You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was reported by a Kyverno user and I've reproduced via the cosign CLI:
Currently its possible to change (or delete) the image without updating the signature. When verifying the image via the digest, cosign will not report an error.
Sign an push image signature. cosign sign -key cosign.key ghcr.io/jimbugwadia/pause.
Delete the image in the image registry (I used GitHub to do this), but leave the signature.
Create a new image with the same name and tag to impersonate the prior image. docker tag nginx ghcr.io/jimbugwadia/pause:latest.
Push the new image. docker push ghcr.io/jimbugwadia/pause:latest.
Run cosign verify with the previous (incorrect) digest appended. cosign verify -key cosign.pub ghcr.io/jimbugwadia/pause@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105.
cosign verify -key cosign.pub ghcr.io/jimbugwadia/pause@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105
Verification for ghcr.io/jimbugwadia/pause@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- The signatures were verified against the specified public key
- Any certificates were verified against the Fulcio roots.
{"critical":{"identity":{"docker-reference":"ghcr.io/jimbugwadia/pause"},"image":{"docker-manifest-digest":"sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105"},"type":"cosign container image signature"},"optional":null}
Note that the verify will return an error if the digest is not used, which is the desired behavior:
cosign verify -key cosign.pub ghcr.io/jimbugwadia/pause
error: fetching signatures: getting signature manifest: GET https://ghcr.io/v2/jimbugwadia/pause/manifests/sha256-3f13b4376446cf92b0cb9a5c46ba75d57c41f627c4edb8b635fa47386ea29e20.sig: NAME_UNKNOWN: repository name not known to registry
The text was updated successfully, but these errors were encountered:
This issue was reported by a Kyverno user and I've reproduced via the cosign CLI:
Currently its possible to change (or delete) the image without updating the signature. When verifying the image via the digest, cosign will not report an error.
cosign sign -key cosign.key ghcr.io/jimbugwadia/pause
.docker tag nginx ghcr.io/jimbugwadia/pause:latest
.docker push ghcr.io/jimbugwadia/pause:latest
.cosign verify -key cosign.pub ghcr.io/jimbugwadia/pause@sha256:b31bfb4d0213f254d361e0079deaaebefa4f82ba7aa76ef82e90b4935ad5b105
.Note that the verify will return an error if the digest is not used, which is the desired behavior:
The text was updated successfully, but these errors were encountered: