github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 12:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: update cosign from v2 to v3 (#3561)

Browse Source 
* chore: update cosign from v2 to v3

Also do not import cosing into zli, as it doubles the bianry size
See: https://github.com/project-zot/zot/actions/runs/19506399474/job/55833719683?pr=3561

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* chore: privileged-test should not depend on downloaded images

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
This commit is contained in:
Andrei Aaron
2025-11-20 00:43:57 +02:00
committed by GitHub
parent 8e63df6678
commit 2b60e11ce4
13 changed files with 345 additions and 283 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/controller_test.go
+5 -5
View File
@@ -39,11 +39,11 @@ import (
"github.com/opencontainers/image-spec/specs-go"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/project-zot/mockoidc"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/verify"
"github.com/sigstore/cosign/v2/pkg/oci/remote"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/verify"
"github.com/sigstore/cosign/v3/pkg/oci/remote"
. "github.com/smartystreets/goconvey/convey"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
pkg/cli/client/client.go
+1 -2
View File
@@ -17,7 +17,6 @@ import (
"time"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sigstore/cosign/v2/pkg/oci/remote"
zerr "zotregistry.dev/zot/v2/errors"
"zotregistry.dev/zot/v2/pkg/common"
@@ -520,7 +519,7 @@ func isCosignSigned(ctx context.Context, repo, digestStr string, searchConf Sear
username, password string,
) bool {
var result interface{}
cosignTag := strings.Replace(digestStr, ":", "-", 1) + "." + remote.SignatureTagSuffix
cosignTag := strings.Replace(digestStr, ":", "-", 1) + "." + common.CosignSignatureTagSuffix
URL := fmt.Sprintf("%s/v2/%s/manifests/%s", searchConf.ServURL, repo, cosignTag)
pkg/cli/client/image_cmd_test.go
+3 -3
View File
@@ -18,9 +18,9 @@ import (
godigest "github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
. "github.com/smartystreets/goconvey/convey"
"gopkg.in/resty.v1"
pkg/cli/client/service.go
+1 -1
View File
@@ -588,7 +588,7 @@ func getImage(ctx context.Context, config SearchConfig, username, password, imag
for _, tag := range tagList.Tags {
hasTagPrefix := strings.HasPrefix(tag, "sha256-")
hasTagSuffix := strings.HasSuffix(tag, ".sig")
hasTagSuffix := strings.HasSuffix(tag, "."+common.CosignSignatureTagSuffix)
// check if it's an image or a signature
// we don't want to show signatures in cli responses
pkg/common/common.go
+3
View File
@@ -30,6 +30,9 @@ const (
// reason used: to reduce zot minimal binary size (otherwise adds oras.land/oras-go/v2 deps).
ArtifactTypeNotation = "application/vnd.cncf.notary.signature"
ArtifactTypeCosign = "application/vnd.dev.cosign.artifact.sig.v1+json"
// CosignSignatureTagSuffix is the suffix used for cosign signature tags (e.g., "sha256-digest.sig").
// Using constant to avoid pulling in cosign dependency.
CosignSignatureTagSuffix = "sig"
)
var cosignSignatureTagRule = regexp.MustCompile(`sha256\-.+\.sig`)
pkg/extensions/extension_image_trust_test.go
+3 -3
View File
@@ -19,9 +19,9 @@ import (
"github.com/alicebob/miniredis/v2"
guuid "github.com/gofrs/uuid"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
. "github.com/smartystreets/goconvey/convey"
"gopkg.in/resty.v1"
pkg/extensions/imagetrust/cosign.go
+2 -2
View File
@@ -16,8 +16,8 @@ import (
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager/types"
godigest "github.com/opencontainers/go-digest"
"github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key"
sigs "github.com/sigstore/cosign/v2/pkg/signature"
"github.com/sigstore/cosign/v3/pkg/cosign/pkcs11key"
sigs "github.com/sigstore/cosign/v3/pkg/signature"
"github.com/sigstore/sigstore/pkg/cryptoutils"
sigstoreSigs "github.com/sigstore/sigstore/pkg/signature"
"github.com/sigstore/sigstore/pkg/signature/options"
pkg/extensions/imagetrust/image_trust_test.go
+3 -3
View File
@@ -28,9 +28,9 @@ import (
"github.com/notaryproject/notation-go/verifier/trustpolicy"
"github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
. "github.com/smartystreets/goconvey/convey"
"gopkg.in/resty.v1"
pkg/extensions/sync/sync_test.go
+6 -6
View File
@@ -26,12 +26,12 @@ import (
godigest "github.com/opencontainers/go-digest"
"github.com/opencontainers/image-spec/specs-go"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/attach"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/verify"
"github.com/sigstore/cosign/v2/pkg/oci/remote"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/attach"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/verify"
"github.com/sigstore/cosign/v3/pkg/oci/remote"
. "github.com/smartystreets/goconvey/convey"
"gopkg.in/resty.v1"
pkg/test/signature/cosign.go
+3 -3
View File
@@ -10,9 +10,9 @@ import (
godigest "github.com/opencontainers/go-digest"
ispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v2/cmd/cosign/cli/sign"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/generate"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
)
func GetCosignSignatureTagForManifest(manifest ispec.Manifest) (string, error) {