Skip to content

feat: recipe-data provenance (signed catalog/registry) #1155

Description

@lockwobr

Problem

The V1 "Closed Supply Chain" bar requires recipe data (the catalog/registry that drives recipe resolution) to have retrievable provenance, alongside binaries, images, and bundles. Today the recipe data served by the provider (pkg/recipe/provider.go, criteria_registry.go, metadata_store.go) is not signed and has no verification path: a consumer cannot confirm the recipe inputs they resolved came from a trusted source unmodified.

Proposal

Sign the recipe catalog/registry and give consumers a way to verify it, so recipe inputs carry provenance comparable to bundles.

Scope (to be refined)

  • Decide the unit of signing (whole registry snapshot vs. per-entry) and the format (detached Sigstore bundle / attestation over the catalog digest).
  • Produce the signature as part of the release/publish flow.
  • Add a verification path (CLI and/or library) that checks the recipe data against its signature before use.
  • Document the trust model.

Dependencies

  • Independent of the bundle signing/verifying sub-issues, but shares the Sigstore primitives in pkg/bundler/attestation and the verifier in pkg/bundler/verifier.

Success criteria

  • The published recipe catalog/registry has a retrievable signature.
  • A consumer can verify recipe data provenance before resolving a recipe.
  • make test / make lint pass.

Metadata

Metadata

Assignees

Fields

No fields configured for Enhancement.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions