Describe what should be investigated or refactored
The bundle signing logic today creates a standard signature through the use of the zarf signing package.
Cosign sign_blob has recently changed in behavior such that it does not produce both a standard signature and the new bundle format signature. uds-cli handles package signing through zarf as expected but bundle signing relies on to production of both signatures (but largely ignored the new bundle signature).
These changes are coming in the next Zarf release and can be mitigated by setting explicit bundle signing parameters.
PR to follow.
Describe what should be investigated or refactored
The bundle signing logic today creates a standard signature through the use of the zarf
signingpackage.Cosign
sign_blobhas recently changed in behavior such that it does not produce both a standard signature and the new bundle format signature. uds-cli handles package signing through zarf as expected but bundle signing relies on to production of both signatures (but largely ignored the new bundle signature).These changes are coming in the next Zarf release and can be mitigated by setting explicit bundle signing parameters.
PR to follow.