.Fatal(err) + } } func TestRekorBundle(t *testing.T) { @@ -1615,7 +1630,6 @@ func keypair(t *testing.T, td string) (*cosign.KeysBytes, string, string) { } func importKeyPair(t *testing.T, td string) (*cosign.KeysBytes, string, string) { - const validrsa1 = `-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAx5piWVlE62NnZ0UzJ8Z6oKiKOC4dbOZ1HsNhIRtqkM+Oq4G+ 25yq6P+0JU/Qvr9veOGEb3R/J9u8JBo+hv2i5X8OtgvP2V2pi6f1s6vK7L0+6uRb @@ -1675,7 +1689,6 @@ qGzRVIDGbNkrVHM0IsAtHRpC0rYrtZY+9OwiraGcsqUMLwwQdCA= t.Fatal(err) } return keys, privKeyPath, pubKeyPath - } func TestUploadDownload(t *testing.T) { From 8bf2eb15f9ada2f1a391c51647ffbf58bc63491b Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Fri, 2 Feb 2024 13:41:43 +0530 Subject: [PATCH 2/6] implement rekor-response type from bunle type Signed-off-by: Vivek Kumar Sahu --- cmd/cosign/cli/attach/sig.go | 29 +++++++++++++++-------------- pkg/cosign/fetch.go | 3 +++ 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go index 3736ebdc87c..dc749e14a7f 100644 --- a/cmd/cosign/cli/attach/sig.go +++ b/cmd/cosign/cli/attach/sig.go @@ -105,20 +105,21 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, return err } - var localCosignPayload cosign.LocalSignedPayload - if err := json.Unmarshal(rekorResponseByte, &localCosignPayload); err == nil { - rekorBundle = localCosignPayload.Bundle - if rekorBundle == nil && localCosignPayload.Cert == "" && localCosignPayload.Base64Signature == "" { - fmt.Printf("rekor-bundle is passed") - err = json.Unmarshal(rekorResponseByte, &rekorBundle) - if err != nil { - return err - } - } else { - fmt.Printf("Bundle is passed") - } - } else { - return err + var rekorResponse cosign.RekorResponse + err = json.Unmarshal(rekorResponseByte, &rekorResponse) + if err != nil { + return fmt.Errorf("Unmarshal rekorResponse error: ", err) + } + + if rekorResponse == nil { + return fmt.Errorf("unable to parse rekor-response to attach to image") + } + for _, v := range rekorResponse { + rekorBundle.SignedEntryTimestamp = v.Verification.SignedEntryTimestamp + rekorBundle.Payload.Body = v.Body + rekorBundle.Payload.IntegratedTime = *v.IntegratedTime + rekorBundle.Payload.LogIndex = *v.LogIndex + rekorBundle.Payload.LogID = *v.LogID } if rekorBundle == nil { diff --git a/pkg/cosign/fetch.go b/pkg/cosign/fetch.go index ff81be227bd..98704bdc56c 100644 --- a/pkg/cosign/fetch.go +++ b/pkg/cosign/fetch.go @@ -31,6 +31,7 @@ import ( "github.com/sigstore/cosign/v2/pkg/cosign/bundle" "github.com/sigstore/cosign/v2/pkg/oci" ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote" + "github.com/sigstore/rekor/pkg/generated/models" "golang.org/x/sync/errgroup" ) @@ -51,6 +52,8 @@ type LocalSignedPayload struct { Bundle *bundle.RekorBundle `json:"rekorBundle,omitempty"` } +type RekorResponse map[string]models.LogEntryAnon + type Signatures struct { KeyID string `json:"keyid"` Sig string `json:"sig"` From ddc424ae442785e44a84b25fee361772f6ee1cc9 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Mon, 5 Feb 2024 14:09:32 +0530 Subject: [PATCH 3/6] update the logic for reko response Signed-off-by: Vivek Kumar Sahu --- cmd/cosign/cli/attach/sig.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go index dc749e14a7f..8255f769680 100644 --- a/cmd/cosign/cli/attach/sig.go +++ b/cmd/cosign/cli/attach/sig.go @@ -76,8 +76,7 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, var cert []byte var certChain []byte var timeStampedSig []byte - var rekorBundle *bundle.RekorBundle - + rekorBundle := &bundle.RekorBundle{} if certRef != "" { cert, err = os.ReadFile(filepath.Clean(certRef)) if err != nil { @@ -108,12 +107,13 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, var rekorResponse cosign.RekorResponse err = json.Unmarshal(rekorResponseByte, &rekorResponse) if err != nil { - return fmt.Errorf("Unmarshal rekorResponse error: ", err) + return fmt.Errorf("unmarshal rekorResponse error: %v", err) } if rekorResponse == nil { return fmt.Errorf("unable to parse rekor-response to attach to image") } + for _, v := range rekorResponse { rekorBundle.SignedEntryTimestamp = v.Verification.SignedEntryTimestamp rekorBundle.Payload.Body = v.Body @@ -121,10 +121,6 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, rekorBundle.Payload.LogIndex = *v.LogIndex rekorBundle.Payload.LogID = *v.LogID } - - if rekorBundle == nil { - return fmt.Errorf("unable to parse Rekor response to attach to image") - } } newSig, err := mutate.Signature(sig, mutate.WithCertChain(cert, certChain), mutate.WithRFC3161Timestamp(tsBundle), mutate.WithBundle(rekorBundle)) From 314c1ff1a87444e964b94ad82956a55dafa48698 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Tue, 6 Feb 2024 10:14:31 +0530 Subject: [PATCH 4/6] add e2e test for new format of rekor-response --- test/e2e_test.go | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/test/e2e_test.go b/test/e2e_test.go index 4f07de6ff3d..1b41c2713c9 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -44,6 +44,7 @@ import ( "github.com/google/go-containerregistry/pkg/registry" "github.com/google/go-containerregistry/pkg/v1/random" "github.com/google/go-containerregistry/pkg/v1/remote" + "github.com/sigstore/rekor/pkg/generated/models" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8s "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" @@ -983,6 +984,33 @@ func TestAttachWithRekorBundle(t *testing.T) { Bundle: localRekorBundle, } + rekorResponse := make(cosign.RekorResponse) + logIndexValue := int64(63771522) + rootHash := "5bbff4e9f8034a33b102996271c0e01b87caa83c44c46e893b47b81467fd808c" + treeSize := int64(64319120) + checkPoint := "rekor.sigstore.dev - 2605736670972794746\n64319120\nW7/06fgDSjOxApliccDgG4fKqDxExG6JO0e4FGf9gIw=\nTimestamp: 1706845443714164712\n\n— rekor.sigstore.dev wNI9ajBFAiEAnduIhP1Jjz8E0ZAP8e1x0aKqzJCtmWZyV1mRJB/PlOoCIBoeHdjeONYmxlD2Za7sU0NeK/60skNnwoelsa3m2M8z\n" + integratedTime := int64(1706680021) + logID := "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d" + logIndex := int64(67934953) + + logEntry := models.LogEntryAnon{ + Body: "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3YTIxODlmNzNlYTVkYmVlMmQ1NjgxMGU4NjBjZDgxNjdlYTFiMGYzMTdkZGRjMmU0YzE2NmU3ZDY4NzUzOGYwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQlZtMVc1YlNSOXBTYVFyRWRVL2dOeEZuaVQzMCs4RGp5SG9naERwWHM3b0FpQXMyby82c3l2bzRaTDd3YVUrMXBNeVIvR1dNWlZTaUdzRm5hSm04ZDZZZ0E9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGUldGSWNHUmhZVE13ZEVOaVMxbG5lalpyUlhsQmNqTXJORmh5TWdwb1pWUjNaM2hQVVVrM2QwcDRiVWhIWW5OU1dYcEJWbFJyUVN0RGIzVjZUblZrTUc5eGRuUTRXVXB0Tm5CQlFUZG5SbUZFUkZGU05EUlJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=", + IntegratedTime: &integratedTime, + LogID: &logID, + LogIndex: &logIndex, + Verification: &models.LogEntryAnonVerification{ + InclusionProof: &models.InclusionProof{ + Checkpoint: &checkPoint, + LogIndex: &logIndexValue, + RootHash: &rootHash, + TreeSize: &treeSize, + }, + SignedEntryTimestamp: strfmt.Base64("MEUCIQCLiNiSLxFk8vgkCopYcuFQXGEcvr6YM0TXgFUe5HcAHAIgSJuWj3uH8QrQeaEfc5ddMpIwU4JdXmQD3bgfkntEVTk="), + }, + } + + rekorResponse["24296fb24b8ad77a8ada322cbba201d23b88acd2f68b29e358668e3aef36306ddb2c253ca0dc9ede"] = logEntry + jsonBundle, err := json.Marshal(localPayload) if err != nil { t.Fatal(err) @@ -991,6 +1019,10 @@ func TestAttachWithRekorBundle(t *testing.T) { if err != nil { t.Fatal(err) } + jsonRekorResponsePath, err := json.Marshal(rekorResponse) + if err != nil { + t.Fatal(err) + } bundlePath := filepath.Join(td, "bundle.json") if err := os.WriteFile(bundlePath, jsonBundle, 0644); err != nil { @@ -1002,6 +1034,11 @@ func TestAttachWithRekorBundle(t *testing.T) { t.Fatal(err) } + rekorResponsePath := filepath.Join(td, "rekor-response.json") + if err := os.WriteFile(rekorResponsePath, jsonRekorResponsePath, 0644); err != nil { + t.Fatal(err) + } + // Upload it! err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", bundlePath, imgName) if err != nil { @@ -1011,6 +1048,10 @@ func TestAttachWithRekorBundle(t *testing.T) { if err != nil { t.Fatal(err) } + err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", rekorResponsePath, imgName) + if err != nil { + t.Fatal(err) + } } func TestRekorBundle(t *testing.T) { From 0c9fe651e67ec1bbfe0a80d13b9c5bbe84c4141f Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Tue, 6 Feb 2024 10:52:00 +0530 Subject: [PATCH 5/6] remove old format rekor response test --- test/e2e_test.go | 52 +++++------------------------------------------- 1 file changed, 5 insertions(+), 47 deletions(-) diff --git a/test/e2e_test.go b/test/e2e_test.go index 1b41c2713c9..75821b58f13 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -930,7 +930,7 @@ func TestAttachWithRFC3161Timestamp(t *testing.T) { must(verifyKeylessTSA(imgName, file.Name(), true, true), t) } -func TestAttachWithRekorBundle(t *testing.T) { +func TestAttachWithRekorResponse(t *testing.T) { ctx := context.Background() repo, stop := reg(t) @@ -968,30 +968,14 @@ func TestAttachWithRekorBundle(t *testing.T) { certchainRef := mkfile(string(append(pemSub[:], pemRoot[:]...)), td, t) - localRekorBundle := &bundle.RekorBundle{ - SignedEntryTimestamp: strfmt.Base64("MEUCIEDcarEwRYkrxE9ne+kzEVvUhnWaauYzxhUyXOLy1hwAAiEA4VdVCvNRs+D/5o33C2KBy+q2YX3lP4Y7nqRFU+K3hi0="), - Payload: bundle.RekorPayload{ - Body: "REMOVED", - IntegratedTime: 1631646761, - LogIndex: 693591, - LogID: "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d", - }, - } - - localPayload := cosign.LocalSignedPayload{ - Base64Signature: b64signature, - Cert: string(pemLeaf), - Bundle: localRekorBundle, - } - rekorResponse := make(cosign.RekorResponse) - logIndexValue := int64(63771522) - rootHash := "5bbff4e9f8034a33b102996271c0e01b87caa83c44c46e893b47b81467fd808c" - treeSize := int64(64319120) - checkPoint := "rekor.sigstore.dev - 2605736670972794746\n64319120\nW7/06fgDSjOxApliccDgG4fKqDxExG6JO0e4FGf9gIw=\nTimestamp: 1706845443714164712\n\n— rekor.sigstore.dev wNI9ajBFAiEAnduIhP1Jjz8E0ZAP8e1x0aKqzJCtmWZyV1mRJB/PlOoCIBoeHdjeONYmxlD2Za7sU0NeK/60skNnwoelsa3m2M8z\n" integratedTime := int64(1706680021) logID := "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d" logIndex := int64(67934953) + checkPoint := "rekor.sigstore.dev - 2605736670972794746\n64319120\nW7/06fgDSjOxApliccDgG4fKqDxExG6JO0e4FGf9gIw=\nTimestamp: 1706845443714164712\n\n— rekor.sigstore.dev wNI9ajBFAiEAnduIhP1Jjz8E0ZAP8e1x0aKqzJCtmWZyV1mRJB/PlOoCIBoeHdjeONYmxlD2Za7sU0NeK/60skNnwoelsa3m2M8z\n" + logIndexValue := int64(63771522) + rootHash := "5bbff4e9f8034a33b102996271c0e01b87caa83c44c46e893b47b81467fd808c" + treeSize := int64(64319120) logEntry := models.LogEntryAnon{ Body: "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3YTIxODlmNzNlYTVkYmVlMmQ1NjgxMGU4NjBjZDgxNjdlYTFiMGYzMTdkZGRjMmU0YzE2NmU3ZDY4NzUzOGYwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQlZtMVc1YlNSOXBTYVFyRWRVL2dOeEZuaVQzMCs4RGp5SG9naERwWHM3b0FpQXMyby82c3l2bzRaTDd3YVUrMXBNeVIvR1dNWlZTaUdzRm5hSm04ZDZZZ0E9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGUldGSWNHUmhZVE13ZEVOaVMxbG5lalpyUlhsQmNqTXJORmh5TWdwb1pWUjNaM2hQVVVrM2QwcDRiVWhIWW5OU1dYcEJWbFJyUVN0RGIzVjZUblZrTUc5eGRuUTRXVXB0Tm5CQlFUZG5SbUZFUkZGU05EUlJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=", @@ -1011,43 +995,17 @@ func TestAttachWithRekorBundle(t *testing.T) { rekorResponse["24296fb24b8ad77a8ada322cbba201d23b88acd2f68b29e358668e3aef36306ddb2c253ca0dc9ede"] = logEntry - jsonBundle, err := json.Marshal(localPayload) - if err != nil { - t.Fatal(err) - } - jsonRekorBundle, err := json.Marshal(localRekorBundle) - if err != nil { - t.Fatal(err) - } jsonRekorResponsePath, err := json.Marshal(rekorResponse) if err != nil { t.Fatal(err) } - bundlePath := filepath.Join(td, "bundle.json") - if err := os.WriteFile(bundlePath, jsonBundle, 0644); err != nil { - t.Fatal(err) - } - - rekorBundlePath := filepath.Join(td, "bundle2.json") - if err := os.WriteFile(rekorBundlePath, jsonRekorBundle, 0644); err != nil { - t.Fatal(err) - } - rekorResponsePath := filepath.Join(td, "rekor-response.json") if err := os.WriteFile(rekorResponsePath, jsonRekorResponsePath, 0644); err != nil { t.Fatal(err) } // Upload it! - err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", bundlePath, imgName) - if err != nil { - t.Fatal(err) - } - err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", rekorBundlePath, imgName) - if err != nil { - t.Fatal(err) - } err = attach.SignatureCmd(ctx, options.RegistryOptions{}, sigRef, payloadref, pemleafRef, certchainRef, "", rekorResponsePath, imgName) if err != nil { t.Fatal(err) From 7b91e595ebe20f9408f929691431c40638553e26 Mon Sep 17 00:00:00 2001 From: Vivek Kumar Sahu Date: Wed, 7 Feb 2024 21:05:34 +0530 Subject: [PATCH 6/6] fix lint errors Signed-off-by: Vivek Kumar Sahu --- cmd/cosign/cli/attach/sig.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go index 8255f769680..f9eaa1be056 100644 --- a/cmd/cosign/cli/attach/sig.go +++ b/cmd/cosign/cli/attach/sig.go @@ -107,7 +107,7 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOptions, sigRef, var rekorResponse cosign.RekorResponse err = json.Unmarshal(rekorResponseByte, &rekorResponse) if err != nil { - return fmt.Errorf("unmarshal rekorResponse error: %v", err) + return fmt.Errorf("unmarshal rekorResponse error: %w", err) } if rekorResponse == nil {