Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added ability to get image digest back via triangulate #3255

Merged
merged 1 commit into from
Oct 18, 2023
Merged

added ability to get image digest back via triangulate #3255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/cosign/cli/options/triangulate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@ func (o *TriangulateOptions) AddFlags(cmd *cobra.Command) {
o.Registry.AddFlags(cmd)

cmd.Flags().StringVar(&o.Type, "type", "signature",
"related attachment to triangulate (attestation|sbom|signature), default signature (sbom is deprecated)")
"related attachment to triangulate (attestation|sbom|signature|digest), default signature (sbom is deprecated)")
}
10 changes: 9 additions & 1 deletion cmd/cosign/cli/triangulate/triangulate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,21 +38,29 @@ func MungeCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef str
}

var dstRef name.Tag
var dstRefName string

switch attachmentType {
case cosign.Signature:
dstRef, err = ociremote.SignatureTag(ref, ociremoteOpts...)
dstRefName = dstRef.Name()
case cosign.SBOM:
fmt.Fprintln(os.Stderr, options.SBOMAttachmentDeprecation)
dstRef, err = ociremote.SBOMTag(ref, ociremoteOpts...)
dstRefName = dstRef.Name()
case cosign.Attestation:
dstRef, err = ociremote.AttestationTag(ref, ociremoteOpts...)
dstRefName = dstRef.Name()
case cosign.Digest:
dstRef, err = ociremote.DigestTag(ref, ociremoteOpts...)
dstRefName = fmt.Sprint(dstRef.Repository.Name(), "@", dstRef.TagStr())
default:
err = fmt.Errorf("unknown attachment type %s", attachmentType)
}
if err != nil {
return err
}

fmt.Println(dstRef.Name())
fmt.Println(dstRefName)
return nil
}
2 changes: 1 addition & 1 deletion doc/cosign_triangulate.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pkg/cosign/fetch.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ const (
Signature = "signature"
SBOM = "sbom"
Attestation = "attestation"
Digest = "digest"
)

func FetchSignaturesForReference(_ context.Context, ref name.Reference, opts ...ociremote.Option) ([]SignedPayload, error) {
Expand Down
26 changes: 19 additions & 7 deletions pkg/oci/remote/remote.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,31 +97,43 @@ func SignedEntity(ref name.Reference, options ...Option) (oci.SignedEntity, erro
// normalize turns image digests into tags with optional prefix & suffix:
// sha256:d34db33f -> [prefix]sha256-d34db33f[.suffix]
func normalize(h v1.Hash, prefix string, suffix string) string {
return normalizeWithSeparator(h, prefix, suffix, "-")
}

// normalizeWithSeparator turns image digests into tags with optional prefix & suffix:
// sha256:d34db33f -> [prefix]sha256[algorithmSeparator]d34db33f[.suffix]
func normalizeWithSeparator(h v1.Hash, prefix string, suffix string, algorithmSeparator string) string {
if suffix == "" {
return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex)
return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex)
}
return fmt.Sprint(prefix, h.Algorithm, "-", h.Hex, ".", suffix)
return fmt.Sprint(prefix, h.Algorithm, algorithmSeparator, h.Hex, ".", suffix)
}

// SignatureTag returns the name.Tag that associated signatures with a particular digest.
func SignatureTag(ref name.Reference, opts ...Option) (name.Tag, error) {
o := makeOptions(ref.Context(), opts...)
return suffixTag(ref, o.SignatureSuffix, o)
return suffixTag(ref, o.SignatureSuffix, "-", o)
}

// AttestationTag returns the name.Tag that associated attestations with a particular digest.
func AttestationTag(ref name.Reference, opts ...Option) (name.Tag, error) {
o := makeOptions(ref.Context(), opts...)
return suffixTag(ref, o.AttestationSuffix, o)
return suffixTag(ref, o.AttestationSuffix, "-", o)
}

// SBOMTag returns the name.Tag that associated SBOMs with a particular digest.
func SBOMTag(ref name.Reference, opts ...Option) (name.Tag, error) {
o := makeOptions(ref.Context(), opts...)
return suffixTag(ref, o.SBOMSuffix, o)
return suffixTag(ref, o.SBOMSuffix, "-", o)
}

// DigestTag returns the name.Tag that associated SBOMs with a particular digest.
func DigestTag(ref name.Reference, opts ...Option) (name.Tag, error) {
o := makeOptions(ref.Context(), opts...)
return suffixTag(ref, "", ":", o)
}

func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error) {
func suffixTag(ref name.Reference, suffix string, algorithmSeparator string, o *options) (name.Tag, error) {
var h v1.Hash
if digest, ok := ref.(name.Digest); ok {
var err error
Expand All @@ -136,7 +148,7 @@ func suffixTag(ref name.Reference, suffix string, o *options) (name.Tag, error)
}
h = desc.Digest
}
return o.TargetRepository.Tag(normalize(h, o.TagPrefix, suffix)), nil
return o.TargetRepository.Tag(normalizeWithSeparator(h, o.TagPrefix, suffix, algorithmSeparator)), nil
}

// signatures is a shared implementation of the oci.Signed* Signatures method.
Expand Down
Loading