Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix cosign rekor URL default #1164

Closed
1 task done
Tracked by #1166
akashsinghal opened this issue Nov 6, 2023 · 2 comments
Closed
1 task done
Tracked by #1166

Fix cosign rekor URL default #1164

akashsinghal opened this issue Nov 6, 2023 · 2 comments
Assignees
@akashsinghal
Labels
bug Something isn't working
Milestone
Future

Comments

@akashsinghal
Copy link
Collaborator

akashsinghal commented Nov 6, 2023
edited
Loading

What happened in your environment?

The docs for cosign mention the default rekorURL is the sigstore one. However, the value is not truly default. It must be set currently.

The verifier should be updated to set the default AND the docs for now should be updated with the current behavior.

What did you expect to happen?

No response

What version of Kubernetes are you running?

No response

What version of Ratify are you running?

No response

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this bug fix?

  • Yes, I am willing to implement it.
@akashsinghal akashsinghal added bug Something isn't working triage Needs investigation labels Nov 6, 2023
@akashsinghal akashsinghal mentioned this issue Nov 6, 2023
Closed
11 tasks
@yizha1 yizha1 removed the triage Needs investigation label Nov 7, 2023
@yizha1 yizha1 modified the milestones: Future, v1.1.0 Nov 7, 2023
@akashsinghal
Copy link
Collaborator Author

akashsinghal commented Nov 8, 2023
edited
Loading

@yizha1 @susanshi I'm thinking we move this to future as well. For time being, I have updated the documentation to reflect the requirement to specify the full rekorURL if using keyless verification. We can bundle this with the other cosign improvements needed. Does that suffice?

@luisdlp luisdlp modified the milestones: v1.1.0, v1.2.0 Dec 1, 2023
@akashsinghal akashsinghal self-assigned this Jan 23, 2024
@susanshi susanshi modified the milestones: v1.2.0, Future Mar 14, 2024
@akashsinghal
Copy link
Collaborator Author

Closing since this value is legacy behavior and will not be updated. User's should migrate to TrustPolicy in Cosign verifier which will have a keyless section.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akashsinghal akashsinghal

Labels
bug Something isn't working
Projects
None yet
Milestone
Future
Development

No branches or pull requests
4 participants
@susanshi @luisdlp @akashsinghal @yizha1