Skip to content

Add support for accepting multiple Rekor public keys #2526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TomSweeneyRedHat merged 1 commit into from
Aug 20, 2024
Merged

Add support for accepting multiple Rekor public keys #2526

TomSweeneyRedHat merged 1 commit into from
Aug 20, 2024

Conversation

@mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Aug 17, 2024
edited
Loading

Add rekorPublicKeyPaths and rekorPublicKeyDatas options to policy.json.

This is on top of unmerged #2524.

Note an outstanding design question on …Datas: #2524 (comment) .

Currently not tested end-to-end in practice.

@mtrmac mtrmac force-pushed the sigstore-multi-rekor branch from 08f0bdf to 5f51115 Compare August 17, 2024 03:39
@mtrmac mtrmac mentioned this pull request Aug 17, 2024
Merged
@mtrmac mtrmac added the kind/feature A request for, or a PR adding, new functionality label Aug 17, 2024
@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 19, 2024

Now tested by manually writing policy.json, ready for review (but #2524 needs to merge first).

@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Aug 19, 2024

LGTM
@rhatdan and @mheon PTAL

@rhatdan
Copy link
Member

rhatdan commented Aug 19, 2024

@mtrmac still draft?

@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 19, 2024
edited
Loading

Ready for review, but it can be merged only after #2524 . (If reviewing, compare this with the contents from #2524 , or since the included merge commit.)

@mtrmac mtrmac force-pushed the sigstore-multi-rekor branch from 5f51115 to 5d5cc3f Compare August 20, 2024 12:11
@mtrmac
Support accepting multiple Rekor public keys
7bdb48b 
Add rekorPublicKeyPaths and rekorPublicKeyDatas , similar to the primary
root of trust public keys.

Signed-off-by: Miloslav Trmač <[email protected]>
@mtrmac mtrmac force-pushed the sigstore-multi-rekor branch from 5d5cc3f to 7bdb48b Compare August 20, 2024 15:02
@mtrmac
Copy link
Collaborator Author

mtrmac commented Aug 20, 2024

Rebased, ready for review/merging.

@mtrmac mtrmac marked this pull request as ready for review August 20, 2024 15:02
@rhatdan
Copy link
Member

rhatdan commented Aug 20, 2024

LGTM

TomSweeneyRedHat
TomSweeneyRedHat reviewed Aug 20, 2024
View reviewed changes
Copy link
Member

@TomSweeneyRedHat TomSweeneyRedHat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Aug 20, 2024

/lgtm

@TomSweeneyRedHat TomSweeneyRedHat merged commit 6692ffc into containers:main Aug 20, 2024
@mtrmac mtrmac deleted the sigstore-multi-rekor branch August 20, 2024 15:44
@mtrmac mtrmac mentioned this pull request Aug 20, 2024
Merged
@SpangleLabs SpangleLabs mentioned this pull request Aug 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

Assignees

No one assigned

Labels

kind/feature A request for, or a PR adding, new functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mtrmac @TomSweeneyRedHat @rhatdan