From 635160a488d6e21cc8c82cee62f7fb9b8e53f1c6 Mon Sep 17 00:00:00 2001 From: Tom Wieczorek Date: Mon, 19 Feb 2024 18:40:56 +0100 Subject: [PATCH] Bump cosign to v2.2.3 https://github.com/sigstore/cosign/releases/tag/v2.2.1 https://github.com/sigstore/cosign/releases/tag/v2.2.2 https://github.com/sigstore/cosign/releases/tag/v2.2.3 (Addresses CVE-2023-46737) Signed-off-by: Tom Wieczorek --- .github/workflows/release.yml | 8 ++++---- Makefile | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 58b474aadac7..cbf372b5deb4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -87,7 +87,7 @@ jobs: COSIGN_KEY: ${{ secrets.COSIGN_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | - curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-amd64 + curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.3/cosign-linux-amd64 chmod +x ./cosign COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false --output-file=k0s.sig k0s cat k0s.sig @@ -163,7 +163,7 @@ jobs: COSIGN_KEY: ${{ secrets.COSIGN_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | - curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-amd64 + curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.3/cosign-linux-amd64 chmod +x ./cosign COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false --output-file=k0s.exe.sig k0s.exe cat k0s.exe.sig @@ -231,7 +231,7 @@ jobs: COSIGN_KEY: ${{ secrets.COSIGN_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | - curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-arm64 + curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.3/cosign-linux-arm64 chmod +x ./cosign COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false --output-file=k0s.sig k0s cat k0s.sig @@ -332,7 +332,7 @@ jobs: COSIGN_KEY: ${{ secrets.COSIGN_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | - curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-arm + curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.3/cosign-linux-arm chmod +x ./cosign COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false --output-file=k0s.sig k0s cat k0s.sig diff --git a/Makefile b/Makefile index 464c495e4e2b..cc4852b81b5f 100644 --- a/Makefile +++ b/Makefile @@ -307,7 +307,7 @@ sign-sbom: sbom/spdx.json -v "$(CURDIR):/k0s" \ -v "$(CURDIR)/sbom:/out" \ -e COSIGN_PASSWORD="$(COSIGN_PASSWORD)" \ - gcr.io/projectsigstore/cosign:v2.2.0 \ + gcr.io/projectsigstore/cosign:v2.2.3 \ sign-blob \ --key /k0s/cosign.key \ --tlog-upload=false \ @@ -319,6 +319,6 @@ sign-pub-key: -v "$(CURDIR):/k0s" \ -v "$(CURDIR)/sbom:/out" \ -e COSIGN_PASSWORD="$(COSIGN_PASSWORD)" \ - gcr.io/projectsigstore/cosign:v2.2.0 \ + gcr.io/projectsigstore/cosign:v2.2.3 \ public-key \ --key /k0s/cosign.key --output-file /out/cosign.pub