Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag

cmd/cosign/cli/attach/sbom.go

@@ -20,18 +20,30 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/http"
 	"os"
 	"path/filepath"
 
+	"github.com/google/go-containerregistry/pkg/logs"
 	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
-	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	ocistatic "github.com/google/go-containerregistry/pkg/v1/static"
+	ocitypes "github.com/google/go-containerregistry/pkg/v1/types"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
+	ociexperimental "github.com/sigstore/cosign/v2/internal/pkg/oci/remote"
 	ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote"
 	"github.com/sigstore/cosign/v2/pkg/oci/static"
 )
 
-func SBOMCmd(ctx context.Context, regOpts options.RegistryOptions, sbomRef string, sbomType types.MediaType, imageRef string) error {
+func SBOMCmd(ctx context.Context, regOpts options.RegistryOptions, sbomRef string, sbomType ocitypes.MediaType, imageRef string) error {
+	if options.EnableOCIExperimental() {
+		return sbomCmdOCIExperimental(ctx, regOpts, sbomRef, sbomType, imageRef)
+	}
+
 	ref, err := name.ParseReference(imageRef, regOpts.NameOptions()...)
 	if err != nil {
 		return err
@@ -60,6 +72,67 @@ func SBOMCmd(ctx context.Context, regOpts options.RegistryOptions, sbomRef strin
 	return remote.Write(dstRef, img, regOpts.GetRegistryClientOpts(ctx)...)
 }
 
+func sbomCmdOCIExperimental(ctx context.Context, regOpts options.RegistryOptions, sbomRef string, sbomType ocitypes.MediaType, imageRef string) error {
+	var dig name.Digest
+	ref, err := name.ParseReference(imageRef, regOpts.NameOptions()...)
+	if err != nil {
+		return err
+	}
+	if digr, ok := ref.(name.Digest); ok {
+		dig = digr
+	} else {
+		desc, err := remote.Head(ref, regOpts.GetRegistryClientOpts(ctx)...)
+		if err != nil {
+			return err
+		}
+		dig = ref.Context().Digest(desc.Digest.String())
+	}
+
+	artifactType := ociexperimental.ArtifactType("sbom")
+
+	desc, err := remote.Head(dig, regOpts.GetRegistryClientOpts(ctx)...)
+	var terr *transport.Error
+	if errors.As(err, &terr) && terr.StatusCode == http.StatusNotFound {
+		h, err := v1.NewHash(dig.DigestStr())
+		if err != nil {
+			return err
+		}
+		// The subject doesn't exist, attach to it as if it's an empty OCI image.
+		logs.Progress.Println("subject doesn't exist, attaching to empty image")
+		desc = &v1.Descriptor{
+			ArtifactType: artifactType,
+			MediaType:    ocitypes.OCIManifestSchema1,
+			Size:         0,
+			Digest:       h,
+		}
+	} else if err != nil {
+		return err
+	}
+
+	b, err := sbomBytes(sbomRef)
+	if err != nil {
+		return err
+	}
+
+	empty := mutate.MediaType(
+		mutate.ConfigMediaType(empty.Image, ocitypes.MediaType(artifactType)),
+		ocitypes.OCIManifestSchema1)
+	att, err := mutate.AppendLayers(empty, ocistatic.NewLayer(b, sbomType))
+	if err != nil {
+		return err
+	}
+	att = mutate.Subject(att, *desc).(v1.Image)
+	attdig, err := att.Digest()
+	if err != nil {
+		return err
+	}
+	dstRef := ref.Context().Digest(attdig.String())
+
+	fmt.Fprintf(os.Stderr, "Uploading SBOM file for [%s] to [%s] with config.mediaType [%s] layers[0].mediaType [%s].\n",
+		ref.Name(), dstRef.String(), artifactType, sbomType)
+	return remote.Write(dstRef, att, regOpts.GetRegistryClientOpts(ctx)...)
+}
+
 func sbomBytes(sbomRef string) ([]byte, error) {
 	// sbomRef can be "-", a string or a file.
 	switch signatureType(sbomRef) {

cmd/cosign/cli/options/experimental.go

@@ -26,3 +26,10 @@ func EnableExperimental() bool {
 	}
 	return false
 }
+
+func EnableOCIExperimental() bool {
+	if b, err := strconv.ParseBool(env.Getenv(env.VariableOCIExperimental)); err == nil {
+		return b
+	}
+	return false
+}

