-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add artifact signature information to the generated index #105
Conversation
I'd wait for #64 to merge this. |
@maxgio92 could we get a rebase? Thanks. Is this ready to be reviewed and merged? |
I've identified and fixed a bug in falcoctl that prevented this info from being parsed correctly. Just want to make sure that all is good before merging this one because it'll affect Falco 0.36.0 users :) My plan is to finish this work within a week. |
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
Hey @incertum @LucaGuerra, I've just rebased on top of main and with the occasion I upgraded falcoctl dependency to v0.6.1 |
Signed-off-by: Massimiliano Giovagnoli <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the update and rebase! I have tested this with the current registries and indexes and it works as we expect 🎉
Now, after the Go update in test-infra is complete we'll be able to deploy this.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LucaGuerra, maxgio92 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/unhold |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area registry
/area build
What this PR does / why we need it:
This PR is needed to provide required information for consumers in order to verify OCI signatures of rules officially distributed as OCI artifacts.
The
registry.yaml
index is consumed by current CI to generate the general Falco artifacts index https://github.com/falcosecurity/falcoctl/blob/gh-pages/index.yaml, which can be further consumed by falcoctl to verify artifacts (i.e. rules) signatures.Which issue(s) this PR fixes:
Fixes #100
Special notes for your reviewer:
Only one signin implementation is currently supported, which is based on cosign. When signatures are generated by cosign in keyless mode, can provide the OIDC issuer and certificate identity (see falcosecurity/falcoctl#305).
Furthermore, this PR adds black box and white box unit tests.
The same feature should be applied to the registry tool of the plugins (falcosecurity/plugins#312).