Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support publishing externally generated signatures #475

Open
jeremyrickard opened this issue Dec 8, 2022 · 5 comments
Open

Support publishing externally generated signatures #475

jeremyrickard opened this issue Dec 8, 2022 · 5 comments
Assignees
@Two-Hearts
Labels
enhancement New feature or request
Milestone
Future

Comments

@jeremyrickard
Copy link
Contributor

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

Suppose I have an external/thirdparty signing service that allows me to produce a signature compatible with the Notary spec. Currently, If I want to then "publish" or "attach" that to the container/artifact I am signing, I need to do a few things that currently are handled by the notation client:

  1. I need to produce the proper manifest including: artifacts type, referrers/subject, and io.cncf.notary.x509chain.thumbprint#S256 annotation.
  2. I then need to use something like oras to attach that to the image and ensure that I am using a proper version (i.e. 0.16.0 or later) and keep the tools in sync

What solution do you propose?

I propose either a plugin or an "attach" command that would allow an externally generated notary compliant signature to be attached to an image.

What alternatives have you considered?

I have built a proof of concept stand alone tool but would like to make something more generally available for anyone that might need to generate notary v2 compliant signuares using some other third-party service.

Any additional context?

No response
@jeremyrickard jeremyrickard added enhancement New feature or request triage Need to triage labels Dec 8, 2022
@yizha1 yizha1 self-assigned this Dec 13, 2022
@yizha1
Copy link
Contributor

yizha1 commented Dec 13, 2022

@shizhMSFT PTAL, I would like to have a discussion with you on this.

@jeremyrickard
Copy link
Contributor Author

@yizha1 @shizhMSFT would it be alright to PR a proposed implementation of this? I have most of it implemented I believe.

@yizha1
Copy link
Contributor

yizha1 commented Apr 1, 2023

@yizha1 @shizhMSFT would it be alright to PR a proposed implementation of this? I have most of it implemented I believe.

Thanks @jeremyrickard, For CLI changes, the specs are required to be updated accordingly. I can work with you on the documents if needed.

@yizha1 yizha1 mentioned this issue Apr 11, 2023
Closed
@yizha1
Copy link
Contributor

yizha1 commented Apr 11, 2023

@vaninrao10 I would like to prioritize this issue after v1 release.

@yizha1 yizha1 assigned Two-Hearts and unassigned yizha1 Jun 8, 2023
@yizha1 yizha1 added this to the 1.1.0 milestone Jun 8, 2023
@yizha1 yizha1 removed the triage Need to triage label Jun 8, 2023
@yizha1
Copy link
Contributor

yizha1 commented Oct 9, 2023

This issue could be solved by feature #777

@yizha1 yizha1 modified the milestones: 1.1.0, Future Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
enhancement New feature or request
Projects
Notary Project Planning Board
Status: Todo
Milestone
Future
Development

No branches or pull requests
3 participants
@jeremyrickard @yizha1 @Two-Hearts