Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

what is Rekor UUID? #2012

Open
willzhang opened this issue Feb 21, 2024 · 2 comments
Open

what is Rekor UUID? #2012

willzhang opened this issue Feb 21, 2024 · 2 comments

Comments

@willzhang
Copy link

release page:https://github.com/tektoncd/operator/releases

image

root@ubuntu:~# cat test.sh 
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/operator/previous/v0.69.1/release.yaml
REKOR_UUID=

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.69.1@sha256:" + .digest.sha256')

# Download the release file
curl "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
root@ubuntu:~# 
root@ubuntu:~# 
root@ubuntu:~# bash test.sh 
Error: invalid argument "" for "--uuid" flag: ID len error, expected 80 (EntryID) or 64 (UUID) but got len 0 for ID 
Usage:
  rekor-cli get [flags]

Flags:
  -h, --help                 help for get
      --log-index logIndex   the index of the entry in the transparency log
      --uuid uuid            UUID of entry in transparency log (if known)

Global Flags:
      --config string      config file (default is $HOME/.rekor.yaml)
      --format format      Command output format (default default)
      --rekor_server url   Server address:port (default https://rekor.sigstore.dev)
      --retry uint         Number of times to retry HTTP requests (default 3)
      --store_tree_state   whether to store tree state in between invocations for additional verification (default true)
      --timeout format     HTTP timeout (default 30s)

invalid argument "" for "--uuid" flag: ID len error, expected 80 (EntryID) or 64 (UUID) but got len 0 for ID 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 26922  100 26922    0     0   198k      0 --:--:-- --:--:-- --:--:--  199k
root@ubuntu:~# 
@jkandasa
Copy link
Member

cc @vdemeester @piyush-garg

@vdemeester
Copy link
Member

This is coming from the "shared" create-draft-release task. In tektoncd/pipeline, it's is a step between the release pipeline and that task to get that rekor uuid to check the images, … see point 12 of the release-cheat-shee.md.

I guess we do not have this step in the release (and maybe not the pipeline configured to get the images handled by chains).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants