From 8002de8e4387ad35a24eab738bae9004572977e1 Mon Sep 17 00:00:00 2001 From: Tommy Dalton Date: Fri, 6 Jun 2025 12:10:23 +0100 Subject: [PATCH 1/3] Encoding Public Key when no cert is present in sign-blob request Signed-off-by: Tommy Dalton --- cmd/cosign/cli/sign/sign_blob.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/cmd/cosign/cli/sign/sign_blob.go b/cmd/cosign/cli/sign/sign_blob.go index c01e7952044..dc2280accaf 100644 --- a/cmd/cosign/cli/sign/sign_blob.go +++ b/cmd/cosign/cli/sign/sign_blob.go @@ -35,6 +35,7 @@ import ( "github.com/sigstore/cosign/v2/internal/ui" "github.com/sigstore/cosign/v2/pkg/cosign" cbundle "github.com/sigstore/cosign/v2/pkg/cosign/bundle" + sigs "github.com/sigstore/cosign/v2/pkg/signature" protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1" protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" "github.com/sigstore/rekor/pkg/generated/models" @@ -45,7 +46,7 @@ import ( // nolint func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string, b64 bool, outputSignature string, outputCertificate string, tlogUpload bool) ([]byte, error) { var payload internal.HashReader - + var err error ctx, cancel := context.WithTimeout(context.Background(), ro.Timeout) defer cancel() @@ -240,7 +241,17 @@ func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string return nil, fmt.Errorf("create certificate file: %w", err) } ui.Infof(ctx, "Wrote certificate to file %s", outputCertificate) + } else { + pemBytes, err := sigs.PublicKeyPem(sv, signatureoptions.WithContext(ctx)) + if err != nil { + return nil, err + } + if err := os.WriteFile(outputCertificate, pemBytes, 0600); err != nil { + return nil, err + } + return pemBytes, nil } + } return sig, nil From 57460845e354dec58b3070520031a2d5f8d96f25 Mon Sep 17 00:00:00 2001 From: Tommy Dalton Date: Thu, 24 Jul 2025 10:00:28 +0100 Subject: [PATCH 2/3] Checking if signer has cert in cosign sign Signed-off-by: Tommy Dalton --- cmd/cosign/cli/sign/sign.go | 2 +- cmd/cosign/cli/sign/sign_blob.go | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/cmd/cosign/cli/sign/sign.go b/cmd/cosign/cli/sign/sign.go index a6ee88122d1..5987f50c2b3 100644 --- a/cmd/cosign/cli/sign/sign.go +++ b/cmd/cosign/cli/sign/sign.go @@ -294,7 +294,7 @@ func signDigest(ctx context.Context, digest name.Digest, payload []byte, ko opti } if signOpts.OutputCertificate != "" { - rekorBytes, err := sv.Bytes(ctx) + rekorBytes, err := extractCertificate(ctx,sv) if err != nil { return fmt.Errorf("create certificate file: %w", err) } diff --git a/cmd/cosign/cli/sign/sign_blob.go b/cmd/cosign/cli/sign/sign_blob.go index dc2280accaf..8b5ef914f64 100644 --- a/cmd/cosign/cli/sign/sign_blob.go +++ b/cmd/cosign/cli/sign/sign_blob.go @@ -241,17 +241,7 @@ func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string return nil, fmt.Errorf("create certificate file: %w", err) } ui.Infof(ctx, "Wrote certificate to file %s", outputCertificate) - } else { - pemBytes, err := sigs.PublicKeyPem(sv, signatureoptions.WithContext(ctx)) - if err != nil { - return nil, err - } - if err := os.WriteFile(outputCertificate, pemBytes, 0600); err != nil { - return nil, err - } - return pemBytes, nil - } - + } } return sig, nil From 3c2ea03bf4204e73c28a65d3e9f12b66179ed8d9 Mon Sep 17 00:00:00 2001 From: Tommy Dalton Date: Thu, 24 Jul 2025 10:06:33 +0100 Subject: [PATCH 3/3] Removing unused package Signed-off-by: Tommy Dalton --- cmd/cosign/cli/sign/sign_blob.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/cosign/cli/sign/sign_blob.go b/cmd/cosign/cli/sign/sign_blob.go index 8b5ef914f64..ac6f23a3362 100644 --- a/cmd/cosign/cli/sign/sign_blob.go +++ b/cmd/cosign/cli/sign/sign_blob.go @@ -35,7 +35,6 @@ import ( "github.com/sigstore/cosign/v2/internal/ui" "github.com/sigstore/cosign/v2/pkg/cosign" cbundle "github.com/sigstore/cosign/v2/pkg/cosign/bundle" - sigs "github.com/sigstore/cosign/v2/pkg/signature" protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1" protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" "github.com/sigstore/rekor/pkg/generated/models"