Switch attach to new library. (#774)

This change retires `cremote.UploadSignature`, as this is the last caller of the old API, and it now uses the new API. Related: #666 Signed-off-by: Matt Moore <[email protected]>
sigstore · Sep 24, 2021 · 05dda07 · 05dda07
1 parent 7ad192b
commit 05dda07
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 37 deletions.
diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go
@@ -17,7 +17,6 @@ package attach
 
 import (
 	"context"
-	"encoding/base64"
 	"errors"
 	"flag"
 	"io/ioutil"
@@ -28,7 +27,7 @@ import (
 	"github.com/peterbourgon/ff/v3/ffcli"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
-	cremote "github.com/sigstore/cosign/pkg/cosign/remote"
+	"github.com/sigstore/cosign/pkg/oci/mutate"
 	ociremote "github.com/sigstore/cosign/pkg/oci/remote"
 	"github.com/sigstore/cosign/pkg/oci/static"
 	sigPayload "github.com/sigstore/sigstore/pkg/signature/payload"
@@ -69,7 +68,6 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOpts, sigRef, pay
 	if err != nil {
 		return err
 	}
-
 	digest, err := ociremote.ResolveDigest(ref, regOpts.ClientOpts(ctx)...)
 	if err != nil {
 		return err
@@ -85,23 +83,24 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOpts, sigRef, pay
 		return err
 	}
 
-	// This expects it to not be base64 encoded, so decode first
-	sigBytes, err := base64.StdEncoding.DecodeString(string(b64SigBytes))
+	sig, err := static.NewSignature(payload, string(b64SigBytes))
 	if err != nil {
 		return err
 	}
 
-	dstRef, err := ociremote.SignatureTag(digest, regOpts.ClientOpts(ctx)...)
+	se, err := ociremote.SignedEntity(digest, regOpts.ClientOpts(ctx)...)
 	if err != nil {
 		return err
 	}
 
-	sig, err := static.NewSignature(payload, base64.StdEncoding.EncodeToString(sigBytes))
+	// Attach the signature to the entity.
+	newSE, err := mutate.AttachSignatureToEntity(se, sig)
 	if err != nil {
 		return err
 	}
 
-	return cremote.UploadSignature(sig, dstRef, cremote.UploadOpts{RegistryClientOpts: regOpts.GetRegistryClientOpts(ctx)})
+	// Publish the signatures associated with this entity
+	return ociremote.WriteSignatures(digest.Repository, newSE, regOpts.ClientOpts(ctx)...)
 }
 
 type SignatureArgType uint8

diff --git a/pkg/cosign/remote/remote.go b/pkg/cosign/remote/remote.go
@@ -19,12 +19,8 @@ import (
 	"bytes"
 	"encoding/base64"
 
-	"github.com/google/go-containerregistry/pkg/name"
-	"github.com/google/go-containerregistry/pkg/v1/remote"
-
 	"github.com/sigstore/cosign/pkg/oci"
 	"github.com/sigstore/cosign/pkg/oci/mutate"
-	ociremote "github.com/sigstore/cosign/pkg/oci/remote"
 	"github.com/sigstore/cosign/pkg/oci/static"
 	"github.com/sigstore/sigstore/pkg/signature"
 )
@@ -101,28 +97,3 @@ LayerLoop:
 	}
 	return nil, nil
 }
-
-type UploadOpts struct {
-	DupeDetector       mutate.DupeDetector
-	RegistryClientOpts []remote.Option
-}
-
-func UploadSignature(l oci.Signature, dst name.Reference, opts UploadOpts) error {
-	base, err := ociremote.Signatures(dst, ociremote.WithRemoteOptions(opts.RegistryClientOpts...))
-	if err != nil {
-		return err
-	}
-
-	if opts.DupeDetector != nil {
-		if existing, err := opts.DupeDetector.Find(base, l); err != nil || existing != nil {
-			return err
-		}
-	}
-
-	sigs, err := mutate.AppendSignatures(base, l)
-	if err != nil {
-		return err
-	}
-
-	return remote.Write(dst, sigs, opts.RegistryClientOpts...)
-}