Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: sign generated installer image #42

Merged
merged 1 commit into from
Oct 24, 2023
Merged

feat: sign generated installer image #42

merged 1 commit into from
Oct 24, 2023

Conversation

smira
Copy link
Member

@smira smira commented Oct 23, 2023

Image Factory now signs the generated asset using cosign flow with a fixed key. Image Factory also verifies the signature before redirecting to the image. This way we ensure the consistency of the cache.

The signing ECDSA private key (PEM-encoded) should be supplied as --signing-key-path flag.

Fixes #29

@smira
feat: sign generated installer image
3dcb29d 
Image Factory now signs the generated asset using cosign flow with a
fixed key. Image Factory also verifies the signature before redirecting
to the image. This way we ensure the consistency of the cache.

The signing ECDSA private key (PEM-encoded) should be supplied as
`--signing-key-path` flag.

Fixes siderolabs#29

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira smira force-pushed the sign-installer-image branch from 36191bd to 3dcb29d Compare October 24, 2023 11:33
@smira
Copy link
Member Author

smira commented Oct 24, 2023

added an API to retrieve public signing key from the Image Factory

@smira
Copy link
Member Author

smira commented Oct 24, 2023

/m

@talos-bot talos-bot merged commit 3dcb29d into siderolabs:main Oct 24, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frezbo frezbo frezbo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sign & verify cached assets
3 participants
@smira @frezbo @talos-bot