Skip to content

feat(verify): offline / air-gapped verification (skip tlog) #1154

Description

@lockwobr

Problem

Air-gapped signing (#409, --tlog-upload=false) produces a bundle with no Rekor transparency-log entry. aicr verify cannot verify such a bundle: sigstore-go verification against trust.GetTrustedMaterial() expects tlog/inclusion-proof material, so a tlog-less bundle fails in a disconnected environment.

Proposal

Add an offline verification mode to aicr verify that skips transparency-log verification (mirroring cosign verify --insecure-ignore-tlog) and verifies the signature against a public key (#407 verifier work) without any network calls.

Behavior

  • A flag (e.g. --insecure-ignore-tlog / --offline) drops the tlog requirement from the sigstore-go verification policy.
  • Intended to combine with --key (KMS public key) — the air-gapped signing path is key-based, not keyless.
  • Performs no network calls in this mode.

Dependencies

Success criteria

  • A bundle signed with aicr bundle --signing-key ... --tlog-upload=false verifies offline with aicr verify --key ... --insecure-ignore-tlog and zero network calls.
  • make test / make lint pass.

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions