Problem
The V1 "Closed Supply Chain" bar requires recipe data (the catalog/registry that drives recipe resolution) to have retrievable provenance, alongside binaries, images, and bundles. Today the recipe data served by the provider (pkg/recipe/provider.go, criteria_registry.go, metadata_store.go) is not signed and has no verification path: a consumer cannot confirm the recipe inputs they resolved came from a trusted source unmodified.
Proposal
Sign the recipe catalog/registry and give consumers a way to verify it, so recipe inputs carry provenance comparable to bundles.
Scope (to be refined)
- Decide the unit of signing (whole registry snapshot vs. per-entry) and the format (detached Sigstore bundle / attestation over the catalog digest).
- Produce the signature as part of the release/publish flow.
- Add a verification path (CLI and/or library) that checks the recipe data against its signature before use.
- Document the trust model.
Dependencies
- Independent of the bundle signing/verifying sub-issues, but shares the Sigstore primitives in
pkg/bundler/attestation and the verifier in pkg/bundler/verifier.
Success criteria
- The published recipe catalog/registry has a retrievable signature.
- A consumer can verify recipe data provenance before resolving a recipe.
make test / make lint pass.
Problem
The V1 "Closed Supply Chain" bar requires recipe data (the catalog/registry that drives recipe resolution) to have retrievable provenance, alongside binaries, images, and bundles. Today the recipe data served by the provider (
pkg/recipe/provider.go,criteria_registry.go,metadata_store.go) is not signed and has no verification path: a consumer cannot confirm the recipe inputs they resolved came from a trusted source unmodified.Proposal
Sign the recipe catalog/registry and give consumers a way to verify it, so recipe inputs carry provenance comparable to bundles.
Scope (to be refined)
Dependencies
pkg/bundler/attestationand the verifier inpkg/bundler/verifier.Success criteria
make test/make lintpass.