Skip to content

feat: support sigstore/cosign verification for releases that publish .sigstore.json bundles #4

Description

@sgargel

Problem

Some tools — stackrox/kube-linter being the clearest example — ship .sigstore.json bundle files instead of (or alongside) a traditional
checksums.txt. Today find_checksum_asset only recognises SHA256/SHA512/MD5 patterns, so for these repos gri prints:

warning: no checksum file found in release assets, skipping verification

and installs without any integrity check.

How sigstore keyless verification works

The bundle file (e.g. kube-linter-linux.tar.gz.sigstore.json) is a self-contained Rekor-anchored proof. Verification requires cosign:

cosign verify-blob
--bundle kube-linter-linux.tar.gz.sigstore.json
--certificate-oidc-issuer https://token.actions.githubusercontent.com
--certificate-identity-regexp 'https://github.com/stackrox/kube-linter/.*'
kube-linter-linux.tar.gz

The OIDC issuer is always https://token.actions.githubusercontent.com for GitHub Actions-signed releases. The identity regexp can be derived
from the repo slug (owner/repo).

Proposed changes

  1. find_checksum_asset — add a new pattern match for "${an}.sigstore.json" returning a new pseudo-algo sigstore.
  2. verify_checksum (or a new verify_sigstore function) — when algo is sigstore, run:
    cosign verify-blob
    --bundle "$ckfile"
    --certificate-oidc-issuer https://token.actions.githubusercontent.com
    --certificate-identity-regexp "https://github.com/${owner_repo}/.*"
    "$file"
  3. Dependency check — call need cosign only when a sigstore bundle is actually found (soft dependency, no breakage for repos that don't use
    it).
  4. pick_asset — exclude *.sigstore.json from the fallback candidate list (currently they can slip through as a "sole asset" on narrow
    queries).

Open questions

  • Should a missing cosign binary be a hard error or fall back to the existing "skipping verification" warning?
  • Should --certificate-identity-regexp be overridable via an env var (e.g. GRI_COSIGN_IDENTITY) for non-GitHub-Actions signers?

Affected repos (known)

  • stackrox/kube-linter — .sigstore.json per asset, no checksums.txt

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions