zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/pkg/test/signature/cosign.go (about) 1 package signature 2 3 import ( 4 "context" 5 "encoding/json" 6 "fmt" 7 "os" 8 "path" 9 "time" 10 11 godigest "github.com/opencontainers/go-digest" 12 ispec "github.com/opencontainers/image-spec/specs-go/v1" 13 "github.com/sigstore/cosign/v2/cmd/cosign/cli/generate" 14 "github.com/sigstore/cosign/v2/cmd/cosign/cli/options" 15 "github.com/sigstore/cosign/v2/cmd/cosign/cli/sign" 16 ) 17 18 func GetCosignSignatureTagForManifest(manifest ispec.Manifest) (string, error) { 19 manifestBlob, err := json.Marshal(manifest) 20 if err != nil { 21 return "", err 22 } 23 24 manifestDigest := godigest.FromBytes(manifestBlob) 25 26 return GetCosignSignatureTagForDigest(manifestDigest), nil 27 } 28 29 func GetCosignSignatureTagForDigest(manifestDigest godigest.Digest) string { 30 return manifestDigest.Algorithm().String() + "-" + manifestDigest.Encoded() + ".sig" 31 } 32 33 func SignImageUsingCosign(repoTag, port string, withReferrers bool) error { 34 cwd, err := os.Getwd() 35 if err != nil { 36 return err 37 } 38 39 defer func() { _ = os.Chdir(cwd) }() 40 41 tdir, err := os.MkdirTemp("", "cosign") 42 if err != nil { 43 return err 44 } 45 46 defer os.RemoveAll(tdir) 47 48 _ = os.Chdir(tdir) 49 50 // generate a keypair 51 os.Setenv("COSIGN_PASSWORD", "") 52 53 err = generate.GenerateKeyPairCmd(context.TODO(), "", "cosign", nil) 54 if err != nil { 55 return err 56 } 57 58 imageURL := fmt.Sprintf("localhost:%s/%s", port, repoTag) 59 60 const timeoutPeriod = 5 61 62 signOpts := options.SignOptions{ 63 Registry: options.RegistryOptions{AllowInsecure: true}, 64 AnnotationOptions: options.AnnotationOptions{Annotations: []string{"tag=1.0"}}, 65 Upload: true, 66 } 67 68 if withReferrers { 69 signOpts.RegistryExperimental = options.RegistryExperimentalOptions{ 70 RegistryReferrersMode: options.RegistryReferrersModeOCI11, 71 } 72 } 73 74 // sign the image 75 return sign.SignCmd(&options.RootOptions{Verbose: true, Timeout: timeoutPeriod * time.Minute}, 76 options.KeyOpts{KeyRef: path.Join(tdir, "cosign.key"), PassFunc: generate.GetPass}, 77 signOpts, 78 []string{imageURL}) 79 }