Ref/update cosign key (#31)

* use new cosign keypair
* use community images for production image heuristic
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
Fabian Kammel 2022-09-01 12:58:31 +02:00 committed by GitHub
parent db942ee4b5
commit 6440904865
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 11 additions and 14 deletions

View File

@ -146,19 +146,16 @@ func TestConfigFetchMeasurements(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
require := require.New(t) require := require.New(t)
measurements := `0: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= measurements := `1: fPRxd3lV3uybnSVhcBmM6XLzcvMitXW78G0RRuQxYGc=
1: PpZwsXLISi+uelbloy9u3m9M+X0/Br11g5cqq370Kxc=
2: PUWM/lXMA+ofRD8VYr7sjfUcdeFKn8+acjShPxmOeWk= 2: PUWM/lXMA+ofRD8VYr7sjfUcdeFKn8+acjShPxmOeWk=
3: PUWM/lXMA+ofRD8VYr7sjfUcdeFKn8+acjShPxmOeWk= 3: PUWM/lXMA+ofRD8VYr7sjfUcdeFKn8+acjShPxmOeWk=
4: C5/4ItGHR986BeUS7VNGD/wLltkAEOmw3sek9wA/QQs= 4: HaV5ivUAGzMxmKkfKjcG3wmW08MRUWr+vsfIMVQpOH0=
5: ZykPWLTRtSn5ImX6ZpHW7JpvwqN9M9L170FtEQl3PYg= 5: PemdXV59WnLLzPz0F4GGCTKm8KbHskPRvon1dtNw7oY=
6: PUWM/lXMA+ofRD8VYr7sjfUcdeFKn8+acjShPxmOeWk= 7: 8dI/6SUmQ5sd8+bulPDpJ8ghs0UX0+fgLlW8kutAYKw=
7: UZcW+fhFRMpFkgU+EfKG2s3KdmgEA+TD2quLmthQHbo= 8: XJ5IBWy6b6vqojkTsk/GLOWyfNUB2qaf58+JjMYiAB4=
8: h4oDFRNoG+e3iig9KmrRZQUNfeCPpk2eqH3ZTpUikmw= 9: Gw5gq8D1WXfz46sF/OKiWbkBssyt4ayGybzNyV9cUCQ=
9: vODgwZQa0pm/my1oXAQWHv1ozwzMYGELX2eO44MoUlA=
10: TyOf7DchF2qkAYUBSZLQobvbsTx3GjYGKELTfAc2vRw=
` `
signature := "MEUCIBQYbeZMYNPFTaD80fcjlm75eiwxxQ6xu0JM/H2Ha7dJAiEA1WVdnpX+NbsJLzc2lrvUQFztfaWoDA8A39pHsu1MG6c=" signature := "MEUCIFdJ5dH6HDywxQWTUh9Bw77wMrq0mNCUjMQGYP+6QsVmAiEAmazj/L7rFGA4/Gz8y+kI5h5E5cDgc3brihvXBKF6qZA="
cmd := newConfigFetchMeasurementsCmd() cmd := newConfigFetchMeasurementsCmd()
cmd.Flags().String("config", constants.ConfigFilename, "") // register persisten flag manually cmd.Flags().String("config", constants.ConfigFilename, "") // register persisten flag manually

View File

@ -386,7 +386,7 @@ func (c *Config) IsImageDebug() bool {
gcpRegex := regexp.MustCompile(`^projects\/constellation-images\/global\/images\/constellation-v[\d]+-[\d]+-[\d]+$`) gcpRegex := regexp.MustCompile(`^projects\/constellation-images\/global\/images\/constellation-v[\d]+-[\d]+-[\d]+$`)
return !gcpRegex.MatchString(c.Provider.GCP.Image) return !gcpRegex.MatchString(c.Provider.GCP.Image)
case c.Provider.Azure != nil: case c.Provider.Azure != nil:
azureRegex := regexp.MustCompile(`^\/subscriptions\/0d202bbb-4fa7-4af8-8125-58c269a05435\/resourceGroups\/constellation-images\/providers\/Microsoft.Compute\/galleries\/Constellation\/images\/constellation\/versions\/[\d]+.[\d]+.[\d]+$`) azureRegex := regexp.MustCompile(`^\/CommunityGalleries\/ConstellationCVM-b3782fa0-0df7-4f2f-963e-fc7fc42663df\/Images\/constellation\/Versions\/[\d]+.[\d]+.[\d]+$`)
return !azureRegex.MatchString(c.Provider.Azure.Image) return !azureRegex.MatchString(c.Provider.Azure.Image)
default: default:
return false return false

View File

@ -352,7 +352,7 @@ func TestConfig_IsImageDebug(t *testing.T) {
conf: func() *Config { conf: func() *Config {
conf := Default() conf := Default()
conf.RemoveProviderExcept(cloudprovider.Azure) conf.RemoveProviderExcept(cloudprovider.Azure)
conf.Provider.Azure.Image = "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2022.0805.151600" conf.Provider.Azure.Image = "/CommunityGalleries/ConstellationCVM-b3782fa0-0df7-4f2f-963e-fc7fc42663df/Images/constellation/Versions/0.0.1"
return conf return conf
}(), }(),
want: false, want: false,

View File

@ -110,8 +110,8 @@ const (
S3PublicBucket = "https://public-edgeless-constellation.s3.us-east-2.amazonaws.com/" S3PublicBucket = "https://public-edgeless-constellation.s3.us-east-2.amazonaws.com/"
// CosignPublicKey signs all our releases. // CosignPublicKey signs all our releases.
CosignPublicKey = `-----BEGIN PUBLIC KEY----- CosignPublicKey = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Iv15myTjpa1KznlGFe+dBEjN91q MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT
oGhQf4z+3TgFjv+Z+6ATPA1OPANf0//6p+goKifNZD5+Cq/VEAP7xOhlYw== JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw==
-----END PUBLIC KEY-----` -----END PUBLIC KEY-----`
) )