Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

image-rs: update cosign signed image test materials #618

Merged
merged 2 commits into from
Jul 19, 2024
Merged

image-rs: update cosign signed image test materials #618

merged 2 commits into from
Jul 19, 2024

Conversation

Xynnn007
Copy link
Member

Now, the cases

Case: Deny pulling an unencrypted unsigned image from a protected registry
Image: ghcr.io/confidential-containers/test-container-image-rs:unsigned

Case: Allow pulling an unencrypted signed image with cosign-signed signature
Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed

Case: Deny pulling an unencrypted signed image by cosign using a wrong public key
Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed-key2

At the same time, the images on the ghcr.io side is updated. The original tag cosign-signed-key2 is actually the unsigned one, and we updated a new real unsigned one.

Related policy file updated.

cc @stevenhorsman

Xynnn007 added 2 commits July 17, 2024 15:05
@Xynnn007
image-rs: update cosign signed image test materials
3db9ff2 
Now, the cases

Case: Deny pulling an unencrypted unsigned image from a protected
registry
Image: ghcr.io/confidential-containers/test-container-image-rs:unsigned

Case: Allow pulling an unencrypted signed image with cosign-signed signature
Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed

Case: Deny pulling an unencrypted signed image by cosign using a wrong public key
Image: ghcr.io/confidential-containers/test-container-image-rs:cosign-signed-key2

At the same time, the images on the ghcr.io side is updated. The
original tag `cosign-signed-key2` is actually the `unsigned` one, and
we updated a new real `unsigned` one.

Related policy file updated.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
image-rs: update get resource ttrpc proto
6317a85 
Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007 Xynnn007 marked this pull request as ready for review July 17, 2024 09:06
fitzthum
fitzthum approved these changes Jul 18, 2024
View reviewed changes
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should really automate the process of image generation at some point.

@Xynnn007
Copy link
Member Author

We should really automate the process of image generation at some point.

Yes. We are now manually doing this now. Hopefully we could have a full e2e test that includes encryption and signing process

@Xynnn007 Xynnn007 merged commit c89ef46 into confidential-containers:main Jul 19, 2024
7 checks passed
@Xynnn007 Xynnn007 deleted the fix-images branch July 19, 2024 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fitzthum fitzthum fitzthum approved these changes

@sameo sameo Awaiting requested review from sameo

@jiangliu jiangliu Awaiting requested review from jiangliu

@arronwy arronwy Awaiting requested review from arronwy

@lumjjb lumjjb Awaiting requested review from lumjjb

@jialez0 jialez0 Awaiting requested review from jialez0

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Xynnn007 @fitzthum