From 05dda07e4e09042ab85491b171416ce55035864b Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Thu, 23 Sep 2021 17:23:37 -0700 Subject: [PATCH] Switch `attach` to new library. (#774) This change retires `cremote.UploadSignature`, as this is the last caller of the old API, and it now uses the new API. Related: #666 Signed-off-by: Matt Moore --- cmd/cosign/cli/attach/sig.go | 15 +++++++-------- pkg/cosign/remote/remote.go | 29 ----------------------------- 2 files changed, 7 insertions(+), 37 deletions(-) diff --git a/cmd/cosign/cli/attach/sig.go b/cmd/cosign/cli/attach/sig.go index a803dceb128..f463b64acc3 100644 --- a/cmd/cosign/cli/attach/sig.go +++ b/cmd/cosign/cli/attach/sig.go @@ -17,7 +17,6 @@ package attach import ( "context" - "encoding/base64" "errors" "flag" "io/ioutil" @@ -28,7 +27,7 @@ import ( "github.com/peterbourgon/ff/v3/ffcli" "github.com/sigstore/cosign/cmd/cosign/cli/options" - cremote "github.com/sigstore/cosign/pkg/cosign/remote" + "github.com/sigstore/cosign/pkg/oci/mutate" ociremote "github.com/sigstore/cosign/pkg/oci/remote" "github.com/sigstore/cosign/pkg/oci/static" sigPayload "github.com/sigstore/sigstore/pkg/signature/payload" @@ -69,7 +68,6 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOpts, sigRef, pay if err != nil { return err } - digest, err := ociremote.ResolveDigest(ref, regOpts.ClientOpts(ctx)...) if err != nil { return err @@ -85,23 +83,24 @@ func SignatureCmd(ctx context.Context, regOpts options.RegistryOpts, sigRef, pay return err } - // This expects it to not be base64 encoded, so decode first - sigBytes, err := base64.StdEncoding.DecodeString(string(b64SigBytes)) + sig, err := static.NewSignature(payload, string(b64SigBytes)) if err != nil { return err } - dstRef, err := ociremote.SignatureTag(digest, regOpts.ClientOpts(ctx)...) + se, err := ociremote.SignedEntity(digest, regOpts.ClientOpts(ctx)...) if err != nil { return err } - sig, err := static.NewSignature(payload, base64.StdEncoding.EncodeToString(sigBytes)) + // Attach the signature to the entity. + newSE, err := mutate.AttachSignatureToEntity(se, sig) if err != nil { return err } - return cremote.UploadSignature(sig, dstRef, cremote.UploadOpts{RegistryClientOpts: regOpts.GetRegistryClientOpts(ctx)}) + // Publish the signatures associated with this entity + return ociremote.WriteSignatures(digest.Repository, newSE, regOpts.ClientOpts(ctx)...) } type SignatureArgType uint8 diff --git a/pkg/cosign/remote/remote.go b/pkg/cosign/remote/remote.go index d0e2e5b0614..fa947d55a90 100644 --- a/pkg/cosign/remote/remote.go +++ b/pkg/cosign/remote/remote.go @@ -19,12 +19,8 @@ import ( "bytes" "encoding/base64" - "github.com/google/go-containerregistry/pkg/name" - "github.com/google/go-containerregistry/pkg/v1/remote" - "github.com/sigstore/cosign/pkg/oci" "github.com/sigstore/cosign/pkg/oci/mutate" - ociremote "github.com/sigstore/cosign/pkg/oci/remote" "github.com/sigstore/cosign/pkg/oci/static" "github.com/sigstore/sigstore/pkg/signature" ) @@ -101,28 +97,3 @@ LayerLoop: } return nil, nil } - -type UploadOpts struct { - DupeDetector mutate.DupeDetector - RegistryClientOpts []remote.Option -} - -func UploadSignature(l oci.Signature, dst name.Reference, opts UploadOpts) error { - base, err := ociremote.Signatures(dst, ociremote.WithRemoteOptions(opts.RegistryClientOpts...)) - if err != nil { - return err - } - - if opts.DupeDetector != nil { - if existing, err := opts.DupeDetector.Find(base, l); err != nil || existing != nil { - return err - } - } - - sigs, err := mutate.AppendSignatures(base, l) - if err != nil { - return err - } - - return remote.Write(dst, sigs, opts.RegistryClientOpts...) -}