Merge pull request #96 from docker/chore-update-dev-root

chore: update dev root

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.1
 	github.com/aws/aws-sdk-go-v2/config v1.27.26
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
-	github.com/containerd/containerd v1.7.19
+	github.com/containerd/platforms v0.2.1
 	github.com/distribution/reference v0.6.0
 	github.com/go-openapi/runtime v0.28.0
 	github.com/go-openapi/strfmt v0.23.0
@@ -20,17 +20,19 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0
 	github.com/sigstore/cosign/v2 v2.2.4
 	github.com/sigstore/rekor v1.3.6
-	github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.6
-	github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.6
+	github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.7
+	github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7
 	github.com/stretchr/testify v1.9.0
-	github.com/testcontainers/testcontainers-go v0.32.0
 	github.com/testcontainers/testcontainers-go/modules/registry v0.32.0
-	github.com/theupdateframework/go-tuf/v2 v2.0.0-20240504210453-5a634eb214ae // for https://github.com/theupdateframework/go-tuf/pull/632
+	github.com/theupdateframework/go-tuf/v2 v2.0.0
 	google.golang.org/api v0.188.0
 	gopkg.in/yaml.v3 v3.0.1
 	sigs.k8s.io/yaml v1.4.0
 )
 
+// fork of a fork (in case it goes away) with changes to support ArtifactType (https://github.com/google/go-containerregistry/pull/1931)
+replace github.com/google/go-containerregistry v0.20.0 => github.com/kipz/go-containerregistry v0.0.0-20240722163910-ebe90246535d
+
 require (
 	cloud.google.com/go v0.115.0 // indirect
 	cloud.google.com/go/auth v0.7.0 // indirect
@@ -57,7 +59,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.24.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.34.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.35.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.22.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
@@ -67,8 +69,8 @@ require (
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.3.8 // indirect
+	github.com/containerd/containerd v1.7.19 // indirect
 	github.com/containerd/log v0.1.0 // indirect
-	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
@@ -86,7 +88,7 @@ require (
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
@@ -159,6 +161,7 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
+	github.com/testcontainers/testcontainers-go v0.32.0 // indirect
 	github.com/theupdateframework/go-tuf v0.7.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect

go.sum

@@ -102,8 +102,8 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g=
-github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go v1.54.16 h1:+B9zGaVwOUU6AO9Sy99VjTMDPthWx10HjB08hjaBHIc=
+github.com/aws/aws-sdk-go v1.54.16/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
 github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
 github.com/aws/aws-sdk-go-v2/config v1.27.26 h1:T1kAefbKuNum/AbShMsZEro6eRkeOT8YILfE9wyjAYQ=
@@ -126,8 +126,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvG
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII=
-github.com/aws/aws-sdk-go-v2/service/kms v1.34.1 h1:VsKBn6WADI3Nn3WjBMzeRww9WHXeVLi7zyuSrqjRCBQ=
-github.com/aws/aws-sdk-go-v2/service/kms v1.34.1/go.mod h1:5F6kXrPBxv0l1t8EO44GuG4W82jGJwaRE0B+suEGnNY=
+github.com/aws/aws-sdk-go-v2/service/kms v1.35.1 h1:0gP2OJJT6HM2BYltZ9x+A87OE8LJL96DXeAAdLv3t1M=
+github.com/aws/aws-sdk-go-v2/service/kms v1.35.1/go.mod h1:hGONorZkQCfR5DW6l2xdy7zC8vfO0r9pJlwyg6gmGeo=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.3 h1:Fv1vD2L65Jnp5QRsdiM64JvUM4Xe+E0JyVsRQKv6IeA=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.3/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE=
@@ -259,8 +259,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
 github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
-github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
-github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
+github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -344,8 +344,6 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg=
-github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
 github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@@ -417,6 +415,8 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kipz/go-containerregistry v0.0.0-20240722163910-ebe90246535d h1:5QaWAwKhslfqxEyMZY0ofvsbMJkMLcx5E30JFufMVj8=
+github.com/kipz/go-containerregistry v0.0.0-20240722163910-ebe90246535d/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
@@ -561,12 +561,12 @@ github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=
 github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc=
 github.com/sigstore/sigstore v1.8.6 h1:g066b/Nw5r5oxhNv4XqJUUzVcyf1b07itUueiQe7rZM=
 github.com/sigstore/sigstore v1.8.6/go.mod h1:UOBrJd9JBQ81DrkpGljzsIFXEtfC30raHvLWFWG857U=
-github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.6 h1:uVcT1JT4lLkmBQII25PvgP/nyvi4HvTMNXzoHqQqEHE=
-github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.6/go.mod h1:VJ/745ojKNQKbZ1ykO5Vebtnq9vGt8zcgKemQIibBIE=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.7 h1:SoahswHQm2JhO8h3KTAeX8IZeE7mSR2Lc53ay5choes=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.7/go.mod h1:TOVOPOqldrrz4dP7x4/0DFQTs9QSXZUoHu21+JHmixA=
 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.3 h1:xgbPRCr2npmmsuVVteJqi/ERw9+I13Wou7kq0Yk4D8g=
 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.3/go.mod h1:G4+I83FILPX6MtnoaUdmv/bRGEVtR3JdLeJa/kXdk/0=
-github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.6 h1:CFtW7RIQ4fOtBzl+1YAnAmcACL4B+Qr/S7PXPdJ+54s=
-github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.6/go.mod h1:rhX2eca5kAqUTwQxQLMnOLmvSxbqF9JZ3rFOoDpQX5w=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 h1:zYg1XlbKpQkmE7FpWTkLuUn7RttLAq4FcZ1G9JcqhoY=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7/go.mod h1:VmUsO1R4OHuyHBEgI4bbSUn0z2nojszrDMvlDxyX/dE=
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.3 h1:h9G8j+Ds21zqqulDbA/R/ft64oQQIyp8S7wJYABYSlg=
 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.3/go.mod h1:zgCeHOuqF6k7A7TTEvftcA9V3FRzB7mrPtHOhXAQBnc=
 github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE=
@@ -617,8 +617,8 @@ github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gt
 github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
 github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI=
 github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug=
-github.com/theupdateframework/go-tuf/v2 v2.0.0-20240504210453-5a634eb214ae h1:Cb5/8rY0k9oB+SigleRtEP5BeQ3PZQGX051cFIyBNaM=
-github.com/theupdateframework/go-tuf/v2 v2.0.0-20240504210453-5a634eb214ae/go.mod h1:LJo5jrV0LYV0jVSbCjPem6+0zrkPz8FnimzIECzsFDY=
+github.com/theupdateframework/go-tuf/v2 v2.0.0 h1:rD8d9RotYBprZVgC+9oyTZ5MmawepnTSTqoDuxjWgbs=
+github.com/theupdateframework/go-tuf/v2 v2.0.0/go.mod h1:baB22nBHeHBCeuGZcIlctNq4P61PcOdyARlplg5xmLA=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=

internal/embed/embedded-roots/1.root-dev.json

@@ -1,42 +1,42 @@
 {
  "signatures": [
   {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": "3064023037bbb03c3472b140572a7d5a2895bd80e74435bbcb7053949731f81b104c6d05a0876590cd6a2e94d7ed619426a2f6fa02303adc8c9006fa5506fdd7ea87d2960074a537ad8bf2459f2863e806b47682cbb2f9b01b7502eaf5437a1a68fdaaeac114"
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": "3065023000f7d0a866576e94eaabc173b9233d4c8fcfa495527088f9022dff5a553f7a457da1015a6d0fc714f84848ec627387360231009fa70b2eebbe15241a2ec9b96a094ebd28661e30b8c3d1eab8d694df2b340bda511c489393630c9a9dacde42c99e9fa1"
   }
  ],
  "signed": {
   "_type": "root",
   "consistent_snapshot": true,
-  "expires": "2034-04-02T17:00:22Z",
+  "expires": "2034-05-29T20:14:11Z",
   "keys": {
-   "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
-    "keytype": "ecdsa",
-    "keyval": {
-     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
-    },
-    "scheme": "ecdsa-sha2-nistp256",
-    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
-   },
-   "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
+   "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221": {
     "keytype": "ecdsa",
     "keyval": {
      "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
     },
     "scheme": "ecdsa-sha2-nistp384",
     "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+   },
+   "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5": {
+    "keytype": "ecdsa",
+    "keyval": {
+     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
+    },
+    "scheme": "ecdsa-sha2-nistp256",
+    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
    }
   },
   "roles": {
    "root": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "snapshot": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,
@@ -44,13 +44,13 @@
    },
    "targets": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "timestamp": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,

internal/test/mocks.go

@@ -0,0 +1,64 @@
+package test
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+
+	"github.com/docker/attest/pkg/attestation"
+	"github.com/docker/attest/pkg/oci"
+	"github.com/docker/attest/pkg/signerverifier"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/secure-systems-lab/go-securesystemslib/dsse"
+)
+
+type MockResolver struct {
+	Envs []*attestation.Envelope
+}
+
+func (r MockResolver) Attestations(ctx context.Context, mediaType string) ([]*attestation.Envelope, error) {
+	return r.Envs, nil
+}
+
+func (r MockResolver) ImageName(ctx context.Context) (string, error) {
+	return "library/alpine:latest", nil
+}
+
+func (r MockResolver) ImageDescriptor(ctx context.Context) (*v1.Descriptor, error) {
+	digest, err := v1.NewHash("sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620")
+	if err != nil {
+		return nil, err
+	}
+	return &v1.Descriptor{
+		Digest:    digest,
+		Size:      1234,
+		MediaType: "application/vnd.oci.image.manifest.v1+json",
+	}, nil
+
+}
+
+func (r MockResolver) ImagePlatform(ctx context.Context) (*v1.Platform, error) {
+	return oci.ParsePlatform("linux/amd64")
+}
+
+type MockRegistryResolver struct {
+	Subject      *v1.Descriptor
+	ImageNameStr string
+	*MockResolver
+}
+
+func (r *MockRegistryResolver) ImageDescriptor(ctx context.Context) (*v1.Descriptor, error) {
+	return r.Subject, nil
+}
+
+func (r *MockRegistryResolver) ImageName(ctx context.Context) (string, error) {
+	return r.ImageNameStr, nil
+}
+
+func GetMockSigner(ctx context.Context) (dsse.SignerVerifier, error) {
+	priv, err := os.ReadFile(filepath.Join("..", "..", "test", "testdata", "test-signing-key.pem"))
+	if err != nil {
+		return nil, err
+	}
+	return signerverifier.LoadKeyPair(priv)
+}

internal/test/test.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"
 	"testing"
 
@@ -82,14 +81,6 @@ func Setup(t *testing.T) (context.Context, dsse.SignerVerifier) {
 	return ctx, signer
 }
 
-func GetMockSigner(ctx context.Context) (dsse.SignerVerifier, error) {
-	priv, err := os.ReadFile(filepath.Join("..", "..", "test", "testdata", "test-signing-key.pem"))
-	if err != nil {
-		return nil, err
-	}
-	return signerverifier.LoadKeyPair(priv)
-}
-
 type AnnotatedStatement struct {
 	OCIDescriptor   *v1.Descriptor
 	InTotoStatement *intoto.Statement

pkg/attest/example_sign_test.go

@@ -13,7 +13,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/mutate"
 )
 
-func ExampleSign_remote() {
+func ExampleSignStatements_remote() {
 	// configure signerverifier
 	// local signer (unsafe for production)
 	signer, err := signerverifier.GenKeyPair()
@@ -27,7 +27,7 @@ func ExampleSign_remote() {
 
 	// configure signing options
 	opts := &attestation.SigningOptions{
-		Replace: true, // replace unsigned intoto statements with signed intoto attestations, otherwise leave in place
+		SkipTL: true, // skip trust logging to a transparency log
 	}
 
 	// load image index with unsigned attestation-manifests
@@ -49,7 +49,7 @@ func ExampleSign_remote() {
 		panic(err)
 	}
 	signedIndex := attIdx.Index
-	signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)
 	if err != nil {
 		panic(err)
 	}

pkg/attest/sign.go

@@ -18,8 +18,11 @@ func SignStatements(ctx context.Context, idx v1.ImageIndex, signer dsse.SignerVe
 	}
 	// sign every attestation layer in each manifest
 	for _, manifest := range attestationManifests {
-		for _, layer := range manifest.Attestation.Layers {
-			manifest.AddAttestation(ctx, signer, layer.Statement, opts)
+		for _, layer := range manifest.OriginalLayers {
+			err = manifest.AddAttestation(ctx, signer, layer.Statement, opts)
+			if err != nil {
+				return nil, fmt.Errorf("failed to sign attestation layer %w", err)
+			}
 		}
 	}
 	return attestationManifests, nil

pkg/attest/sign_test.go

@@ -2,13 +2,18 @@ package attest
 
 import (
 	"encoding/json"
+	"fmt"
+	"net/http/httptest"
+	"net/url"
 	"path/filepath"
 	"testing"
 