cmd/cosign/cli/sign/sign.go

@@ -24,6 +24,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/google/go-containerregistry/pkg/name"
@@ -42,6 +43,7 @@ import (
 	"github.com/sigstore/cosign/v2/internal/pkg/cosign/tsa"
 	"github.com/sigstore/cosign/v2/internal/ui"
 	"github.com/sigstore/cosign/v2/pkg/cosign"
+	"github.com/sigstore/cosign/v2/pkg/cosign/env"
 	"github.com/sigstore/cosign/v2/pkg/cosign/pivkey"
 	"github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key"
 	cremote "github.com/sigstore/cosign/v2/pkg/cosign/remote"
@@ -311,6 +313,11 @@ func signDigest(ctx context.Context, digest name.Digest, payload []byte, ko opti
 		ui.Infof(ctx, "Pushing signature to: %s", repo.RepositoryStr())
 	}
 
+	// Publish the signatures associated with this entity (using OCI 1.1+ behavior)
+	if b, err := strconv.ParseBool(env.Getenv(env.VariableOCIExperimental)); err == nil && b {
+		return ociremote.WriteSignaturesExperimentalOCI(digest, newSE, walkOpts...)
+	}
+
 	// Publish the signatures associated with this entity
 	if err := ociremote.WriteSignatures(digest.Repository, newSE, walkOpts...); err != nil {
 		return err

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/go-piv/piv-go v1.10.0
 	github.com/google/certificate-transparency-go v1.1.4
 	github.com/google/go-cmp v0.5.9
-	github.com/google/go-containerregistry v0.13.0
+	github.com/google/go-containerregistry v0.13.1-0.20230203223142-b3c23b4c3f28
 	github.com/google/go-github/v50 v50.0.0
 	github.com/in-toto/in-toto-golang v0.5.0
 	github.com/kelseyhightower/envconfig v1.4.0

go.sum

@@ -507,8 +507,8 @@ github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.13.0 h1:y1C7Z3e149OJbOPDBxLYR8ITPz8dTKqQwjErKVHJC8k=
-github.com/google/go-containerregistry v0.13.0/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
+github.com/google/go-containerregistry v0.13.1-0.20230203223142-b3c23b4c3f28 h1:gFDKHwyCxpzgUozSOM8eLCx0V7muSr30QYU2QH+p48E=
+github.com/google/go-containerregistry v0.13.1-0.20230203223142-b3c23b4c3f28/go.mod h1:J9FQ+eSS4a1aC2GNZxvNpbWhgp0487v+cgiilB4FqDo=
 github.com/google/go-github/v50 v50.0.0 h1:gdO1AeuSZZK4iYWwVbjni7zg8PIQhp7QfmPunr016Jk=
 github.com/google/go-github/v50 v50.0.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=

internal/pkg/oci/remote/remote.go

@@ -0,0 +1,25 @@
+//
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"fmt"
+)
+
+// ArtifactType converts a attachment name (sig/sbom/att/etc.) into a valid artifactType (OCI 1.1+).
+func ArtifactType(attName string) string {
+	return fmt.Sprintf("application/vnd.dev.cosign.artifact.%s.v1+json", attName)
+}

pkg/cosign/env/env.go

@@ -50,6 +50,7 @@ const (
 	VariablePKCS11Pin        Variable = "COSIGN_PKCS11_PIN"
 	VariablePKCS11ModulePath Variable = "COSIGN_PKCS11_MODULE_PATH"
 	VariableRepository       Variable = "COSIGN_REPOSITORY"
+	VariableOCIExperimental  Variable = "COSIGN_OCI_EXPERIMENTAL"
 
 	// Sigstore environment variables
 	VariableSigstoreCTLogPublicKeyFile Variable = "SIGSTORE_CT_LOG_PUBLIC_KEY_FILE"
@@ -75,6 +76,11 @@ var (
 			Expects:     "1 if experimental features should be enabled (0 by default)",
 			Sensitive:   false,
 		},
+		VariableOCIExperimental: {
+			Description: "enables experimental cosign features for OCI (1.1+)",
+			Expects:     "1 if experimental OCI features should be enabled (0 by default)",
+			Sensitive:   false,
+		},
 		VariableDockerMediaTypes: {
 			Description: "to be used with registries that do not support OCI media types",
 			Expects:     "1 to fallback to legacy OCI media types equivalents (0 by default)",

pkg/cosign/verify.go

@@ -30,11 +30,13 @@ import (
 	"fmt"
 	"os"
 	"regexp"
+	"strconv"
 	"strings"
 	"time"
 
