Skip to content

feat: embed Rekor bundle in OCI attestation layer annotations #1610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ab-ghosh wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: embed Rekor bundle in OCI attestation layer annotations #1610

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions docs/sigstore.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ Right now, Chains default to storing entries in the public Rekor instance
kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"transparency.url": "<YOUR URL>"}}'
```

### Offline Verification with Rekor Bundle

When transparency is enabled and the OCI storage backend is used, Chains automatically embeds the Rekor bundle (`dev.sigstore.cosign/bundle`) in the OCI attestation layer annotations. This enables offline verification of transparency log entries without querying the Rekor server.

This applies to **attestations only** (in-toto / DSSE-wrapped SLSA provenance stored via `cosign verify-attestation`). OCI image signatures using the simplesigning format do not currently embed the bundle, so `cosign verify` will not find it.

No additional configuration is required — the bundle is embedded automatically when `transparency.enabled` is set to `true` and attestations are stored in an OCI registry.

@jkhelil jkhelil Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a sentence that this applies to attestations only (in-toto / DSSE-wrapped SLSA); simplesigning (OCI image signature via simplesigning format) does not currently embed the bundle. Without this, users may set up Fulcio+Rekor+OCI storage, observe that cosign verify (not verify-attestation) doesn't find the bundle, and be confused.


> **Note:** If the Rekor upload fails (e.g. due to a transient network error), attestation storage still proceeds but the bundle annotation will be absent. Consumers that rely on the bundle for offline verification will silently receive an attestation without it.

## Keyless Signing Mode

Chains also supports a keyless signing mode with
Expand Down
55 changes: 37 additions & 18 deletions pkg/chains/signing.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

"github.com/hashicorp/go-multierror"
intoto "github.com/in-toto/attestation/go/v1"
cbundle "github.com/sigstore/cosign/v2/pkg/cosign/bundle"
"github.com/tektoncd/chains/pkg/artifacts"
"github.com/tektoncd/chains/pkg/chains/annotations"
"github.com/tektoncd/chains/pkg/chains/formats"
Expand Down Expand Up @@ -142,6 +143,18 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
// Extract all the "things" to be signed.
// We might have a few of each type (several binaries, or images)
objects := signableType.ExtractObjects(ctx, tektonObj)

// Create the Rekor client once before iterating over objects since it is
// stateless and config-driven.
var tlogClient rekorClient
if shouldUploadTlog(cfg, tektonObj) {
var err error
tlogClient, err = getRekor(cfg.Transparency.URL)
if err != nil {
return err
}
}

// Go through each object one at a time.
for _, obj := range objects {

Expand Down Expand Up @@ -186,6 +199,29 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
}
measureMetrics(ctx, metrics.SignedMessagesCount, o.Recorder)

// Upload to Rekor before storage so the bundle is available for OCI attestation annotations.
// On upload failure, storage proceeds but the bundle annotation will be absent —
// consumers that rely on the bundle for offline verification will get an attestation without it.
var rekorBundle *cbundle.RekorBundle
if tlogClient != nil {
entry, err := tlogClient.UploadTlog(ctx, signer, signature, rawPayload, signer.Cert(), string(payloadFormat))
if err != nil {
logger.Warnf("error uploading entry to tlog: %v", err)

@jkhelil jkhelil Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PLease document this behaviour, if an error occur, it doesnt block storage but bundle will be unavailable." Consumers that rely on the bundle annotation being present will silently get an attestation without a bundle.

o.recordError(ctx, signableType, metrics.TlogError)
merr = multierror.Append(merr, err)
} else {
logger.Infof("Uploaded entry to %s with index %d", cfg.Transparency.URL, *entry.LogIndex)
extraAnnotations[annotations.ChainsTransparencyAnnotation] = fmt.Sprintf("%s/api/v1/log/entries?logIndex=%d", cfg.Transparency.URL, *entry.LogIndex)
rekorBundle = cbundle.EntryToBundle(entry)
if rekorBundle != nil {
logger.Infof("Resolved Rekor bundle for offline verification (logIndex: %d)", rekorBundle.Payload.LogIndex)
} else {
logger.Warn("Rekor entry missing verification data, skipping bundle for offline verification")
}
measureMetrics(ctx, metrics.PayloadUploadedCount, o.Recorder)
}
}

// Now store those!
for _, backend := range sets.List[string](signableType.StorageBackend(cfg)) {
b, ok := o.Backends[backend]
Expand All @@ -203,6 +239,7 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
Cert: signer.Cert(),
Chain: signer.Chain(),
PayloadFormat: payloadFormat,
RekorBundle: rekorBundle,
}
if err := b.StorePayload(ctx, tektonObj, rawPayload, string(signature), storageOpts); err != nil {
logger.Error(err)
Expand All @@ -213,24 +250,6 @@ func (o *ObjectSigner) Sign(ctx context.Context, tektonObj objects.TektonObject)
}
}

if shouldUploadTlog(cfg, tektonObj) {
rekorClient, err := getRekor(cfg.Transparency.URL)
if err != nil {
return err
}

entry, err := rekorClient.UploadTlog(ctx, signer, signature, rawPayload, signer.Cert(), string(payloadFormat))
if err != nil {
logger.Warnf("error uploading entry to tlog: %v", err)
o.recordError(ctx, signableType, metrics.TlogError)
merr = multierror.Append(merr, err)
} else {
logger.Infof("Uploaded entry to %s with index %d", cfg.Transparency.URL, *entry.LogIndex)
extraAnnotations[annotations.ChainsTransparencyAnnotation] = fmt.Sprintf("%s/api/v1/log/entries?logIndex=%d", cfg.Transparency.URL, *entry.LogIndex)
measureMetrics(ctx, metrics.PayloadUploadedCount, o.Recorder)
}
}

}
if merr.ErrorOrNil() != nil {
if retryErr := annotations.HandleRetry(ctx, tektonObj, o.Pipelineclientset, extraAnnotations); retryErr != nil {
Expand Down
5 changes: 4 additions & 1 deletion pkg/chains/signing/iface.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ limitations under the License.
package signing

import (
"github.com/sigstore/cosign/v2/pkg/cosign/bundle"
"github.com/sigstore/sigstore/pkg/signature"
)

Expand All @@ -39,6 +40,8 @@ type Bundle struct {
Signature []byte
// Cert is an optional PEM encoded x509 certificate, if one was used for signing.
Cert []byte
// Cert is an optional PEM encoded x509 certificate chain, if one was used for signing.
// Chain is an optional PEM encoded x509 certificate chain, if one was used for signing.
Chain []byte
// RekorBundle is an optional Rekor transparency log bundle, populated when transparency is enabled.
RekorBundle *bundle.RekorBundle
}
Loading
Loading