Problem
Some tools — stackrox/kube-linter being the clearest example — ship .sigstore.json bundle files instead of (or alongside) a traditional
checksums.txt. Today find_checksum_asset only recognises SHA256/SHA512/MD5 patterns, so for these repos gri prints:
warning: no checksum file found in release assets, skipping verification
and installs without any integrity check.
How sigstore keyless verification works
The bundle file (e.g. kube-linter-linux.tar.gz.sigstore.json) is a self-contained Rekor-anchored proof. Verification requires cosign:
cosign verify-blob
--bundle kube-linter-linux.tar.gz.sigstore.json
--certificate-oidc-issuer https://token.actions.githubusercontent.com
--certificate-identity-regexp 'https://github.com/stackrox/kube-linter/.*'
kube-linter-linux.tar.gz
The OIDC issuer is always https://token.actions.githubusercontent.com for GitHub Actions-signed releases. The identity regexp can be derived
from the repo slug (owner/repo).
Proposed changes
- find_checksum_asset — add a new pattern match for "${an}.sigstore.json" returning a new pseudo-algo sigstore.
- verify_checksum (or a new verify_sigstore function) — when algo is sigstore, run:
cosign verify-blob
--bundle "$ckfile"
--certificate-oidc-issuer https://token.actions.githubusercontent.com
--certificate-identity-regexp "https://github.com/${owner_repo}/.*"
"$file"
- Dependency check — call need cosign only when a sigstore bundle is actually found (soft dependency, no breakage for repos that don't use
it).
- pick_asset — exclude *.sigstore.json from the fallback candidate list (currently they can slip through as a "sole asset" on narrow
queries).
Open questions
- Should a missing cosign binary be a hard error or fall back to the existing "skipping verification" warning?
- Should --certificate-identity-regexp be overridable via an env var (e.g. GRI_COSIGN_IDENTITY) for non-GitHub-Actions signers?
Affected repos (known)
- stackrox/kube-linter — .sigstore.json per asset, no checksums.txt
Problem
Some tools — stackrox/kube-linter being the clearest example — ship .sigstore.json bundle files instead of (or alongside) a traditional
checksums.txt. Today find_checksum_asset only recognises SHA256/SHA512/MD5 patterns, so for these repos gri prints:
warning: no checksum file found in release assets, skipping verification
and installs without any integrity check.
How sigstore keyless verification works
The bundle file (e.g. kube-linter-linux.tar.gz.sigstore.json) is a self-contained Rekor-anchored proof. Verification requires cosign:
cosign verify-blob
--bundle kube-linter-linux.tar.gz.sigstore.json
--certificate-oidc-issuer https://token.actions.githubusercontent.com
--certificate-identity-regexp 'https://github.com/stackrox/kube-linter/.*'
kube-linter-linux.tar.gz
The OIDC issuer is always https://token.actions.githubusercontent.com for GitHub Actions-signed releases. The identity regexp can be derived
from the repo slug (owner/repo).
Proposed changes
cosign verify-blob
--bundle "$ckfile"
--certificate-oidc-issuer https://token.actions.githubusercontent.com
--certificate-identity-regexp "https://github.com/${owner_repo}/.*"
"$file"
it).
queries).
Open questions
Affected repos (known)