-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cosign signature verification for plugin inventory image to ensur…
…e integrity of plugins -Added signature verification of plugin inventory(DB) image to ensure the integrity of plugin downloaded and installed from the repository - Also embedded the default public key in the CLI required to verify the cosign signature - If the signature verification fails, CLI would show the warning message but would not throw error and users can choose to skip this validation by setting the environment variable TANZU_CLI_PLUGIN_DISCOVERY_IMAGE_SIGNATURE_VERIFICATION_SKIP_LIST with the discovery image url. User can also choose to suppress signature verification failure warning by setting TANZU_CLI_SUPPRESS_SKIP_SIGNATURE_VERIFICATION_WARNING to true. Signed-off-by: Prem Kumar Kalle <pkalle@vmware.com>
- Loading branch information
Showing
11 changed files
with
1,467 additions
and
386 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.