Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cosign: pass digest instead of tag #310

Open
viceice opened this issue Feb 2, 2023 · 2 comments
Open

cosign: pass digest instead of tag #310

viceice opened this issue Feb 2, 2023 · 2 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@viceice
Copy link
Member

viceice commented Feb 2, 2023

we need to refactor cosign calling, it's now generating a warning and will error out in future

> cosign sign ghcr.io/containerbase/node:14.15.0
  /home/runner/.cosign/cosign sign ghcr.io/containerbase/node:14.15.0
  Generating ephemeral keys...
  Retrieving signed certificate...
  
          Note that there may be personally identifiable information associated with this signed artifact.
          This may include the email address associated with the account with which you authenticate.
          This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later.
  Successfully verified SCT...
  WARNING: Image reference ghcr.io/containerbase/node:14.15.0 uses a tag, not a digest, to identify the image to sign.
  
  This can lead you to sign a different image than the intended one. Please use a
  digest (example.com/ubuntu@sha256:abc123...) rather than tag
  (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
  images by tag will be removed in a future release.
  tlog entry created with index: 12478726
  Pushing signature to: ghcr.io/containerbase/node
@viceice viceice added enhancement New feature or request help wanted Extra attention is needed labels Feb 2, 2023
@viceice
Copy link
Member Author

viceice commented Mar 2, 2023

@viceice
Copy link
Member Author

viceice commented Feb 12, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

1 participant