Requirements for obtaining the badge "Signed" for container images

[volker-raschek]

Hello everyone,
I am in the process of unlocking all three badges for the container image dcmerge. Currently, the only badge I'm missing is "Signed".

I couldn't find anything in the documentation about how container images need to be signed or what requirements ArtifactHub has for signed images to receive the "Signed" badge.

Since dcmerge project uses goreleaser, I followed the documentation there and defined docker_sign in the .goreleaser file. In the CI, cosign is installed via Action. Actually v3.0.3 of cosign. The environment variables that cosign needs for signing, such as COSIGN_PASSPHRASE and COSIGN_PRIVATE_KEY, are also defined there.

When I now check the image using cosign, I don't get an error message / exit code > 0. I assume that the signature of the container image is correct:

$ oras pull git.cryptic.systems/volker.raschek/dcmerge:cosign.pub
$ cosign verify \
  --key cosign.pub \
    git.cryptic.systems/volker.raschek/dcmerge:0.8.3
✓ Pulled      cosign.pub                                                                                                                   178/178  B 100.00%   64µs
  └─ sha256:14e056b1cd208bf3b285369ecd7e296b92b5546dd13b29f7907c2a45b414d975                                                                                        
✓ Pulled      application/vnd.oci.image.manifest.v1+json                                                                                   597/597  B 100.00%   12µs
  └─ sha256:56df96a04fefaad86894cbc79ace1d747de7e7eeaa05ed1e5a2cbacd2b91757a                                                                                        
Pulled [registry] git.cryptic.systems/volker.raschek/dcmerge:cosign.pub
Digest: sha256:56df96a04fefaad86894cbc79ace1d747de7e7eeaa05ed1e5a2cbacd2b91757a

Verification for git.cryptic.systems/volker.raschek/dcmerge:0.8.3 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key

[{"critical":{"identity":{"docker-reference":"git.cryptic.systems/volker.raschek/dcmerge:0.8.3"},"image":{"docker-manifest-digest":"sha256:5a0889073d2cebc3c05ccf886ba4250e07308720d928b688d9647f852450889b"},"type":"https://sigstore.dev/cosign/sign/v1"},"optional":{}},{"critical":{"identity":{"docker-reference":"git.cryptic.systems/volker.raschek/dcmerge:0.8.3"},"image":{"docker-manifest-digest":"sha256:5a0889073d2cebc3c05ccf886ba4250e07308720d928b688d9647f852450889b"},"type":"https://sigstore.dev/cosign/sign/v1"},"optional":{}}]

Nevertheless, the badge is not displayed. I can't immediately explain why.

I tried to locate the blob using cosign where the signature is stored. It also ends in .sig.

$ cosign triangulate git.cryptic.systems/volker.raschek/dcmerge:0.8.3
git.cryptic.systems/volker.raschek/dcmerge:sha256-5a0889073d2cebc3c05ccf886ba4250e07308720d928b688d9647f852450889b.sig

I don't know if this is a requirement of ArtifactHub, but when I look at other images that are signed, the tags always end in .sig, which I don't have:

$ skopeo list-tags "docker://git.cryptic.systems/volker.raschek/dcmerge" | grep sha256
        "sha256-5a0889073d2cebc3c05ccf886ba4250e07308720d928b688d9647f852450889b"

$ skopeo list-tags docker://docker.io/goreleaser/goreleaser | grep sha256
...
        "sha256-f9aeadc0ff8febfc3098d5c6a7bfb61b4709f05634517784a0981fd85febb07c.sig",
        "sha256-fa57c33ac09284215cdd85f65238cc35daa6f516167f4568bebc6d9426f7508a.sig",
        "sha256-fac7cb3ad2359f7b3ba83be5d816ee9cbfb04587dad95e2d85baf739ca8a5e30.sig",
        "sha256-fbf5c7760b7e3bfc19676ca73ee4e0eb4ce65e86dc96c8ecc17956e3d4512d34.sig",
        "sha256-fca7c247885a248771d1decf76559a66342097b894b87537567795e1a3dbd510.sig",
        "sha256-fd1b9be7318c2b8fb0ca1cb038fa72cff9e55609e6742999890f015ff1874c6b.sig",
        "sha256-fdb44c129c09afe4625a817b672885ab820f57bcbedf9b1ae08fabf88cdc7691.sig",
        "sha256-fdf34373bdc23edde23f5814cf3178560fae92d31e55b937168742fe3e060a36.sig",
        "sha256-fe4e0861cdaf0f160c28c54997700c6972c63c8c81fa209917115e6d854bb86d.sig",
        "sha256-ff9d2d7d2f81b73dc75c68705f2c1803edd70351422b5d4e5e1329c72a7cf6c4.sig",
...

So now the questions:

1. What are the requirements from ArtifactHub to get the badge "Signed"?
2. Is there any documentation when a container image receive the badge "Signed"?
3. Is the ending .sig a must have?
4. Could it be possible, that cosign v3.0.3 is to new and does not create signatures ending on .sig?

I hope someone can help me.

Thanks in advance,
Volker

[tegioz]

Hi @volker-raschek 👋

It's likely that's related to the cosign version used, yes. Please see #4684 (comment) and #4684 (comment).

[volker-raschek]

Hi @tegioz,
yes you are right. I rolled back cosign to v2.6 and it seems to work. The container has now received the badge "Signed".

Are there plans to support the new pattern of cosign v3 as well or is that an unexpected breaking change of cosign?

Volker

[tegioz]

Awesome!

We'll look into cosign v3 and consider adding support for it to AH 🙂