cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon kyma-project

Command: verify module

Open clebs opened this issue 3 years ago • 3 comments

Description

Kyma modules are released and distributed as OCI container images following the OCM format. This format supports cryptographically signing the images, which will make sure that kyma modules are correct and distributed by a trusted authority.

To help integrate the validation process into different systems (KCP, CI/CD, etc...) the CLI needs to provide a command to verify the authenticity of a module.

Reasons

Kyma modules have to be verifiable.

Attachments

Implementation should be based on: https://github.com/gardener/component-cli

clebs avatar Jul 04 '22 11:07 clebs

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.

kyma-stale-bot[bot] avatar Sep 02 '22 13:09 kyma-stale-bot[bot]

@clebs : can we close this one as we are not using CNUDIE for our Kyma modules?

tobiscr avatar Oct 21 '22 08:10 tobiscr

Hi @tobiscr, we are not using CNUDIE but OCM (its successor). I updated the description to make it clear.

The task is still relevant.

clebs avatar Oct 24 '22 14:10 clebs

This issue or PR has been automatically marked as stale due to the lack of recent activity. Thank you for your contributions.

This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 7d of inactivity since lifecycle/stale was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Close this issue or PR with /close

If you think that I work incorrectly, kindly raise an issue with the problem.

/lifecycle stale

kyma-bot avatar Dec 23 '22 15:12 kyma-bot

This issue or PR has been automatically closed due to the lack of activity. Thank you for your contributions.

This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 7d of inactivity since lifecycle/stale was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle stale

If you think that I work incorrectly, kindly raise an issue with the problem.

/close

kyma-bot avatar Dec 30 '22 15:12 kyma-bot

@kyma-bot: Closing this issue.

In response to this:

This issue or PR has been automatically closed due to the lack of activity. Thank you for your contributions.

This bot triages issues and PRs according to the following rules:

  • After 60d of inactivity, lifecycle/stale is applied
  • After 7d of inactivity since lifecycle/stale was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle stale

If you think that I work incorrectly, kindly raise an issue with the problem.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kyma-bot avatar Dec 30 '22 15:12 kyma-bot

Since this is not a command that would be used during the "basic" scenario we will skip it, as there is multiple tooling to verify the signatures. Even Gardener exposes the CLI to do that: https://github.com/gardener/component-cli/blob/main/docs/README.md#verifying-signatures

We should avoid duplicating functionalities of other tools due to the maintenance effort that it brings.

janmedrek avatar Feb 16 '23 12:02 janmedrek