 	"github.com/docker/attest/internal/test"
 	"github.com/docker/attest/pkg/attestation"
+	"github.com/docker/attest/pkg/mirror"
 	"github.com/docker/attest/pkg/oci"
 	"github.com/docker/attest/pkg/policy"
+	"github.com/google/go-containerregistry/pkg/registry"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/layout"
@@ -53,15 +58,13 @@ func TestSignVerifyOCILayout(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			outputLayout := test.CreateTempDir(t, "", TestTempDir)
-			opts := &attestation.SigningOptions{
-				Replace: tc.replace,
-			}
+			opts := &attestation.SigningOptions{}
 			attIdx, err := oci.IndexFromPath(tc.TestImage)
 			require.NoError(t, err)
 			signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts)
 			require.NoError(t, err)
 			signedIndex := attIdx.Index
-			signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+			signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests, attestation.WithReplacedLayers(tc.replace))
 			require.NoError(t, err)
 			// output signed attestations
 			idx := v1.ImageIndex(empty.Index)
@@ -102,6 +105,7 @@ func TestSignVerifyOCILayout(t *testing.T) {
 }
 
 func TestAddSignedLayerAnnotations(t *testing.T) {
+	ctx, signer := test.Setup(t)
 	testCases := []struct {
 		name    string
 		replace bool
@@ -115,27 +119,30 @@ func TestAddSignedLayerAnnotations(t *testing.T) {
 			data := []byte("signed")
 			testLayer := static.NewLayer(data, types.MediaType(intoto.PayloadType))
 			mediaType := types.OCIManifestSchema1
-			opts := &attestation.SigningOptions{
-				Replace: tc.replace,
-			}
+			opts := &attestation.SigningOptions{}
 			originalLayer := &attestation.AttestationLayer{
-				Layer:       testLayer,
-				Statement:   &intoto.Statement{},
+				Layer: testLayer,
+				Statement: &intoto.Statement{
+					StatementHeader: intoto.StatementHeader{
+						PredicateType: attestation.VSAPredicateType,
+					},
+				},
 				Annotations: map[string]string{"test": "test"},
 			}
 
 			manifest := &attestation.AttestationManifest{
-				MediaType: mediaType,
-				Attestation: &attestation.AttestationImage{
-					Image: empty.Image,
-					Layers: []*attestation.AttestationLayer{
-						originalLayer,
-					},
+				OriginalDescriptor: &v1.Descriptor{
+					MediaType: mediaType,
+				},
+				OriginalLayers: []*attestation.AttestationLayer{
+					originalLayer,
 				},
 				SubjectDescriptor: &v1.Descriptor{},
 			}
-			err := manifest.AddOrReplaceLayer(originalLayer, opts)
-			newImg := manifest.Attestation.Image
+			err := manifest.AddAttestation(ctx, signer, originalLayer.Statement, opts)
+			require.NoError(t, err)
+
+			newImg, err := manifest.BuildAttestationImage(attestation.WithReplacedLayers(tc.replace))
 			require.NoError(t, err)
 			mf, _ := newImg.RawManifest()
 			type Annotations struct {
@@ -152,3 +159,88 @@ func TestAddSignedLayerAnnotations(t *testing.T) {
 		})
 	}
 }
+
+func TestSimpleStatementSigning(t *testing.T) {
+	ctx, signer := test.Setup(t)
+	empty := types.MediaType("application/vnd.oci.empty.v1+json")
+	testCases := []struct {
+		name    string
+		replace bool
+	}{
+		{"replaced", true},
+		{"not replaced", false},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			opts := &attestation.SigningOptions{}
+			statement := &intoto.Statement{
+				StatementHeader: intoto.StatementHeader{
+					PredicateType: attestation.VSAPredicateType,
+				},
+			}
+			statement2 := &intoto.Statement{
+				StatementHeader: intoto.StatementHeader{
+					PredicateType: attestation.VSAPredicateType,
+				},
+			}
+			digest, err := v1.NewHash("sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620")
+			require.NoError(t, err)
+			subject := &v1.Descriptor{
+				MediaType: "application/vnd.oci.image.manifest.v1+json",
+				Digest:    digest,
+			}
+			manifest, err := NewAttestationManifest(subject)
+			require.NoError(t, err)
+			err = manifest.AddAttestation(ctx, signer, statement, opts)
+			require.NoError(t, err)
+
+			err = manifest.AddAttestation(ctx, signer, statement2, opts)
+			require.NoError(t, err)
+
+			// fake that the manfifest was loaded from a real image
+			manifest.OriginalLayers = manifest.SignedLayers
+			envelopes, err := oci.ExtractEnvelopes(manifest, attestation.VSAPredicateType)
+			require.NoError(t, err)
+			assert.Len(t, envelopes, 2)
+
+			newImg, err := manifest.BuildAttestationImage(attestation.WithReplacedLayers(tc.replace))
+			require.NoError(t, err)
+			layers, err := newImg.Layers()
+			require.NoError(t, err)
+			if tc.replace {
+				assert.Len(t, layers, 2)
+			} else {
+				assert.Len(t, layers, 4)
+			}
+
+			newImgs, err := manifest.BuildReferringArtifacts()
+			require.NoError(t, err)
+			assert.Len(t, newImgs, 2)
+			for _, img := range newImgs {
+				mf, err := img.Manifest()
+				require.NoError(t, err)
+				assert.Contains(t, mf.ArtifactType, "application/vnd.in-toto")
+				assert.Contains(t, mf.ArtifactType, "+dsse")
+				assert.Equal(t, subject.MediaType, mf.MediaType)
+				assert.Equal(t, empty, mf.Config.MediaType)
+				assert.Equal(t, int64(2), mf.Config.Size)
+				assert.Equal(t, "{}", string(mf.Config.Data))
+				layers, err := img.Layers()
+				require.NoError(t, err)
+				assert.Len(t, layers, 1)
+			}
+			server := httptest.NewServer(registry.New(registry.WithReferrersSupport(true)))
+			defer server.Close()
+
+			u, err := url.Parse(server.URL)
+			require.NoError(t, err)
+
+			indexName := fmt.Sprintf("%s/repo:root", u.Host)
+			output, err := oci.ParseImageSpecs(indexName)
+			require.NoError(t, err)
+			err = mirror.SaveReferrers(manifest, output)
+			require.NoError(t, err)
+		})
+	}
+}

pkg/attest/types.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/docker/attest/pkg/policy"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 )
 
@@ -27,9 +28,10 @@ func (o Outcome) StringForVSA() (string, error) {
 }
 
 type VerificationResult struct {
-	Outcome    Outcome
-	Policy     *policy.Policy
-	Input      *policy.PolicyInput
-	VSA        *intoto.Statement
-	Violations []policy.Violation
+	Outcome           Outcome
+	Policy            *policy.Policy
+	Input             *policy.PolicyInput
+	VSA               *intoto.Statement
+	Violations        []policy.Violation
+	SubjectDescriptor *v1.Descriptor
 }

pkg/attest/verify.go

@@ -11,6 +11,7 @@ import (
 	"github.com/docker/attest/pkg/config"
 	"github.com/docker/attest/pkg/oci"
 	"github.com/docker/attest/pkg/policy"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 )
 
@@ -60,7 +61,7 @@ func Verify(ctx context.Context, src *oci.ImageSpec, opts *policy.PolicyOptions)
 	return result, nil
 }
 
-func ToPolicyResult(p *policy.Policy, input *policy.PolicyInput, result *policy.Result) (*VerificationResult, error) {
+func toVerificationResult(p *policy.Policy, input *policy.PolicyInput, result *policy.Result) (*VerificationResult, error) {
 	dgst, err := oci.SplitDigest(input.Digest)
 	if err != nil {
 		return nil, fmt.Errorf("failed to split digest: %w", err)
@@ -112,10 +113,11 @@ func ToPolicyResult(p *policy.Policy, input *policy.PolicyInput, result *policy.
 }
 
 func VerifyAttestations(ctx context.Context, resolver oci.AttestationResolver, pctx *policy.Policy) (*VerificationResult, error) {
-	digest, err := resolver.ImageDigest(ctx)
+	desc, err := resolver.ImageDescriptor(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get image digest: %w", err)
+		return nil, fmt.Errorf("failed to get image descriptor: %w", err)
 	}
+	digest := desc.Digest.String()
 	name, err := resolver.ImageName(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get image name: %w", err)
@@ -155,5 +157,20 @@ func VerifyAttestations(ctx context.Context, resolver oci.AttestationResolver, p
 	if err != nil {
 		return nil, fmt.Errorf("policy evaluation failed: %w", err)
 	}
-	return ToPolicyResult(pctx, input, result)
+	verificationResult, err := toVerificationResult(pctx, input, result)
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert to policy result: %w", err)
+	}
+	verificationResult.SubjectDescriptor = desc
+	return verificationResult, nil
+}
+
+func NewAttestationManifest(subject *v1.Descriptor) (*attestation.AttestationManifest, error) {
+	return &attestation.AttestationManifest{
+		OriginalDescriptor: &v1.Descriptor{
+			MediaType: "application/vnd.oci.image.manifest.v1+json",
+		},
+		OriginalLayers:    []*attestation.AttestationLayer{},
+		SubjectDescriptor: subject,
+	}, nil
 }

pkg/attest/verify_test.go

@@ -36,7 +36,7 @@ func TestVerifyAttestations(t *testing.T) {
 	var env = new(attestation.Envelope)
 	err = json.Unmarshal(ex, env)
 	assert.NoError(t, err)
-	resolver := &oci.MockResolver{
+	resolver := &test.MockResolver{
 		Envs: []*attestation.Envelope{env},
 	}
 
@@ -77,15 +77,13 @@ func TestVSA(t *testing.T) {
 	// setup an image with signed attestations
 	outputLayout := test.CreateTempDir(t, "", TestTempDir)
 
-	opts := &attestation.SigningOptions{
-		Replace: true,
-	}
+	opts := &attestation.SigningOptions{}
 	attIdx, err := oci.IndexFromPath(UnsignedTestImage)
 	assert.NoError(t, err)
 	signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts)
 	require.NoError(t, err)
 	signedIndex := attIdx.Index
-	signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)
 	require.NoError(t, err)
 
 	// output signed attestations
@@ -136,15 +134,13 @@ func TestVerificationFailure(t *testing.T) {
 	// setup an image with signed attestations
 	outputLayout := test.CreateTempDir(t, "", TestTempDir)
 
-	opts := &attestation.SigningOptions{
-		Replace: true,
-	}
+	opts := &attestation.SigningOptions{}
 	attIdx, err := oci.IndexFromPath(UnsignedTestImage)
 	assert.NoError(t, err)
 	signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts)
 	require.NoError(t, err)
 	signedIndex := attIdx.Index
-	signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests, attestation.WithReplacedLayers(true))
 	require.NoError(t, err)
 
 	// output signed attestations
@@ -215,14 +211,13 @@ func TestSignVerify(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			opts := &attestation.SigningOptions{
-				Replace: true,
-				SkipTL:  tc.signTL,
+				SkipTL: tc.signTL,
 			}
 
 			signedManifests, err := SignStatements(ctx, attIdx.Index, signer, opts)
 			require.NoError(t, err)
 			signedIndex := attIdx.Index
-			signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+			signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests, attestation.WithReplacedLayers(true))
 			require.NoError(t, err)
 
 			imageName := tc.imageName

pkg/attestation/attestation.go

@@ -29,15 +29,15 @@ func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]*AttestationManife
 	}
 
 	var attestationManifests []*AttestationManifest
-	for _, manifest := range idx.Manifests {
-		if manifest.Annotations[DockerReferenceType] == AttestationManifestType {
-			subject := subjects[manifest.Annotations[DockerReferenceDigest]]
+	for _, desc := range idx.Manifests {
+		if desc.Annotations[DockerReferenceType] == AttestationManifestType {
+			subject := subjects[desc.Annotations[DockerReferenceDigest]]
 			if subject == nil {
 				return nil, fmt.Errorf("failed to find subject for attestation manifest: %w", err)
 			}
-			attestationImage, err := index.Image(manifest.Digest)
+			attestationImage, err := index.Image(desc.Digest)
 			if err != nil {
-				return nil, fmt.Errorf("failed to extract attestation image with digest %s: %w", manifest.Digest.String(), err)
+				return nil, fmt.Errorf("failed to extract attestation image with digest %s: %w", desc.Digest.String(), err)
 			}
 			attestationLayers, err := GetAttestationsFromImage(attestationImage)
 			if err != nil {
@@ -45,14 +45,9 @@ func GetAttestationManifestsFromIndex(index v1.ImageIndex) ([]*AttestationManife
 			}
 			attestationManifests = append(attestationManifests,
 				&AttestationManifest{
-					Descriptor:        &manifest,
-					SubjectDescriptor: subject,
-					Attestation: &AttestationImage{
-						Layers: attestationLayers,
-						Image:  attestationImage},
-					MediaType:   manifest.MediaType,
-					Annotations: manifest.Annotations,
-					Digest:      manifest.Digest})
+					OriginalDescriptor: &desc,
+					SubjectDescriptor:  subject,
+					OriginalLayers:     attestationLayers})
 		}
 	}
 	return attestationManifests, nil
@@ -90,7 +85,7 @@ func GetAttestationsFromImage(image v1.Image) ([]*AttestationLayer, error) {
 				return nil, fmt.Errorf("failed to decode statement layer contents: %w", err)
 			}
 		}
-		attestationLayers = append(attestationLayers, &AttestationLayer{Layer: layer, MediaType: mt, Statement: stmt, Annotations: ann})
+		attestationLayers = append(attestationLayers, &AttestationLayer{Layer: layer, Statement: stmt, Annotations: ann})
 	}
 	return attestationLayers, nil
 }
@@ -100,17 +95,11 @@ func (manifest *AttestationManifest) AddAttestation(ctx context.Context, signer
 	if err != nil {
 		return fmt.Errorf("failed to create signed layer: %w", err)
 	}
-	newImg, newDesc, err := addLayerToImage(manifest, layer, opts)
-	if err != nil {
-		return fmt.Errorf("failed to add signed layers to image: %w", err)
-	}
-	manifest.Attestation.Image = newImg
-	manifest.Descriptor = newDesc
+	manifest.SignedLayers = append(manifest.SignedLayers, layer)
 	return nil
 }
 
 func createSignedImageLayer(ctx context.Context, statement *intoto.Statement, signer dsse.SignerVerifier, opts *SigningOptions) (*AttestationLayer, error) {
-
 	// sign the statement
 	env, err := SignInTotoStatement(ctx, statement, signer, opts)
 	if err != nil {
@@ -127,7 +116,6 @@ func createSignedImageLayer(ctx context.Context, statement *intoto.Statement, si
 	}
 	return &AttestationLayer{
 		Statement: statement,
-		MediaType: types.MediaType(intoto.PayloadType),
 		Annotations: map[string]string{
 			InTotoPredicateType:           statement.PredicateType,
 			InTotoReferenceLifecycleStage: LifecycleStageExperimental,
@@ -148,104 +136,189 @@ func SignInTotoStatement(ctx context.Context, statement *intoto.Statement, signe
 	return env, nil
 }
 
-func addLayerToImage(
-	manifest *AttestationManifest,
-	layer *AttestationLayer,
-	opts *SigningOptions) (v1.Image, *v1.Descriptor, error) {
-
-	err := manifest.AddOrReplaceLayer(layer, opts)
-
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to add signed layers: %w", err)
-	}
-	newImg := manifest.Attestation.Image
-	if !opts.SkipSubject {
-		newImg = mutate.Subject(newImg, *manifest.SubjectDescriptor).(v1.Image)
-	}
-	newDesc, err := partial.Descriptor(newImg)
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to get descriptor: %w", err)
-	}
-	cf, err := manifest.Attestation.Image.ConfigFile()
-	if err != nil {
-		return nil, nil, fmt.Errorf("failed to get config file: %w", err)
-	}
-	newDesc.Platform = cf.Platform()
-	if newDesc.Platform == nil {
-		newDesc.Platform = &v1.Platform{
-			Architecture: "unknown",
-			OS:           "unknown",
-		}
-	}
-	newDesc.MediaType = manifest.MediaType
-	newDesc.Annotations = manifest.Annotations
-	return newImg, newDesc, nil
-}
-
-// AddOrReplaceLayer adds signed layers to a new or existing attestation image
-// NOTE: the pointers attestation.AttestationLayer.Statement are compared when replacing,
-// so make sure you are signing a layer extracted from the original attestation-manifest image!
-func (manifest *AttestationManifest) AddOrReplaceLayer(signedLayer *AttestationLayer, opts *SigningOptions) error {
-	var err error
-	// always create a new image from all the layers
-	newImg := empty.Image
-	newImg = mutate.Annotations(newImg, map[string]string{
-		DockerReferenceType:   AttestationManifestType,
-		DockerReferenceDigest: manifest.SubjectDescriptor.Digest.String(),
-	}).(v1.Image)
-
-	newImg = mutate.MediaType(newImg, manifest.MediaType)
-	newImg = mutate.ConfigMediaType(newImg, "application/vnd.oci.image.config.v1+json")
-	add := mutate.Addendum{
-		Layer:       signedLayer.Layer,
-		Annotations: signedLayer.Annotations,
-	}
-	newImg, err = mutate.Append(newImg, add)
-	if err != nil {
-		return fmt.Errorf("failed to add signed layer to image: %w", err)
-	}
-	layers := make([]*AttestationLayer, 0)
-	for _, layer := range manifest.Attestation.Layers {
-		if layer.Statement == signedLayer.Statement && opts.Replace {
-			continue
-		}
-		add := mutate.Addendum{
-			Layer:       layer.Layer,
-			Annotations: layer.Annotations,
-		}
-		newImg, err = mutate.Append(newImg, add)
-		layers = append(layers, layer)
-		if err != nil {
-			return fmt.Errorf("failed to add layer to image: %w", err)
-		}
-	}
-	manifest.Attestation.Layers = append(layers, signedLayer)
-	manifest.Attestation.Image = newImg
-	return nil
-}
-
-func AddImageToIndex(
+func UpdateIndexImage(
 	idx v1.ImageIndex,
 	manifest *AttestationManifest,
-) (v1.ImageIndex, error) {
-	idx = mutate.RemoveManifests(idx, match.Digests(manifest.Digest))
+	options ...func(*AttestationManifestImageOptions) error) (v1.ImageIndex, error) {
+	image, err := manifest.BuildAttestationImage(options...)
+
+	if err != nil {
+		return nil, fmt.Errorf("failed to build image: %w", err)
+	}
+	newDesc, err := partial.Descriptor(image)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get descriptor: %w", err)
+	}
+	newDesc.Platform = &v1.Platform{
+		Architecture: "unknown",
+		OS:           "unknown",
+	}
+	newDesc.MediaType = manifest.OriginalDescriptor.MediaType
+	newDesc.Annotations = manifest.OriginalDescriptor.Annotations
+	idx = mutate.RemoveManifests(idx, match.Digests(manifest.OriginalDescriptor.Digest))
 	idx = mutate.AppendManifests(idx, mutate.IndexAddendum{
-		Add:        manifest.Attestation.Image,
-		Descriptor: *manifest.Descriptor,
+		Add:        image,
+		Descriptor: *newDesc,
 	})
 	return idx, nil
 }
 
-func AddImagesToIndex(
-	idx v1.ImageIndex,
-	manifests []*AttestationManifest,
-) (v1.ImageIndex, error) {
-	for _, manifest := range manifests {
-		var err error
-		idx, err = AddImageToIndex(idx, manifest)
+func UpdateIndexImages(idx v1.ImageIndex, manifest []*AttestationManifest, options ...func(*AttestationManifestImageOptions) error) (v1.ImageIndex, error) {
+	var err error
+	for _, m := range manifest {
+		idx, err = UpdateIndexImage(idx, m, options...)
 		if err != nil {
 			return nil, fmt.Errorf("failed to add image to index: %w", err)
 		}
 	}
 	return idx, nil
 }
+
+func newOptions(options ...func(*AttestationManifestImageOptions) error) (*AttestationManifestImageOptions, error) {
+	opts := &AttestationManifestImageOptions{}
+	for _, opt := range options {
+		err := opt(opts)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return opts, nil
+}
+
+func WithoutSubject(skipSubject bool) func(*AttestationManifestImageOptions) error {
+	return func(r *AttestationManifestImageOptions) error {
+		r.skipSubject = skipSubject
+		return nil
+	}
+}
+
+func WithReplacedLayers(replaceLayers bool) func(*AttestationManifestImageOptions) error {
+	return func(r *AttestationManifestImageOptions) error {
+		r.replaceLayers = replaceLayers
+		return nil
+	}
+}
+
+// build an image with signed attestations, optionally replacing existing layers with signed layers
+func (manifest *AttestationManifest) BuildAttestationImage(options ...func(*AttestationManifestImageOptions) error) (v1.Image, error) {
+	opts, err := newOptions(options...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create options: %w", err)
+	}
+	resultLayers := manifest.SignedLayers
+	for _, existingLayer := range manifest.OriginalLayers {
+		var found bool
+		for _, signedLayer := range manifest.SignedLayers {
+			if existingLayer.Statement == signedLayer.Statement {
+				found = true
+				// copy over original annotations
+				for k, v := range existingLayer.Annotations {
+					signedLayer.Annotations[k] = v
+				}
+				break
+			}
+		}
+		//add existing layers if they've not been signed or we're not replacing them
+		if !found || !opts.replaceLayers {
+			resultLayers = append(resultLayers, existingLayer)
+		}
+	}
+	// so taht we attach all attestations to a single attestations image - as per current buildkit
+	opts.laxReferrers = true
+	newImg, err := buildImage(resultLayers, manifest.OriginalDescriptor, manifest.SubjectDescriptor, opts)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build image: %w", err)
+	}
+	return newImg, nil
+}
+
+// build an image per attestation (layer) suitable for use as Referrers
+func (manifest *AttestationManifest) BuildReferringArtifacts() ([]v1.Image, error) {
+	var images []v1.Image
+	for _, layer := range manifest.SignedLayers {
+		opts := &AttestationManifestImageOptions{}
+		newImg, err := buildImage([]*AttestationLayer{layer}, manifest.OriginalDescriptor, manifest.SubjectDescriptor, opts)
+		if err != nil {
+			return nil, fmt.Errorf("failed to build image: %w", err)
+		}
+		images = append(images, newImg)
+	}
+	return images, nil
+}
+
+// build and image containing only layers
+func buildImage(layers []*AttestationLayer, manifest *v1.Descriptor, subject *v1.Descriptor, opts *AttestationManifestImageOptions) (v1.Image, error) {
+	newImg := empty.Image
+	var err error
+	if len(layers) == 0 {
+		return nil, fmt.Errorf("no layers supplied to build image")
+	}
+	// NB: if we add the subject before the layers, it does not end up being computed/serialised in the output for some reason
+	//TODO - recreate this bug and push upstream
+	for _, layer := range layers {
+		add := mutate.Addendum{
+			Layer:       layer.Layer,
+			Annotations: layer.Annotations,
+		}
+		newImg, err = mutate.Append(newImg, add)
+		if err != nil {
+			return nil, fmt.Errorf("failed to add layer to image: %w", err)
+		}
+	}
+
+	// this is for attaching attestations to an attestation image in the index
+	if opts.laxReferrers {
+		newImg = mutate.ConfigMediaType(newImg, "application/vnd.oci.image.config.v1+json")
+	} else {
+		dsseMediatType, err := DSSEMediaType(layers[0].Statement.PredicateType)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get DSSE media type: %w", err)
+		}
+		newImg = mutate.ArtifactType(newImg, dsseMediatType)
+		newImg = mutate.ConfigMediaType(newImg, "application/vnd.oci.empty.v1+json")
+	}
+	// we need to set this even when we set the artifact type otherwise things break (even the go-container-registry client)
+	// even though it's allowed to be empty by spec when setting artifact type
+	newImg = mutate.MediaType(newImg, manifest.MediaType)
+
+	// see note above - must be added after the layers!
+	if !opts.skipSubject {
+		subject.Platform = nil
+		newImg = mutate.Subject(newImg, *subject).(v1.Image)
+	}
+	if !opts.laxReferrers {
+		// as per https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidance-for-an-empty-descriptor
+		newImg = &EmptyConfigImage{newImg}
+	}
+	return newImg, nil
+}
+
+type EmptyConfigImage struct {
+	v1.Image
+}
+
+func (i *EmptyConfigImage) RawConfigFile() ([]byte, error) {
+	return []byte("{}"), nil
+}
+
+func (i *EmptyConfigImage) Manifest() (*v1.Manifest, error) {
+	mf, err := i.Image.Manifest()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get manifest: %w", err)
+	}
+	mf.Config = v1.Descriptor{
+		MediaType: "application/vnd.oci.empty.v1+json",
+		Size:      2,
+		Digest:    v1.Hash{Algorithm: "sha256", Hex: "44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a"},
+		Data:      []byte("{}"),
+	}
+	return mf, nil
+}
+
+func (i *EmptyConfigImage) RawManifest() ([]byte, error) {
+	mf, err := i.Manifest()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get manifest: %w", err)
+	}
+	return json.Marshal(mf)
+}

pkg/attestation/referrers_test.go

@@ -40,7 +40,6 @@ func TestAttestationReferenceTypes(t *testing.T) {
 		name              string
 		server            *httptest.Server
 		referrersServer   *httptest.Server
-		skipSubject       bool
 		useDigest         bool
 		referrersRepo     string
 		attestationSource config.AttestationStyle
@@ -50,16 +49,6 @@ func TestAttestationReferenceTypes(t *testing.T) {
 			name:   "referrers support, defaults",
 			server: httptest.NewServer(registry.New(registry.WithReferrersSupport(true))),
 		},
-		{
-			name:   "no referrers support",
-			server: httptest.NewServer(registry.New()),
-		},
-		{
-			name:              "attached attestations",
-			server:            httptest.NewServer(registry.New(registry.WithReferrersSupport(true))),
-			skipSubject:       true,
-			attestationSource: config.AttestationStyleAttached,
-		},
 		{
 			name:      "use digest",
 			server:    httptest.NewServer(registry.New(registry.WithReferrersSupport(true))),
@@ -102,8 +91,7 @@ func TestAttestationReferenceTypes(t *testing.T) {
 			require.NoError(t, err)
 
 			opts := &attestation.SigningOptions{
-				Replace:     true,
-				SkipSubject: tc.skipSubject,
+				SkipTL: true,
 			}
 			attIdx, err := oci.IndexFromPath(UnsignedTestImage)
 			require.NoError(t, err)
@@ -111,26 +99,27 @@ func TestAttestationReferenceTypes(t *testing.T) {
 			indexName := fmt.Sprintf("%s/repo:root", u.Host)
 			require.NoError(t, err)
 
+			outputRepo := indexName
 			if tc.referrersServer != nil {
 				ru, err := url.Parse(s.URL)
 				require.NoError(t, err)
-				repo := fmt.Sprintf("%s/referrers", ru.Host)
-				tc.referrersRepo = repo
-				signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
-				require.NoError(t, err)
-				err = mirror.PushIndexToRegistry(attIdx.Index, indexName)
-				require.NoError(t, err)
-				for _, img := range signedManifests {
-					err = mirror.PushImageToRegistry(img.Attestation.Image, fmt.Sprintf("%s:tag-does-not-matter", repo))
-					require.NoError(t, err)
-				}
-			} else {
-				signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
-				require.NoError(t, err)
-				signedIndex := attIdx.Index
-				signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
-				require.NoError(t, err)
-				err = mirror.PushIndexToRegistry(signedIndex, indexName)
+				tc.referrersRepo = fmt.Sprintf("%s/referrers", ru.Host)
+				outputRepo = tc.referrersRepo
+			}
+			// sign all the statements in the index
+			signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
+			require.NoError(t, err)
+
+			// push subject image so that it can be resolved
+			require.NoError(t, err)
+			err = mirror.PushIndexToRegistry(attIdx.Index, indexName)
+			require.NoError(t, err)
+
+			// upload referrers
+			output, err := oci.ParseImageSpec(outputRepo)
+			require.NoError(t, err)
+			for _, attIdx := range signedManifests {
+				err = mirror.SaveReferrers(attIdx, []*oci.ImageSpec{output})
 				require.NoError(t, err)
 			}
 
@@ -169,26 +158,23 @@ func TestAttestationReferenceTypes(t *testing.T) {
 				require.NoError(t, err)
 				assert.Equal(t, attest.OutcomeSuccess, results.Outcome)
 
-				if !tc.skipSubject {
-					// can evaluate policy using referrers
-					if tc.useDigest {
-						p, err := oci.ParsePlatform(platform)
-						require.NoError(t, err)
-						options := oci.WithOptions(ctx, p)
-						subjectRef, err := name.ParseReference(indexName)
-						require.NoError(t, err)
-						desc, err := remote.Image(subjectRef, options...)
-						require.NoError(t, err)
-						subjectDigest, err := desc.Digest()
-						require.NoError(t, err)
-						ref = fmt.Sprintf("%s/repo@%s", u.Host, subjectDigest.String())
-					}
-					src, err := oci.ParseImageSpec(ref, oci.WithPlatform(platform))
+				if tc.useDigest {
+					p, err := oci.ParsePlatform(platform)
 					require.NoError(t, err)
-					results, err = attest.Verify(ctx, src, policyOpts)
+					options := oci.WithOptions(ctx, p)
+					subjectRef, err := name.ParseReference(indexName)
 					require.NoError(t, err)
-					assert.Equal(t, attest.OutcomeSuccess, results.Outcome)
+					desc, err := remote.Image(subjectRef, options...)
+					require.NoError(t, err)
+					subjectDigest, err := desc.Digest()
+					require.NoError(t, err)
+					ref = fmt.Sprintf("%s/repo@%s", u.Host, subjectDigest.String())
 				}
+				src, err = oci.ParseImageSpec(ref, oci.WithPlatform(platform))
+				require.NoError(t, err)
+				results, err = attest.Verify(ctx, src, policyOpts)
+				require.NoError(t, err)
+				assert.Equal(t, attest.OutcomeSuccess, results.Outcome)
 			}
 		})
 	}
@@ -213,10 +199,35 @@ func TestReferencesInDifferentRepo(t *testing.T) {
 			refServer: httptest.NewServer(registry.New(registry.WithReferrersSupport(true))),
 		},
 	} {
-		t.Run(tc.name, func(t *testing.T) {
-			server := tc.server
-			defer server.Close()
-			serverUrl, err := url.Parse(server.URL)
+		server := tc.server
+		defer server.Close()
+		serverUrl, err := url.Parse(server.URL)
+		require.NoError(t, err)
+
+		refServer := tc.refServer
+		defer refServer.Close()
+		refServerUrl, err := url.Parse(refServer.URL)
+		require.NoError(t, err)
+
+		opts := &attestation.SigningOptions{
+			SkipTL: true,
+		}
+		attIdx, err := oci.IndexFromPath(UnsignedTestImage)
+		require.NoError(t, err)
+
+		indexName := fmt.Sprintf("%s/%s:latest", serverUrl.Host, repoName)
+		err = mirror.PushIndexToRegistry(attIdx.Index, indexName)
+		require.NoError(t, err)
+
+		signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
+		require.NoError(t, err)
+
+		// push signed attestation image to the ref server
+		for _, signedManifest := range signedManifests {
+			// push references using subject-digest.att convention
+			image, err := signedManifest.BuildAttestationImage()
+			require.NoError(t, err)
+			err = mirror.PushImageToRegistry(image, fmt.Sprintf("%s/%s:tag-does-not-matter", refServerUrl.Host, repoName))
 			require.NoError(t, err)
 
 			refServer := tc.refServer
@@ -225,8 +236,7 @@ func TestReferencesInDifferentRepo(t *testing.T) {
 			require.NoError(t, err)
 
 			opts := &attestation.SigningOptions{
-				Replace: true,
-				SkipTL:  true,
+				SkipTL: true,
 			}
 			attIdx, err := oci.IndexFromPath(UnsignedTestImage)
 			require.NoError(t, err)
@@ -239,10 +249,14 @@ func TestReferencesInDifferentRepo(t *testing.T) {
 			require.NoError(t, err)
 
 			// push signed attestation image to the ref server
-			for _, img := range signedManifests {
+			for _, mf := range signedManifests {
 				// push references using subject-digest.att convention
-				err = mirror.PushImageToRegistry(img.Attestation.Image, fmt.Sprintf("%s/%s:tag-does-not-matter", refServerUrl.Host, repoName))
+				imgs, err := mf.BuildReferringArtifacts()
 				require.NoError(t, err)
+				for _, img := range imgs {
+					err = mirror.PushImageToRegistry(img, fmt.Sprintf("%s/%s:tag-does-not-matter", refServerUrl.Host, repoName))
+					require.NoError(t, err)
+				}
 			}
 			mfs2, err := attIdx.Index.IndexManifest()
 			require.NoError(t, err)
@@ -262,6 +276,53 @@ func TestReferencesInDifferentRepo(t *testing.T) {
 				require.NoError(t, err)
 				assert.Equal(t, attest.OutcomeSuccess, results.Outcome)
 			}
-		})
+		}
+	}
+}
+
+func TestCorrectArtifactTypeInTagFallback(t *testing.T) {
+	ctx, signer := test.Setup(t)
+	server := httptest.NewServer(registry.New())
+
+	defer server.Close()
+	serverUrl, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	repoName := "repo"
+
+	opts := &attestation.SigningOptions{
+		SkipTL: true,
+	}
+	attIdx, err := oci.IndexFromPath(UnsignedTestImage)
+	require.NoError(t, err)
+
+	indexName := fmt.Sprintf("%s/%s:latest", serverUrl.Host, repoName)
+	err = mirror.PushIndexToRegistry(attIdx.Index, indexName)
+	require.NoError(t, err)
+
+	signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
+	require.NoError(t, err)
+
+	// this should create and maintain an index of referrers
+	for _, mf := range signedManifests {
+		imgs, err := mf.BuildReferringArtifacts()
+		require.NoError(t, err)
+		for _, img := range imgs {
+			err = mirror.PushImageToRegistry(img, fmt.Sprintf("%s/%s:tag-does-not-matter", serverUrl.Host, repoName))
+			require.NoError(t, err)
+			mf, err := img.Manifest()
+			require.NoError(t, err)
+			subject := mf.Subject
+			subjectRef, err := name.ParseReference(fmt.Sprintf("%s/%s:sha256-%s", serverUrl.Host, repoName, subject.Digest.Hex))
+			require.NoError(t, err)
+			idx, err := remote.Index(subjectRef)
+			require.NoError(t, err)
+			imf, err := idx.IndexManifest()
+			require.NoError(t, err)
+			for _, m := range imf.Manifests {
+				assert.Contains(t, m.ArtifactType, "application/vnd.in-toto")
+				assert.Contains(t, m.ArtifactType, "+dsse")
+			}
+		}
 	}
 }

pkg/attestation/types.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 
 	v1 "github.com/google/go-containerregistry/pkg/v1"
-	"github.com/google/go-containerregistry/pkg/v1/types"
 	intoto "github.com/in-toto/in-toto-golang/in_toto"
 	v02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	ociv1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -28,30 +27,27 @@ var base64Encoding = base64.StdEncoding.Strict()
 type AttestationLayer struct {
 	Statement   *intoto.Statement
 	Layer       v1.Layer
-	MediaType   types.MediaType
 	Annotations map[string]string
 }
 
-type AttestationImage struct {
-	Layers []*AttestationLayer
-	Image  v1.Image
-}
-
-type SignedAttestationImage struct {
-	Image               v1.Image
-	Descriptor          *v1.Descriptor
-	AttestationManifest *AttestationManifest
-}
-
 type AttestationManifest struct {
-	Descriptor        *v1.Descriptor
-	Attestation       *AttestationImage
-	MediaType         types.MediaType
-	Annotations       map[string]string
-	Digest            v1.Hash
+	OriginalDescriptor *v1.Descriptor
+	OriginalLayers     []*AttestationLayer
+
+	// accumulated during signing
+	SignedLayers []*AttestationLayer
+	// details of subect image
+	SubjectName       string
 	SubjectDescriptor *v1.Descriptor
 }
 
+type AttestationManifestImageOptions struct {
+	// how to output the image
+	skipSubject   bool
+	replaceLayers bool
+	laxReferrers  bool
+}
+
 // the following types are needed until https://github.com/secure-systems-lab/dsse/pull/61 is merged
 type Envelope struct {
 	PayloadType string      `json:"payloadType"`
@@ -61,7 +57,7 @@ type Envelope struct {
 type Signature struct {
 	KeyID     string    `json:"keyid"`
 	Sig       string    `json:"sig"`
-	Extension Extension `json:"extension"`
+	Extension Extension `json:"extension,omitempty"`
 }
 type Extension struct {
 	Kind string              `json:"kind"`
@@ -83,12 +79,8 @@ type VerifyOptions struct {
 }
 
 type SigningOptions struct {
-	// replace unsigned statements with signed attestations
-	Replace bool
 	// don't log to the configured transparency log
 	SkipTL bool
-	// don't add OCI subject field to attestation image
-	SkipSubject bool
 }
 
 func DSSEMediaType(predicateType string) (string, error) {

pkg/mirror/mirror.go

@@ -5,12 +5,14 @@ import (
 	"os"
 
