Problem
Air-gapped signing (#409, --tlog-upload=false) produces a bundle with no Rekor transparency-log entry. aicr verify cannot verify such a bundle: sigstore-go verification against trust.GetTrustedMaterial() expects tlog/inclusion-proof material, so a tlog-less bundle fails in a disconnected environment.
Proposal
Add an offline verification mode to aicr verify that skips transparency-log verification (mirroring cosign verify --insecure-ignore-tlog) and verifies the signature against a public key (#407 verifier work) without any network calls.
Behavior
- A flag (e.g.
--insecure-ignore-tlog / --offline) drops the tlog requirement from the sigstore-go verification policy.
- Intended to combine with
--key (KMS public key) — the air-gapped signing path is key-based, not keyless.
- Performs no network calls in this mode.
Dependencies
Success criteria
- A bundle signed with
aicr bundle --signing-key ... --tlog-upload=false verifies offline with aicr verify --key ... --insecure-ignore-tlog and zero network calls.
make test / make lint pass.
Problem
Air-gapped signing (#409,
--tlog-upload=false) produces a bundle with no Rekor transparency-log entry.aicr verifycannot verify such a bundle: sigstore-go verification againsttrust.GetTrustedMaterial()expects tlog/inclusion-proof material, so a tlog-less bundle fails in a disconnected environment.Proposal
Add an offline verification mode to
aicr verifythat skips transparency-log verification (mirroringcosign verify --insecure-ignore-tlog) and verifies the signature against a public key (#407 verifier work) without any network calls.Behavior
--insecure-ignore-tlog/--offline) drops the tlog requirement from the sigstore-go verification policy.--key(KMS public key) — the air-gapped signing path is key-based, not keyless.Dependencies
--keywork (KMS public-key verification).Success criteria
aicr bundle --signing-key ... --tlog-upload=falseverifies offline withaicr verify --key ... --insecure-ignore-tlogand zero network calls.make test/make lintpass.