Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: set tls config while retaining other fields from default http transport #4007

Merged
merged 1 commit into from
Jan 13, 2025
Merged

fix: set tls config while retaining other fields from default http transport #4007

merged 1 commit into from
Jan 13, 2025

Conversation

nianyush
Copy link
Contributor

@nianyush nianyush commented Jan 12, 2025
edited
Loading

Signed-off-by: Nianyu Shen [email protected]

Summary

original issue #3269
Proxy from environment variable is not respected while setting insecure true.
At

cosign/cmd/cosign/cli/options/registry.go

Line 154 in 87c08b0

opts = append(opts, remote.WithTransport(&http.Transport{TLSClientConfig: tlsConfig}))
, its initializing an empty transport with only insecure set but those default behaviors from default transport is also gone. In this case, proxy value from envs is removed. The fix is to clone a default transport object and override the tlsconfig inside it.

Release Note

Documentation

@nianyush nianyush mentioned this pull request Jan 12, 2025
Closed
haydentherapper
haydentherapper approved these changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@haydentherapper haydentherapper enabled auto-merge (squash) January 13, 2025 03:31
@codecov Codecov
Copy link

codecov bot commented Jan 13, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.

Project coverage is 36.50%. Comparing base (2ef6022) to head (aa61fea).
Report is 276 commits behind head on main.

Files with missing lines Patch % Lines
cmd/cosign/cli/options/registry.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4007      +/-   ##
==========================================
- Coverage   40.10%   36.50%   -3.60%     
==========================================
  Files         155      209      +54     
  Lines       10044    13361    +3317     
==========================================
+ Hits         4028     4878     +850     
- Misses       5530     7862    +2332     
- Partials      486      621     +135

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@haydentherapper haydentherapper merged commit d01988e into sigstore:main Jan 13, 2025
22 of 23 checks passed
@nianyush nianyush deleted the 3269-nianyu branch January 24, 2025 16:28
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 6, 2025
@tmeijn
build(deps): update cosign to v2.4.2
618e169 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cosign](https://github.com/sigstore/cosign) | patch | `2.4.1` -> `2.4.2` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>sigstore/cosign (cosign)</summary>

### [`v2.4.2`](https://github.com/sigstore/cosign/blob/HEAD/CHANGELOG.md#v242)

[Compare Source](sigstore/cosign@v2.4.1...v2.4.2)

#### Features

-   Updated open-policy-agent to 1.1.0 library ([#&#8203;4036](sigstore/cosign#4036))
    -   Note that only Rego v0 policies are supported at this time
-   Add UseSignedTimestamps to CheckOpts, refactor TSA options ([#&#8203;4006](sigstore/cosign#4006))
-   Add support for verifying root checksum in cosign initialize ([#&#8203;3953](sigstore/cosign#3953))
-   Detect if user supplied a valid protobuf bundle ([#&#8203;3931](sigstore/cosign#3931))
-   Add a log message if user doesn't provide `--trusted-root` ([#&#8203;3933](sigstore/cosign#3933))
-   Support mTLS towards container registry ([#&#8203;3922](sigstore/cosign#3922))
-   Add bundle create helper command ([#&#8203;3901](sigstore/cosign#3901))
-   Add trusted-root create helper command ([#&#8203;3876](sigstore/cosign#3876))

#### Bug Fixes

-   fix: set tls config while retaining other fields from default http transport ([#&#8203;4007](sigstore/cosign#4007))
-   policy fuzzer: ignore known panics ([#&#8203;3993](sigstore/cosign#3993))
-   Fix for multiple WithRemote options ([#&#8203;3982](sigstore/cosign#3982))
-   Add nightly conformance test workflow ([#&#8203;3979](sigstore/cosign#3979))
-   Fix copy --only for signatures + update/align docs ([#&#8203;3904](sigstore/cosign#3904))

#### Documentation

-   Remove usage.md from spec, point to client spec ([#&#8203;3918](sigstore/cosign#3918))
-   move reference from gcr to ghcr ([#&#8203;3897](sigstore/cosign#3897))

#### Contributors

-   AdamKorcz
-   Aditya Sirish
-   Bob Callaway
-   Carlos Tadeu Panato Junior
-   Cody Soyland
-   Colleen Murphy
-   Hayden B
-   Jussi Kukkonen
-   Marco Franssen
-   Nianyu Shen
-   Slavek Kabrda
-   Søren Juul
-   Warren Hodgkinson
-   Zach Steindler

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNTguMSIsInVwZGF0ZWRJblZlciI6IjM5LjE1OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nianyush @haydentherapper