 	"github.com/docker/attest/internal/embed"
+	"github.com/docker/attest/pkg/attestation"
 	"github.com/docker/attest/pkg/oci"
 	"github.com/docker/attest/pkg/tuf"
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/empty"
 	"github.com/google/go-containerregistry/pkg/v1/layout"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 )
 
@@ -35,7 +37,7 @@ func PushImageToRegistry(image v1.Image, imageName string) error {
 	return remote.Write(ref, image, oci.MultiKeychainOption())
 }
 
-func PushIndexToRegistry(image v1.ImageIndex, imageName string) error {
+func PushIndexToRegistry(index v1.ImageIndex, imageName string) error {
 	// Parse the index name
 	ref, err := name.ParseReference(imageName)
 	if err != nil {
@@ -43,7 +45,7 @@ func PushIndexToRegistry(image v1.ImageIndex, imageName string) error {
 	}
 
 	// Push the index to the registry
-	return remote.WriteIndex(ref, image, oci.MultiKeychainOption())
+	return remote.WriteIndex(ref, index, oci.MultiKeychainOption())
 }
 
 func SaveImageAsOCILayout(image v1.Image, path string) error {
@@ -73,3 +75,83 @@ func SaveIndexAsOCILayout(image v1.ImageIndex, path string) error {
 	}
 	return nil
 }
+
+func SaveIndex(outputs []*oci.ImageSpec, index v1.ImageIndex, indexName string) error {
+	// split output by comma and write or push each one
+	for _, output := range outputs {
+		if output.Type == oci.OCI {
+			idx := v1.ImageIndex(empty.Index)
+			idx = mutate.AppendManifests(idx, mutate.IndexAddendum{
+				Add: index,
+				Descriptor: v1.Descriptor{
+					Annotations: map[string]string{
+						oci.OciReferenceTarget: indexName,
+					},
+				},
+			})
+			err := SaveIndexAsOCILayout(idx, output.Identifier)
+			if err != nil {
+				return fmt.Errorf("failed to write signed image: %w", err)
+			}
+		} else {
+			err := PushIndexToRegistry(index, output.Identifier)
+			if err != nil {
+				return fmt.Errorf("failed to push signed image: %w", err)
+			}
+		}
+	}
+	return nil
+}
+
+func SaveImage(output *oci.ImageSpec, image v1.Image, imageName string) error {
+	if output.Type == oci.OCI {
+		idx := v1.ImageIndex(empty.Index)
+		idx = mutate.AppendManifests(idx, mutate.IndexAddendum{
+			Add: image,
+			Descriptor: v1.Descriptor{
+				Annotations: map[string]string{
+					oci.OciReferenceTarget: imageName,
+				},
+			},
+		})
+		err := SaveIndexAsOCILayout(idx, output.Identifier)
+		if err != nil {
+			return fmt.Errorf("failed to write signed image: %w", err)
+		}
+	} else {
+		err := PushImageToRegistry(image, output.Identifier)
+		if err != nil {
+			return fmt.Errorf("failed to push signed image: %w", err)
+		}
+	}
+	return nil
+}
+
+func SaveReferrers(manifest *attestation.AttestationManifest, outputs []*oci.ImageSpec) error {
+	for _, output := range outputs {
+		if output.Type == oci.OCI {
+			continue
+		}
+		// so that we use the same tag each time to reduce number of tags (tags aren't needed for referrers but we must push one)
+		attOut, err := oci.ReplaceTagInSpec(output, manifest.SubjectDescriptor.Digest)
+		if err != nil {
+			return err
+		}
+		//otherwise we end up with the detected platform, though I'm not sure it matters
+		attOut.Platform = &v1.Platform{
+			OS:           "unknown",
+			Architecture: "unknown",
+		}
+		images, err := manifest.BuildReferringArtifacts()
+		if err != nil {
+			return fmt.Errorf("failed to build image: %w", err)
+		}
+		for _, image := range images {
+			err = SaveImage(attOut, image, "")
+		}
+		if err != nil {
+			return fmt.Errorf("failed to push image: %w", err)
+		}
+	}
+	return nil
+}

pkg/mirror/mirror_test.go

@@ -0,0 +1,111 @@
+package mirror
+
+import (
+	"fmt"
+	"net/http/httptest"
+	"net/url"
+	"path/filepath"
+	"testing"
+
+	"github.com/docker/attest/internal/test"
+	"github.com/docker/attest/pkg/attest"
+	"github.com/docker/attest/pkg/attestation"
+	"github.com/docker/attest/pkg/oci"
+	"github.com/google/go-containerregistry/pkg/registry"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	intoto "github.com/in-toto/in-toto-golang/in_toto"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSavingIndex(t *testing.T) {
+	UnsignedTestImage := filepath.Join("..", "..", "test", "testdata", "unsigned-test-image")
+	outputLayout := test.CreateTempDir(t, "", "mirror-test")
+	attIdx, err := oci.IndexFromPath(UnsignedTestImage)
+	require.NoError(t, err)
+
+	server := httptest.NewServer(registry.New())
+	defer server.Close()
+
+	u, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	indexName := fmt.Sprintf("%s/repo:root", u.Host)
+	output, err := oci.ParseImageSpecs(indexName)
+	require.NoError(t, err)
+	err = SaveIndex(output, attIdx.Index, indexName)
+	require.NoError(t, err)
+
+	ociOutput, err := oci.ParseImageSpecs("oci://" + outputLayout)
+	require.NoError(t, err)
+	err = SaveIndex(ociOutput, attIdx.Index, indexName)
+	require.NoError(t, err)
+}
+
+func TestSavingImage(t *testing.T) {
+
+	outputLayout := test.CreateTempDir(t, "", "mirror-test")
+
+	img := empty.Image
+
+	server := httptest.NewServer(registry.New())
+	defer server.Close()
+
+	u, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	indexName := fmt.Sprintf("%s/repo:root", u.Host)
+	output, err := oci.ParseImageSpec(indexName)
+	require.NoError(t, err)
+	err = SaveImage(output, img, indexName)
+	require.NoError(t, err)
+
+	ociOutput, err := oci.ParseImageSpec("oci://" + outputLayout)
+	require.NoError(t, err)
+	err = SaveImage(ociOutput, img, indexName)
+	require.NoError(t, err)
+}
+
+func TestSavingReferrers(t *testing.T) {
+	ctx, signer := test.Setup(t)
+	opts := &attestation.SigningOptions{}
+	statement := &intoto.Statement{
+		StatementHeader: intoto.StatementHeader{
+			PredicateType: attestation.VSAPredicateType,
+		},
+	}
+
+	digest, err := v1.NewHash("sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620")
+	require.NoError(t, err)
+	subject := &v1.Descriptor{
+		MediaType: "application/vnd.oci.image.manifest.v1+json",
+		Digest:    digest,
+	}
+	manifest, err := attest.NewAttestationManifest(subject)
+	require.NoError(t, err)
+	err = manifest.AddAttestation(ctx, signer, statement, opts)
+	require.NoError(t, err)
+	server := httptest.NewServer(registry.New(registry.WithReferrersSupport(true)))
+	defer server.Close()
+
+	u, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	indexName := fmt.Sprintf("%s/repo:root", u.Host)
+	output, err := oci.ParseImageSpecs(indexName)
+	require.NoError(t, err)
+	err = SaveReferrers(manifest, output)
+	require.NoError(t, err)
+
+	reg := &test.MockRegistryResolver{
+		Subject:      subject,
+		MockResolver: &test.MockResolver{},
+		ImageNameStr: indexName,
+	}
+	require.NoError(t, err)
+	refResolver, err := oci.NewReferrersAttestationResolver(reg)
+	require.NoError(t, err)
+	attestations, err := refResolver.Attestations(ctx, attestation.VSAPredicateType)
+	require.NoError(t, err)
+	require.Len(t, attestations, 1)
+}

pkg/mirror/targets_test.go

@@ -50,8 +50,8 @@ func TestGetTufTargetsMirror(t *testing.T) {
 			ann, ok := layer.Annotations[tufFileAnnotation]
 			assert.True(t, ok)
 			parts := strings.Split(ann, ".")
-			// <digest>.filename.json
-			assert.Equal(t, len(parts), 3)
+			// <digest>.filename.<ext|optional>
+			assert.GreaterOrEqual(t, len(parts), 2)
 		}
 	}
 }
@@ -97,8 +97,8 @@ func TestGetDelegatedTargetMirrors(t *testing.T) {
 			ann, ok := layer.Annotations[tufFileAnnotation]
 			assert.True(t, ok)
 			parts := strings.Split(ann, ".")
-			// <subdir>/<digest>.filename.json
-			assert.Equal(t, len(parts), 3)
+			// <subdir>/<digest>.filename.<ext|optional>
+			assert.GreaterOrEqual(t, len(parts), 2)
 		}
 	}
 }

pkg/oci/layout.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"strings"
 
 	"github.com/docker/attest/pkg/attestation"
 	att "github.com/docker/attest/pkg/attestation"
@@ -15,7 +14,7 @@ import (
 
 // implementation of AttestationResolver that closes over attestations from an oci layout
 type OCILayoutResolver struct {
-	*AttestationManifest
+	*attestation.AttestationManifest
 	*ImageSpec
 }
 
@@ -30,7 +29,7 @@ func NewOCILayoutAttestationResolver(src *ImageSpec) (*OCILayoutResolver, error)
 	return r, nil
 }
 
-func (r *OCILayoutResolver) fetchAttestationManifest() (*AttestationManifest, error) {
+func (r *OCILayoutResolver) fetchAttestationManifest() (*attestation.AttestationManifest, error) {
 	if r.AttestationManifest == nil {
 		m, err := attestationManifestFromOCILayout(r.Identifier, r.ImageSpec.Platform)
 		if err != nil {
@@ -43,29 +42,23 @@ func (r *OCILayoutResolver) fetchAttestationManifest() (*AttestationManifest, er
 }
 
 func (r *OCILayoutResolver) Attestations(ctx context.Context, predicateType string) ([]*att.Envelope, error) {
-	attestationImage := r.AttestationManifest.Image
-	layers, err := attestationImage.Layers()
-	if err != nil {
-		return nil, fmt.Errorf("failed to extract layers from attestation image: %w", err)
-	}
 	var envs []*att.Envelope
-	manifest := r.AttestationManifest.Manifest
-	for i, l := range manifest.Layers {
-		if l.Annotations[attestation.InTotoPredicateType] != predicateType {
-			continue
-		}
-		layer := layers[i]
-		mt, err := layer.MediaType()
+	dsseMediaType, err := attestation.DSSEMediaType(predicateType)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get DSSE media type for predicate '%s': %w", predicateType, err)
+	}
+	for _, attestationLayer := range r.AttestationManifest.OriginalLayers {
+		mt, err := attestationLayer.Layer.MediaType()
 		if err != nil {
 			return nil, fmt.Errorf("failed to get layer media type: %w", err)
 		}
 		mts := string(mt)
-		if !strings.HasSuffix(mts, "+dsse") {
+		if mts != dsseMediaType {
 			continue
 		}
 		var env = new(att.Envelope)
 		// parse layer blob as json
-		r, err := layer.Uncompressed()
+		r, err := attestationLayer.Layer.Uncompressed()
 
 		if err != nil {
 			return nil, fmt.Errorf("failed to get layer contents: %w", err)
@@ -81,18 +74,18 @@ func (r *OCILayoutResolver) Attestations(ctx context.Context, predicateType stri
 }
 
 func (r *OCILayoutResolver) ImageName(ctx context.Context) (string, error) {
-	return r.Name, nil
+	return r.SubjectName, nil
 }
 
-func (r *OCILayoutResolver) ImageDigest(ctx context.Context) (string, error) {
-	return r.Digest, nil
+func (r *OCILayoutResolver) ImageDescriptor(ctx context.Context) (*v1.Descriptor, error) {
+	return r.SubjectDescriptor, nil
 }
 
 func (r *OCILayoutResolver) ImagePlatform(ctx context.Context) (*v1.Platform, error) {
 	return r.ImageSpec.Platform, nil
 }
 
-func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*AttestationManifest, error) {
+func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*attestation.AttestationManifest, error) {
 	idx, err := layout.ImageIndexFromPath(path)
 	if err != nil {
 		return nil, err
@@ -115,10 +108,11 @@ func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*Atte
 	if err != nil {
 		return nil, fmt.Errorf("failed to extract IndexManifest from ImageIndex: %w", err)
 	}
-	var imageDigest string
+	var subjectDescriptor *v1.Descriptor
 	for _, mf := range mfs2.Manifests {
 		if mf.Platform.Equals(*platform) {
-			imageDigest = mf.Digest.String()
+			subjectDescriptor = &mf
+			break
 		}
 	}
 	for _, mf := range mfs2.Manifests {
@@ -126,7 +120,7 @@ func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*Atte
 			continue
 		}
 
-		if mf.Annotations[att.DockerReferenceDigest] != imageDigest {
+		if mf.Annotations[att.DockerReferenceDigest] != subjectDescriptor.Digest.String() {
 			continue
 		}
 
@@ -134,17 +128,15 @@ func attestationManifestFromOCILayout(path string, platform *v1.Platform) (*Atte
 		if err != nil {
 			return nil, fmt.Errorf("failed to extract attestation image with digest %s: %w", mf.Digest.String(), err)
 		}
-		manifest, err := attestationImage.Manifest()
+		layers, err := attestation.GetAttestationsFromImage(attestationImage)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get manifest: %w", err)
+			return nil, fmt.Errorf("failed to get attestations from image: %w", err)
 		}
-		attest := &AttestationManifest{
-			Name:       name,
-			Image:      attestationImage,
-			Manifest:   manifest,
-			Descriptor: &mf,
-			Digest:     imageDigest,
-			Platform:   platform,
+		attest := &attestation.AttestationManifest{
+			OriginalLayers:     layers,
+			OriginalDescriptor: &mf,
+			SubjectName:        name,
+			SubjectDescriptor:  subjectDescriptor,
 		}
 		return attest, nil
 	}

pkg/oci/oci.go

@@ -6,8 +6,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/platforms"
 	"github.com/distribution/reference"
+	"github.com/docker/attest/pkg/attestation"
 	att "github.com/docker/attest/pkg/attestation"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
@@ -46,19 +47,19 @@ func WithOptions(ctx context.Context, platform *v1.Platform) []remote.Option {
 	return options
 }
 
-func ExtractEnvelopes(ia *AttestationManifest, predicateType string) ([]*att.Envelope, error) {
-	manifest := ia.Manifest
-	image := ia.Image
+func ExtractEnvelopes(manifest *attestation.AttestationManifest, predicateType string) ([]*att.Envelope, error) {
 	var envs []*att.Envelope
-	layers, err := image.Layers()
+	dsseMediaType, err := attestation.DSSEMediaType(predicateType)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get layers: %w", err)
+		return nil, fmt.Errorf("failed to get DSSE media type for predicate '%s': %w", predicateType, err)
 	}
-	for i, l := range manifest.Layers {
-		if (strings.HasPrefix(string(l.MediaType), "application/vnd.in-toto.")) &&
-			strings.HasSuffix(string(l.MediaType), "+dsse") &&
-			l.Annotations[att.InTotoPredicateType] == predicateType {
-			reader, err := layers[i].Uncompressed()
+	for _, attestationLayer := range manifest.OriginalLayers {
+		mt, err := attestationLayer.Layer.MediaType()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get layer media type: %w", err)
+		}
+		if string(mt) == dsseMediaType {
+			reader, err := attestationLayer.Layer.Uncompressed()
 			if err != nil {
 				return nil, fmt.Errorf("failed to get layer contents: %w", err)
 			}
@@ -75,13 +76,13 @@ func ExtractEnvelopes(ia *AttestationManifest, predicateType string) ([]*att.Env
 	return envs, nil
 }
 
-func imageDigestForPlatform(ix *v1.IndexManifest, platform *v1.Platform) (string, error) {
+func imageDescriptor(ix *v1.IndexManifest, platform *v1.Platform) (*v1.Descriptor, error) {
 	for _, m := range ix.Manifests {
 		if (m.MediaType == ocispec.MediaTypeImageManifest || m.MediaType == "application/vnd.docker.distribution.manifest.v2+json") && m.Platform.Equals(*platform) {
-			return m.Digest.String(), nil
+			return &m, nil
 		}
 	}
-	return "", errors.New(fmt.Sprintf("no image found for platform %v", platform))
+	return nil, errors.New(fmt.Sprintf("no image found for platform %v", platform))
 }
 
 func attestationDigestForDigest(ix *v1.IndexManifest, imageDigest string, attestType string) (string, error) {
@@ -147,3 +148,27 @@ func SplitDigest(digest string) (common.DigestSet, error) {
 		parts[0]: parts[1],
 	}, nil
 }
+
+func ReplaceTagInSpec(src *ImageSpec, digest v1.Hash) (*ImageSpec, error) {
+	newName, err := replaceTag(src.Identifier, digest)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse repo name: %w", err)
+	}
+	return &ImageSpec{
+		Identifier: newName,
+		Type:       src.Type,
+		Platform:   src.Platform,
+	}, nil
+}
+
+// so that the index tag is replaced with a tag unique to the image digest and doesn't overwrite it
+func replaceTag(image string, digest v1.Hash) (string, error) {
+	if strings.HasPrefix(image, LocalPrefix) {
+		return image, nil
+	}
+	notag, err := WithoutTag(image)
+	if err != nil {
+		return "", nil
+	}
+	return fmt.Sprintf("%s:%s-%s.att", notag, digest.Algorithm, digest.Hex), nil
+}

pkg/oci/oci_test.go

@@ -4,6 +4,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/layout"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -75,14 +76,16 @@ func TestImageDigestForPlatform(t *testing.T) {
 
 	p, err := ParsePlatform("linux/amd64")
 	assert.NoError(t, err)
-	digest, err := imageDigestForPlatform(mfs2, p)
+	desc, err := imageDescriptor(mfs2, p)
 	assert.NoError(t, err)
+	digest := desc.Digest.String()
 	assert.Equal(t, "sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620", digest)
 
 	p, err = ParsePlatform("linux/arm64")
 	assert.NoError(t, err)
-	digest, err = imageDigestForPlatform(mfs2, p)
+	desc, err = imageDescriptor(mfs2, p)
 	assert.NoError(t, err)
+	digest = desc.Digest.String()
 	assert.Equal(t, "sha256:7a76cec943853f9f7105b1976afa1bf7cd5bb6afc4e9d5852dd8da7cf81ae86e", digest)
 }
 
@@ -106,3 +109,31 @@ func TestWithoutTag(t *testing.T) {
 		})
 	}
 }
+
+func TestReplaceTag(t *testing.T) {
+	tc := []struct {
+		name     string
+		expected string
+	}{
+		{name: "image:tag", expected: "index.docker.io/library/image:sha256-digest.att"},
+		{name: "image", expected: "index.docker.io/library/image:sha256-digest.att"},
+		{name: "image:sha256-digest.att", expected: "index.docker.io/library/image:sha256-digest.att"},
+		{name: "docker://image:tag", expected: "docker://index.docker.io/library/image:sha256-digest.att"},
+		{name: "image@sha256:166710df254975d4a6c4c407c315951c22753dcaa829e020a3fd5d18fff70dd2", expected: "index.docker.io/library/image:sha256-digest.att"},
+		{name: "oci://foobar", expected: "oci://foobar"},
+		{name: "docker://image@sha256:166710df254975d4a6c4c407c315951c22753dcaa829e020a3fd5d18fff70dd2", expected: "docker://index.docker.io/library/image:sha256-digest.att"},
+		{name: "docker://127.0.0.1:36555/repo:latest", expected: "docker://127.0.0.1:36555/repo:sha256-digest.att"},
+	}
+
+	digest := v1.Hash{
+		Algorithm: "sha256",
+		Hex:       "digest",
+	}
+	for _, c := range tc {
+		t.Run(c.name, func(t *testing.T) {
+			replaced, err := replaceTag(c.name, digest)
+			require.NoError(t, err)
+			assert.Equal(t, c.expected, replaced)
+		})
+	}
+}

pkg/oci/referrers.go

@@ -4,22 +4,20 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/docker/attest/pkg/attestation"
 	att "github.com/docker/attest/pkg/attestation"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
-	"github.com/pkg/errors"
 )
 
 type ReferrersResolver struct {
-	digest        string
 	referrersRepo string
-	manifests     []*AttestationManifest
-	*RegistryImageDetailsResolver
+	ImageDetailsResolver
 }
 
-func NewReferrersAttestationResolver(src *RegistryImageDetailsResolver, options ...func(*ReferrersResolver) error) (*ReferrersResolver, error) {
+func NewReferrersAttestationResolver(src ImageDetailsResolver, options ...func(*ReferrersResolver) error) (*ReferrersResolver, error) {
 	res := &ReferrersResolver{
-		RegistryImageDetailsResolver: src,
+		ImageDetailsResolver: src,
 	}
 	for _, opt := range options {
 		err := opt(res)
@@ -37,80 +35,86 @@ func WithReferrersRepo(repo string) func(*ReferrersResolver) error {
 	}
 }
 
-func (r *ReferrersResolver) resolveAttestations(ctx context.Context) error {
-	if r.manifests == nil {
-		subjectRef, err := name.ParseReference(r.Identifier)
-		if err != nil {
-			return fmt.Errorf("failed to parse reference: %w", err)
-		}
-		subjectDigest, err := r.ImageDigest(ctx)
-		if err != nil {
-			return fmt.Errorf("failed to get digest: %w", err)
-		}
-		var referrersSubjectRef name.Digest
-		if r.referrersRepo != "" {
-			referrersSubjectRef, err = name.NewDigest(fmt.Sprintf("%s@%s", r.referrersRepo, subjectDigest))
-			if err != nil {
-				return fmt.Errorf("failed to create referrers reference: %w", err)
-			}
-		} else {
-			referrersSubjectRef = subjectRef.Context().Digest(subjectDigest)
-		}
-		referrersIndex, err := remote.Referrers(referrersSubjectRef)
-		if err != nil {
-			return fmt.Errorf("failed to get referrers: %w", err)
-		}
-		referrersIndexManifest, err := referrersIndex.IndexManifest()
-		if err != nil {
-			return fmt.Errorf("failed to get index manifest: %w", err)
-		}
-		if len(referrersIndexManifest.Manifests) == 0 {
-			return errors.New("no referrers found")
-		}
-		aManifests := make([]*AttestationManifest, 0)
-		for _, m := range referrersIndexManifest.Manifests {
-
-			remoteRef := referrersSubjectRef.Context().Digest(m.Digest.String())
-			attestationImage, err := remote.Image(remoteRef)
-			if err != nil {
-				return fmt.Errorf("failed to get referred image: %w", err)
-			}
-			manifest, err := attestationImage.Manifest()
-			if err != nil {
-				return fmt.Errorf("failed to get manifest: %w", err)
-			}
-			if manifest.Annotations[att.DockerReferenceType] != att.AttestationManifestType {
-				continue
-			}
-			if manifest.Annotations[att.DockerReferenceDigest] != subjectDigest {
-				continue
-			}
-			attest := &AttestationManifest{
-				Name:       r.Identifier,
-				Image:      attestationImage,
-				Manifest:   manifest,
-				Descriptor: &m,
-				Digest:     subjectDigest,
-				Platform:   r.Platform,
-			}
-			aManifests = append(aManifests, attest)
-		}
-
-		if len(aManifests) == 0 {
-			return errors.New("no attestation manifests found")
-		}
-		r.manifests = aManifests
+func (r *ReferrersResolver) resolveAttestations(ctx context.Context, predicateType string) ([]*attestation.AttestationManifest,
+	error) {
+	dsseMediaType, err := attestation.DSSEMediaType(predicateType)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get DSSE media type for predicate '%s': %w", predicateType, err)
 	}
-	return nil
+	imageName, err := r.ImageName(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get image name: %w", err)
+	}
+	subjectRef, err := name.ParseReference(imageName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse reference: %w", err)
+	}
+	desc, err := r.ImageDescriptor(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get descriptor: %w", err)
+	}
+	subjectDigest := desc.Digest.String()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get digest: %w", err)
+	}
+	var referrersSubjectRef name.Digest
+	if r.referrersRepo != "" {
+		referrersSubjectRef, err = name.NewDigest(fmt.Sprintf("%s@%s", r.referrersRepo, subjectDigest))
+		if err != nil {
+			return nil, fmt.Errorf("failed to create referrers reference: %w", err)
+		}
+	} else {
+		referrersSubjectRef = subjectRef.Context().Digest(subjectDigest)
+	}
+	options := WithOptions(ctx, nil)
+	options = append(options, remote.WithFilter("artifactType", dsseMediaType))
+	referrersIndex, err := remote.Referrers(referrersSubjectRef, options...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get referrers: %w", err)
+	}
+	referrersIndexManifest, err := referrersIndex.IndexManifest()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get index manifest: %w", err)
+	}
+	aManifests := make([]*attestation.AttestationManifest, 0)
+	for _, m := range referrersIndexManifest.Manifests {
+		remoteRef := referrersSubjectRef.Context().Digest(m.Digest.String())
+		attestationImage, err := remote.Image(remoteRef)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get referred image: %w", err)
+		}
+		layers, err := attestation.GetAttestationsFromImage(attestationImage)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get attestations from image: %w", err)
+		}
+		if len(layers) != 1 {
+			return nil, fmt.Errorf("expected exactly one layer, got %d", len(layers))
+		}
+		mt, err := layers[0].Layer.MediaType()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get layer media type: %w", err)
+		}
+		if string(mt) != dsseMediaType {
+			return nil, fmt.Errorf("expected layer media type %s, got %s", dsseMediaType, mt)
+		}
+		attest := &attestation.AttestationManifest{
+			SubjectName:        imageName,
+			OriginalLayers:     layers,
+			OriginalDescriptor: &m,
+			SubjectDescriptor:  desc,
+		}
+		aManifests = append(aManifests, attest)
+	}
+	return aManifests, nil
 }
 
