As we are at it: With the recent additions to our CI build, we now also
provide signed attestations for the container images (using the
sigstore bundle format [1], OIDC workflow against GH as identity
provider). These attest the container digests and can currently be
verified with the gh CLI tool or in the GH web-ui [2]. Unfortunately
you cannot verify with cosign, as this tool does not yet support the
bundle spec.
Further, the containers can be reproduced by either:
- forking kas and executing the GH actions CI on the fork (this
reproduces everything, including the exact index manifest)
- running the scripts/reproduce-container.sh script. This reproduces
the sum of all layers (image id), which is everything except for the
container metadata. If you don't trust the github actions CI runners,
this is the check to perform.
*** Stop reading here, if you don't want to go down the container repro
rabbit hole.***
The digest of a container tag is determined by the checksum of the
manifest the tag points to. When fetching a container, docker (or
podman) stores the digest along with the image id (basically everything
except for the metadata), but the tool does NOT store the manifest
itself. When now rebuilding the image locally, you recreate the same
image id (all layers are bit-identical). When now running a docker
image ls there are two cases:
1. You already downloaded the upstream kas container: Docker now checks
the image id and as this matches the id of the upstream digest (a local
table lookup), it also associates it with that digest. In this case, it
"looks like" you fully reproduced everything including the metadata,
while you actually only reproduced the image id (content).
2. No local upstream image: In this case, docker creates a manifest for
the locally build image. As this misses some metadata, it also results
in a different digest. When now fetching the upstream kas container,
you will see two different digests (the downloaded and the locally
rebuilt), but both have the same image id.
[1]
https://github.com/sigstore/cosign/blob/main/specs/BUNDLE_SPEC.md
[2]
https://github.com/siemens/kas/attestations/855553
Felix