feat(cosign): allow configurable sign/verify args via env vars#806
Open
jtsylve wants to merge 1 commit into
Open
feat(cosign): allow configurable sign/verify args via env vars#806jtsylve wants to merge 1 commit into
jtsylve wants to merge 1 commit into
Conversation
The cosign signing driver builds fixed `cosign sign` and `cosign verify` commands with no way to pass additional cosign flags. cosign defaults `--tlog-upload=true` on sign (publishing image digests to the public Rekor log and requiring internet) and, symmetrically, `cosign verify` requires a tlog entry by default — so an image signed offline cannot be verified by the build's own sign-and-verify step. Add two opt-in env vars whose whitespace-separated tokens are appended: BB_COSIGN_SIGN_ARGS -> appended to `cosign sign` BB_COSIGN_VERIFY_ARGS -> appended to `cosign verify` Both are unset by default, so there is no behavior change for existing users. For a private/offline registry, set: BB_COSIGN_SIGN_ARGS="--tlog-upload=false" BB_COSIGN_VERIFY_ARGS="--insecure-ignore-tlog=true" Signed-off-by: Joe Sylve <joe.sylve@gmail.com>
gmpinder
requested changes
Jul 1, 2026
Member
There was a problem hiding this comment.
I feel like this is something that should be an argument to the CLI itself, especially if we want this to also work with the sigstore driver too as the cosign driver isn't the only thing that is used for signing and verification. As a matter of fact, the cosign driver will be removed at a later point in favor of the native rust code.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The cosign signing driver builds fixed
cosign sign/cosign verifycommands with no way to pass extra flags. cosign defaults--tlog-upload=trueon sign (publishing image digests to the public Rekor log and requiring internet) and, symmetrically,cosign verifyrequires a tlog entry by default — so an image signed offline cannot be verified by the build's own sign-and-verify step.Change
Add two opt-in env vars whose whitespace-separated tokens are appended to the respective command:
BB_COSIGN_SIGN_ARGS→ appended tocosign signBB_COSIGN_VERIFY_ARGS→ appended tocosign verifyBoth are unset by default, so there is no behavior change for existing users. For a private/offline registry:
Notes
utils/src/constants.rsper the existing convention and documented with rustdoc.split_extra_argshelper with a unit test (whitespace-only → no args, single flag, multiple flags). Shell quoting is intentionally not supported; each flag must be a single whitespace-free token.cargo fmt --check,cargo clippy, and the new unit test pass.