 func (r *ReferrersResolver) Attestations(ctx context.Context, predicateType string) ([]*att.Envelope, error) {
-	err := r.resolveAttestations(ctx)
+	manifests, err := r.resolveAttestations(ctx, predicateType)
 	if err != nil {
 		return nil, fmt.Errorf("failed to resolve attestations: %w", err)
 	}
 	var envs []*att.Envelope
-	for _, attest := range r.manifests {
+	for _, attest := range manifests {
 		es, err := ExtractEnvelopes(attest, predicateType)
 		if err != nil {
 			return nil, fmt.Errorf("failed to extract envelopes: %w", err)

pkg/oci/registry.go

@@ -2,9 +2,9 @@ package oci
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 
+	"github.com/docker/attest/pkg/attestation"
 	att "github.com/docker/attest/pkg/attestation"
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -13,12 +13,12 @@ import (
 
 type RegistryResolver struct {
 	*RegistryImageDetailsResolver
-	*AttestationManifest
+	*attestation.AttestationManifest
 }
 
 type RegistryImageDetailsResolver struct {
 	*ImageSpec
-	digest string
+	descriptor *v1.Descriptor
 }
 
 func NewRegistryImageDetailsResolver(src *ImageSpec) (*RegistryImageDetailsResolver, error) {
@@ -41,24 +41,36 @@ func (r *RegistryImageDetailsResolver) ImagePlatform(ctx context.Context) (*v1.P
 	return r.Platform, nil
 }
 
-func (r *RegistryImageDetailsResolver) ImageDigest(ctx context.Context) (string, error) {
-	if r.digest == "" {
+func (r *RegistryImageDetailsResolver) ImageDescriptor(ctx context.Context) (*v1.Descriptor, error) {
+	if r.descriptor == nil {
 		subjectRef, err := name.ParseReference(r.Identifier)
 		if err != nil {
-			return "", fmt.Errorf("failed to parse reference: %w", err)
+			return nil, fmt.Errorf("failed to parse reference: %w", err)
 		}
 		options := WithOptions(ctx, r.Platform)
-		desc, err := remote.Image(subjectRef, options...)
+		image, err := remote.Image(subjectRef, options...)
 		if err != nil {
-			return "", fmt.Errorf("failed to get image manifest: %w", err)
+			return nil, fmt.Errorf("failed to get image manifest: %w", err)
 		}
-		subjectDigest, err := desc.Digest()
+		digest, err := image.Digest()
 		if err != nil {
-			return "", fmt.Errorf("failed to get image digest: %w", err)
+			return nil, fmt.Errorf("failed to get image digest: %w", err)
+		}
+		size, err := image.Size()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get image size: %w", err)
+		}
+		mediaType, err := image.MediaType()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get image media type: %w", err)
+		}
+		r.descriptor = &v1.Descriptor{
+			Digest:    digest,
+			Size:      size,
+			MediaType: mediaType,
 		}
-		r.digest = subjectDigest.String()
 	}
-	return r.digest, nil
+	return r.descriptor, nil
 }
 
 func (r *RegistryResolver) Attestations(ctx context.Context, predicateType string) ([]*att.Envelope, error) {
@@ -72,7 +84,7 @@ func (r *RegistryResolver) Attestations(ctx context.Context, predicateType strin
 	return ExtractEnvelopes(r.AttestationManifest, predicateType)
 }
 
-func FetchAttestationManifest(ctx context.Context, image string, platform *v1.Platform) (*AttestationManifest, error) {
+func FetchAttestationManifest(ctx context.Context, image string, platform *v1.Platform) (*attestation.AttestationManifest, error) {
 	// we want to get to the image index, so ignoring platform for now
 	options := WithOptions(ctx, nil)
 	ref, err := name.ParseReference(image)
@@ -87,10 +99,12 @@ func FetchAttestationManifest(ctx context.Context, image string, platform *v1.Pl
 	if err != nil {
 		return nil, fmt.Errorf("failed to get index manifest: %w", err)
 	}
-	digest, err := imageDigestForPlatform(indexManifest, platform)
+	subjectDescriptor, err := imageDescriptor(indexManifest, platform)
 	if err != nil {
 		return nil, fmt.Errorf("failed to obtain image for platform: %w", err)
 	}
+
+	digest := subjectDescriptor.Digest.String()
 	ref, err = name.ParseReference(fmt.Sprintf("%s@%s", ref.Context().Name(), digest))
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse attestation reference: %w", err)
@@ -108,22 +122,20 @@ func FetchAttestationManifest(ctx context.Context, image string, platform *v1.Pl
 	if err != nil {
 		return nil, fmt.Errorf("failed to get attestation: %w", err)
 	}
-	manifest := new(v1.Manifest)
-	err = json.Unmarshal(remoteDescriptor.Manifest, manifest)
-	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshal attestation: %w", err)
-	}
 	attestationImage, err := remoteDescriptor.Image()
 	if err != nil {
 		return nil, fmt.Errorf("failed to get attestation image: %w", err)
 	}
-	attest := &AttestationManifest{
-		Name:       image,
-		Image:      attestationImage,
-		Manifest:   manifest,
-		Descriptor: &remoteDescriptor.Descriptor,
-		Digest:     digest,
-		Platform:   platform,
+
+	layers, err := attestation.GetAttestationsFromImage(attestationImage)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get attestations from image: %w", err)
+	}
+	attest := &attestation.AttestationManifest{
+		OriginalLayers:     layers,
+		OriginalDescriptor: &remoteDescriptor.Descriptor,
+		SubjectName:        image,
+		SubjectDescriptor:  subjectDescriptor,
 	}
 	return attest, nil
 }

pkg/oci/registry_test.go

@@ -25,16 +25,13 @@ func TestRegistry(t *testing.T) {
 	u, err := url.Parse(server.URL)
 	require.NoError(t, err)
 
-	opts := &attestation.SigningOptions{
-		Replace:     true,
-		SkipSubject: true,
-	}
+	opts := &attestation.SigningOptions{}
 	attIdx, err := oci.IndexFromPath(oci.UnsignedTestImage)
 	require.NoError(t, err)
 	signedManifests, err := attest.SignStatements(ctx, attIdx.Index, signer, opts)
 	require.NoError(t, err)
 	signedIndex := attIdx.Index
-	signedIndex, err = attestation.AddImagesToIndex(signedIndex, signedManifests)
+	signedIndex, err = attestation.UpdateIndexImages(signedIndex, signedManifests)
 	require.NoError(t, err)
 
 	indexName := fmt.Sprintf("%s/repo:root", u.Host)
@@ -47,7 +44,8 @@ func TestRegistry(t *testing.T) {
 
 	resolver, err := policy.CreateImageDetailsResolver(spec)
 	require.NoError(t, err)
-	digest, err := resolver.ImageDigest(ctx)
+	desc, err := resolver.ImageDescriptor(ctx)
 	require.NoError(t, err)
+	digest := desc.Digest.String()
 	assert.True(t, strings.Contains(digest, "sha256:"))
 }

pkg/oci/resolver.go

@@ -7,21 +7,6 @@ import (
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 )
 
-type AttestationManifests struct {
-	Manifests []*AttestationManifest
-}
-
-type AttestationManifest struct {
-	// attestation image details
-	Image      v1.Image
-	Manifest   *v1.Manifest
-	Descriptor *v1.Descriptor
-	// details of subect image
-	Name     string
-	Digest   string
-	Platform *v1.Platform
-}
-
 type AttestationResolver interface {
 	ImageDetailsResolver
 	Attestations(ctx context.Context, mediaType string) ([]*att.Envelope, error)
@@ -30,25 +15,5 @@ type AttestationResolver interface {
 type ImageDetailsResolver interface {
 	ImageName(ctx context.Context) (string, error)
 	ImagePlatform(ctx context.Context) (*v1.Platform, error)
-	ImageDigest(ctx context.Context) (string, error)
-}
-
-type MockResolver struct {
-	Envs []*att.Envelope
-}
-
-func (r MockResolver) Attestations(ctx context.Context, mediaType string) ([]*att.Envelope, error) {
-	return r.Envs, nil
-}
-
-func (r MockResolver) ImageName(ctx context.Context) (string, error) {
-	return "library/alpine:latest", nil
-}
-
-func (r MockResolver) ImageDigest(ctx context.Context) (string, error) {
-	return "sha256:test-digest", nil
-}
-
-func (r MockResolver) ImagePlatform(ctx context.Context) (*v1.Platform, error) {
-	return ParsePlatform("linux/amd64")
+	ImageDescriptor(ctx context.Context) (*v1.Descriptor, error)
 }

pkg/policy/policy_test.go

@@ -38,7 +38,7 @@ func TestRegoEvaluator_Evaluate(t *testing.T) {
 
 	re := policy.NewRegoEvaluator(true)
 
-	defaultResolver := oci.MockResolver{
+	defaultResolver := test.MockResolver{
 		Envs: []*attestation.Envelope{loadAttestation(t, ExampleAttestation)},
 	}
 

pkg/signerverifier/gcp_test.go

@@ -22,7 +22,7 @@ k2s4SO3XbQ2GG2alm289SUUpmBAuVxvT8muYQ8HC/QzixzyTACTXsBDjQg==
 
 func TestGCPKMS_Signer(t *testing.T) {
 	// create a new signer
-	ctx := context.Background()
+	ctx := context.TODO()
 	ref := "projects/attest-kms-test/locations/us-west1/keyRings/attest-kms-test/cryptoKeys/test-signing-key/cryptoKeyVersions/1"
 	signer, err := GetGCPSigner(ctx, ref)
 	require.NoError(t, err)

pkg/tuf/registry_test.go

@@ -22,7 +22,6 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/static"
 	"github.com/google/go-containerregistry/pkg/v1/types"
 	"github.com/stretchr/testify/assert"
-	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/modules/registry"
 	"github.com/theupdateframework/go-tuf/v2/metadata"
 	"github.com/theupdateframework/go-tuf/v2/metadata/config"
@@ -342,7 +341,7 @@ func TestGetManifest(t *testing.T) {
 
 // RunTestRegistry starts a registry testcontainer for TUF on OCI testdata
 func RunTestRegistry(t *testing.T) (*registry.RegistryContainer, *url.URL) {
-	registryContainer, err := registry.RunContainer(context.Background(), testcontainers.WithImage("registry:2.8.3"))
+	registryContainer, err := registry.Run(context.Background(), "registry:2.8.3")
 	if err != nil {
 		t.Fatalf("failed to start container: %s", err)
 	}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/1e6d780fc1967ff3d2d65c01b3614536a1562de0f0e5981718df82f61dc0c670

