Support for signing container images using cosign and self managed keys

[travier]

With cosign, we can use self managed keys to sign container images (see: https://docs.sigstore.dev/cosign/key_management/signing_with_self-managed_keys/).

It would be great if we could get all container images signed with a Fedora owned key.

I'm not sure exactly how that would fit into what's in the Fedora infra right now thus this issue.

Thanks!

[jeremycline]

So looking at cosign, there's a couple directions we could go. With the self-managed key feature you linked, it seems to just support various cloud vendor's key management solutions. Fedora does use a lot of AWS stuff so maybe using KMS would be okay,, but it's not the normal signing flow and not really Fedora-owned. Still, it's an option.

Another option would be to integrate into the "typical" signing flow, where the build service emits an AMQP message with a signing request, and that is set to the signing server with key access. This actually looks doable and https://docs.sigstore.dev/cosign/signing/signing_with_containers/#sign-and-upload-a-generated-payload-in-another-format-from-another-tool shows how to sign with an external tool:

# Generate a keypair
$ openssl ecparam -name prime256v1 -genkey -noout -out openssl.key
$ openssl ec -in openssl.key -pubout -out openssl.pub
# Generate the payload to be signed
$ cosign generate $IMAGE > payload.json
# Sign it and convert to base64
$ openssl dgst -sha256 -sign openssl.key -out payload.sig payload.json
$ cat payload.sig | base64 > payloadbase64.sig
# Upload the signature
$ cosign attach signature --payload payload.json --signature payloadbase64.sig $IMAGE

# Verify! Need to pass `--insecure-ignore-tlog` because attaching a signature
# doesn't upload it to the transparency log.
$ cosign verify --key openssl.pub --insecure-ignore-tlog $IMAGE

Verification for us.gcr.io/user/demo --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key
  - Any certificates were verified against the Fulcio roots.
{"critical":{"identity":{"docker-reference":"us.gcr.io/user/demo"},"image":{"docker-manifest-digest":"sha256:124e1fdee94fe5c5f902bc94da2d6e2fea243934c74e76c2368acdc8d3ac7155"},"type":"cosign container image signature"},"optional":null}

With this workflow, you could generate the JSON payload to sign, emit the message, and we could sign it on the signing server. You can then reattach it and do whatever you need to do. Does that workflow sound acceptable to you?

[travier]

Thanks for looking into this. This sounds like a good plan to me.

[jeremycline]

Note to myself, Secure Boot signing can use the same process with output of pesign -i <file-to-sign> -E, and then it can reattach the signature with pesign -R.

[travier]

Note to myself, Secure Boot signing can use the same process with output of pesign -i <file-to-sign> -E, and then it can reattach the signature with pesign -R.

That will be extremely useful once we'll start building UKIs.

[jeremycline]

Just a little update on the progress here: I've got support for this end-to-end in #121 and tests which use (essentially) the openssl command above. That PR should end up adding support for signing pretty much anything we want (Containers with Cosign, Secure Boot via systemd-sbsign or pesign, PCR registers with systemd-measure, RPMs via Sequoia once it ships PKCS11 support, etc).

All that to say I'm hopeful this will be ready "soon".

[joelcapitao]

Thank you @jeremycline for the heads-up, I'm looking forward to seeing this support, to be able to properly sign Fedora bootc images and derivatives within Konflux.