 	"github.com/digitorus/timestamp"
 	cbundle "github.com/sigstore/cosign/v2/pkg/cosign/bundle"
+	"github.com/sigstore/cosign/v2/pkg/cosign/env"
 	"github.com/sigstore/sigstore/pkg/tuf"
 
 	"github.com/sigstore/cosign/v2/pkg/blob"
@@ -46,6 +48,7 @@ import (
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 
 	ssldsse "github.com/secure-systems-lab/go-securesystemslib/dsse"
+	ociexperimental "github.com/sigstore/cosign/v2/internal/pkg/oci/remote"
 	"github.com/sigstore/cosign/v2/pkg/oci"
 	"github.com/sigstore/cosign/v2/pkg/oci/layout"
 	ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote"
@@ -461,6 +464,14 @@ func (fos *fakeOCISignatures) Get() ([]oci.Signature, error) {
 // VerifyImageSignatures does all the main cosign checks in a loop, returning the verified signatures.
 // If there were no valid signatures, we return an error.
 func VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
+	if b, err := strconv.ParseBool(env.Getenv(env.VariableOCIExperimental)); err == nil && b {
+		verified, bundleVerified, err := verifyImageSignaturesExperimentalOCI(ctx, signedImgRef, co)
+		if err == nil {
+			return verified, bundleVerified, nil
+		}
+		fmt.Println("Unable to locate sig attachment using digest tag, trying older scheme")
+	}
+
 	// Enforce this up front.
 	if co.RootCerts == nil && co.SigVerifier == nil {
 		return nil, false, errors.New("one of verifier or root certs is required")
@@ -1281,3 +1292,57 @@ func correctAnnotations(wanted, have map[string]interface{}) bool {
 	}
 	return true
 }
+
+// verifyImageSignaturesExperimentalOCI does all the main cosign checks in a loop, returning the verified signatures.
+// If there were no valid signatures, we return an error, using OCI 1.1+ behavior.
+func verifyImageSignaturesExperimentalOCI(ctx context.Context, signedImgRef name.Reference, co *CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
+	// Enforce this up front.
+	if co.RootCerts == nil && co.SigVerifier == nil {
+		return nil, false, errors.New("one of verifier or root certs is required")
+	}
+
+	// This is a carefully optimized sequence for fetching the signatures of the
+	// entity that minimizes registry requests when supplied with a digest input
+	digest, err := ociremote.ResolveDigest(signedImgRef, co.RegistryClientOpts...)
+	if err != nil {
+		return nil, false, err
+	}
+	h, err := v1.NewHash(digest.Identifier())
+	if err != nil {
+		return nil, false, err
+	}
+
+	var sigs oci.Signatures
+	sigRef := co.SignatureRef
+	if sigRef == "" {
+		artifactType := ociexperimental.ArtifactType("sig")
+		index, err := ociremote.Referrers(digest, artifactType, co.RegistryClientOpts...)
+		if err != nil {
+			return nil, false, err
+		}
+		results := index.Manifests
+		numResults := len(results)
+		if numResults == 0 {
+			return nil, false, fmt.Errorf("unable to locate reference with artifactType %s", artifactType)
+		} else if numResults > 1 {
+			// TODO: if there is more than 1 result.. what does that even mean?
+			fmt.Printf("WARNING: there were a total of %d references with artifactType %s\n", numResults, artifactType)
+		}
+		lastResult := results[numResults-1]
+		st, err := name.ParseReference(fmt.Sprintf("%s@%s", digest.Repository, lastResult.Digest.String()))
+		if err != nil {
+			return nil, false, err
+		}
+		sigs, err = ociremote.Signatures(st, co.RegistryClientOpts...)
+		if err != nil {
+			return nil, false, err
+		}
+	} else {
+		sigs, err = loadSignatureFromFile(sigRef, signedImgRef, co)
+		if err != nil {
+			return nil, false, err
+		}
+	}
+
+	return verifySignatures(ctx, sigs, h, co)
+}

pkg/oci/remote/referrers.go

@@ -0,0 +1,30 @@
+//
+// Copyright 2023 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+// Referrers fetches references using registry options.
+func Referrers(d name.Digest, artifactType string, opts ...Option) (*v1.IndexManifest, error) {
+	o := makeOptions(name.Repository{}, opts...)
+	rOpt := o.ROpt
+	rOpt = append(rOpt, remote.WithFilter("artifactType", artifactType))
+	return remote.Referrers(d, rOpt...)
+}