@@ -0,0 +1 @@
+{"signatures":[{"keyid":"76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221","sig":"3065023079fce0ddea385d0e5b6eed0da688946f417d1c1bf6397edaa44279bf948d6de41daf5e0852069900f363175abd95959b023100d2b950cb3f39cc4df8140d2ec3c60d81d2811827fbc61034786cd877586f6ab5f9ba03ad95d7de58e9241917d79687a9"},{"keyid":"beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72","sig":""}],"signed":{"_type":"root","consistent_snapshot":true,"expires":"2034-06-12T17:21:13Z","keys":{"76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"},"bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-online-uri":"awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"},"beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEERet/8hs3WHIXyOXNzhLpTOz6DBx\n7zzHnenJgV/TB0dRMAx6j9UVRvlEkh5OcYuktNeqnLpHce1rLjLjpiRPVg==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-keyowner":"@jonnystoten"}},"roles":{"root":{"keyids":["76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221","beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72"],"threshold":1},"snapshot":{"keyids":["bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60},"targets":{"keyids":["76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221","beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72"],"threshold":1},"timestamp":{"keyids":["bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}},"spec_version":"1.0.31","version":2,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/1f83502e00bf791ad0b4308fed7ba4a2cb099665069585f21f819fb35be140d8

@@ -0,0 +1 @@
+{"signatures":[{"keyid":"bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5","sig":"304502204019c08b30b7525b95c4010e5c1420c5618c18d5b0719fb1d9392ef93322ca4e022100924ec18242ba21edcc2c7ad92ee13a38a6f4a8e1315c588eb9eb2d0bce0a1a80"}],"signed":{"_type":"timestamp","expires":"2034-06-23T12:47:16Z","meta":{"snapshot.json":{"version":7}},"spec_version":"1.0.31","version":7}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38

@@ -1 +0,0 @@
-{"signatures":[{"keyid":"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3","sig":"3044022039b56cd2e3597df74e57d200a652ba020cdc9a8cd050bd65b5f8e2640d50691d02205e073e4b6fc260acc64327a331e4440601af5b1cbff594ea91cf7b70d5828fb1"}],"signed":{"_type":"snapshot","expires":"2034-04-03T15:59:47Z","meta":{"targets.json":{"version":5},"test-role.json":{"version":3}},"spec_version":"1.0.31","version":6}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950

@@ -1 +0,0 @@
-{"signatures":[{"keyid":"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3","sig":"3045022011f2afa9b448fcbbac983c11fc3e264e95d5d7a9c9527b09d83a316ee762635f022100d05197a78ccc7a713ebdb0bccb44844f67a7c5208af8d346e201064b7ce11055"}],"signed":{"_type":"timestamp","expires":"2034-04-03T15:59:47Z","meta":{"snapshot.json":{"version":6}},"spec_version":"1.0.31","version":6}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/5a9f60b64b708d05e4e4da0354529fc7fe5015807b79f0bf7b136207bf952bd7

@@ -1,42 +1,42 @@
 {
  "signatures": [
   {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": "3064023037bbb03c3472b140572a7d5a2895bd80e74435bbcb7053949731f81b104c6d05a0876590cd6a2e94d7ed619426a2f6fa02303adc8c9006fa5506fdd7ea87d2960074a537ad8bf2459f2863e806b47682cbb2f9b01b7502eaf5437a1a68fdaaeac114"
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": "3065023000f7d0a866576e94eaabc173b9233d4c8fcfa495527088f9022dff5a553f7a457da1015a6d0fc714f84848ec627387360231009fa70b2eebbe15241a2ec9b96a094ebd28661e30b8c3d1eab8d694df2b340bda511c489393630c9a9dacde42c99e9fa1"
   }
  ],
  "signed": {
   "_type": "root",
   "consistent_snapshot": true,
-  "expires": "2034-04-02T17:00:22Z",
+  "expires": "2034-05-29T20:14:11Z",
   "keys": {
-   "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
-    "keytype": "ecdsa",
-    "keyval": {
-     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
-    },
-    "scheme": "ecdsa-sha2-nistp256",
-    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
-   },
-   "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
+   "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221": {
     "keytype": "ecdsa",
     "keyval": {
      "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
     },
     "scheme": "ecdsa-sha2-nistp384",
     "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+   },
+   "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5": {
+    "keytype": "ecdsa",
+    "keyval": {
+     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
+    },
+    "scheme": "ecdsa-sha2-nistp256",
+    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
    }
   },
   "roles": {
    "root": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "snapshot": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,
@@ -44,13 +44,13 @@
    },
    "targets": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "timestamp": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/5caaed86d85583b60586eff2da6ecff41a35d0ec5b8a603330db791249f7d497

@@ -0,0 +1 @@
+{"signatures":[{"keyid":"bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5","sig":"3045022018e31a2e743b21054939262706520be10375829fb93dec7f3042e48ed8eb9cec0221008c2765ee9e49d49c12a6b9a5124c984d414b8d86452cdbcc2fc2f2ca10a11e67"}],"signed":{"_type":"snapshot","expires":"2034-06-23T12:47:16Z","meta":{"targets.json":{"version":8},"test-role.json":{"version":2}},"spec_version":"1.0.31","version":7}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/742736cf58eef752676e9254241b3143779ad66e10707f980b6a477cdc23ad59

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:5a9f60b64b708d05e4e4da0354529fc7fe5015807b79f0bf7b136207bf952bd7","sha256:1e6d780fc1967ff3d2d65c01b3614536a1562de0f0e5981718df82f61dc0c670","sha256:5caaed86d85583b60586eff2da6ecff41a35d0ec5b8a603330db791249f7d497","sha256:ddc840cc61ca4a5cf9b79d683fc81144977f2d95f1734ebf247b3f9da4d644fb","sha256:1f83502e00bf791ad0b4308fed7ba4a2cb099665069585f21f819fb35be140d8"]},"config":{}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/a152e59e7b58a3a1ec718192b07fbf630d2fe2d80a6f1a9dc09e1321cbd338a7

@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":669,"digest":"sha256:ad4cacc170229608305ffccd8d09eeb59578fcb72ae394763cf7ef492175b1ee"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":2607,"digest":"sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","annotations":{"tuf.io/filename":"2.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":2200,"digest":"sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","annotations":{"tuf.io/filename":"1.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":410,"digest":"sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","annotations":{"tuf.io/filename":"6.snapshot.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":1683,"digest":"sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","annotations":{"tuf.io/filename":"5.targets.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":383,"digest":"sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950","annotations":{"tuf.io/filename":"timestamp.json"}}]}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87

@@ -1 +0,0 @@
-{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":"3066023100e99acc5f74777ebf40376b60f0216e8fe1829c1a49a5f6a6899126c15de1df7a56533baf493b2b53159c50843a289102023100b6a006b24da62ea0b743fbe38e1497ff485bf3a0833894985fc27a0305ad0693eeb968a7b52723ed3c49af8bef2027b6"},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"30440220136debcc2f60dd1d63c9c2704f9b13c2cb2f5d2df58ea93f07f7c10f54f36742022059d7f8c6620e33506c6f1766394a32f86c9b008328f6398831ba7ebcf4ce0838"}],"signed":{"_type":"root","consistent_snapshot":true,"expires":"2034-04-03T08:45:50Z","keys":{"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-online-uri":"awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"},"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-keyowner":"@kipz"},"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"}},"roles":{"root":{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"threshold":1},"snapshot":{"keyids":["198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60},"targets":{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"threshold":1},"timestamp":{"keyids":["198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}},"spec_version":"1.0.31","version":2,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/a744a2f1e62ae4ce410822b5e3f5508dbaf6a76768a9d23741828172bab1dc97

@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":669,"digest":"sha256:c927b30f17fa8c64e3c20b8f92b7e348733f9c1281b5b7e6b6d669a8a74230a7"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":2200,"digest":"sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","annotations":{"tuf.io/filename":"1.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":2607,"digest":"sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","annotations":{"tuf.io/filename":"2.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":410,"digest":"sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","annotations":{"tuf.io/filename":"6.snapshot.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":1683,"digest":"sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","annotations":{"tuf.io/filename":"5.targets.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":383,"digest":"sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950","annotations":{"tuf.io/filename":"timestamp.json"}}]}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/ad4cacc170229608305ffccd8d09eeb59578fcb72ae394763cf7ef492175b1ee

@@ -1 +0,0 @@
-{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950"]},"config":{}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/c927b30f17fa8c64e3c20b8f92b7e348733f9c1281b5b7e6b6d669a8a74230a7

@@ -1 +0,0 @@
-{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950"]},"config":{}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/ddc840cc61ca4a5cf9b79d683fc81144977f2d95f1734ebf247b3f9da4d644fb

@@ -0,0 +1 @@
+{"signatures":[{"keyid":"76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221","sig":""},{"keyid":"beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72","sig":"304602210086552ad4ffddd7e60f2b80d095b4dfad9d2836cfce5d6b12dfb2aec0786240df02210097807190a1f64c615798b74068e8c9f19a29f495566bc1f16d296c7edd9343b3"}],"signed":{"_type":"targets","delegations":{"keys":{"76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"}},"roles":[{"keyids":["76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"],"name":"test-role","paths":["test-role/*","test-role/*/*","test-role/*/*/*","test-role/*/*/*/*"],"terminating":true,"threshold":1}]},"expires":"2034-06-23T12:42:15Z","spec_version":"1.0.31","targets":{"always-fail.rego":{"hashes":{"sha256":"e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac"},"length":364},"jonnystoten2.rego":{"hashes":{"sha256":"bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1"},"length":5857},"mapping.yaml":{"hashes":{"sha256":"baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1"},"length":272},"test.txt":{"hashes":{"sha256":"02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"},"length":31},"version-constraints":{"hashes":{"sha256":"bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3"},"length":12}},"version":8,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/e744131b8e5deec56c893bb4de662fdefa3b82fb8c66a9fa4a039ea543afa5e1

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":669,"digest":"sha256:742736cf58eef752676e9254241b3143779ad66e10707f980b6a477cdc23ad59"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":2202,"digest":"sha256:5a9f60b64b708d05e4e4da0354529fc7fe5015807b79f0bf7b136207bf952bd7","annotations":{"tuf.io/filename":"1.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":2472,"digest":"sha256:1e6d780fc1967ff3d2d65c01b3614536a1562de0f0e5981718df82f61dc0c670","annotations":{"tuf.io/filename":"2.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":412,"digest":"sha256:5caaed86d85583b60586eff2da6ecff41a35d0ec5b8a603330db791249f7d497","annotations":{"tuf.io/filename":"7.snapshot.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":1746,"digest":"sha256:ddc840cc61ca4a5cf9b79d683fc81144977f2d95f1734ebf247b3f9da4d644fb","annotations":{"tuf.io/filename":"8.targets.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":383,"digest":"sha256:1f83502e00bf791ad0b4308fed7ba4a2cb099665069585f21f819fb35be140d8","annotations":{"tuf.io/filename":"timestamp.json"}}]}

test/testdata/tuf/test-repo-oci/metadata/blobs/sha256/ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260

@@ -1 +0,0 @@
-{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":""},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"3046022100f892a496c9bd96082e3b06d5eae85429355876b8eb455aa04b53ab9051911d90022100a3e89c29b15bccfc2877278c0fb2d3b34500da6351e245ad0b3f8c0ae6b67eff"}],"signed":{"_type":"targets","delegations":{"keys":{"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-keyowner":"@kipz"},"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"}},"roles":[{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"name":"test-role","paths":["test-role/*","test-role/*/*","test-role/*/*/*","test-role/*/*/*/*"],"terminating":true,"threshold":1}]},"expires":"2034-04-03T15:28:29Z","spec_version":"1.0.31","targets":{"test.txt":{"hashes":{"sha256":"02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"},"length":31}},"version":5,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/index.json

@@ -5,7 +5,7 @@
       {
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "size": 1220,
-         "digest": "sha256:a744a2f1e62ae4ce410822b5e3f5508dbaf6a76768a9d23741828172bab1dc97"
+         "digest": "sha256:e744131b8e5deec56c893bb4de662fdefa3b82fb8c66a9fa4a039ea543afa5e1"
       }
    ]
 }

test/testdata/tuf/test-repo-oci/metadata/test-role/blobs/sha256/2b2d4fba192ec164e05e6d90399c5cf4a45e4fe2ddebb9066c55aa2bcf0a73d3

@@ -1 +0,0 @@
-{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":""},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"3044022015b6ebe9d30895e3be20e707a6738e38460197d90cae3dc37527ddb7c437868602207f85f3d4e068bef4c51a749f5d166cc7fe2cb9483999ea197e72395081c3aa61"}],"signed":{"_type":"targets","expires":"2034-04-03T15:39:02Z","spec_version":"1.0.31","targets":{"test-role/dir1/dir2/dir3/myfile.txt":{"hashes":{"sha256":"ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"},"length":10},"test-role/test.txt":{"hashes":{"sha256":"d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"},"length":32}},"version":3,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/test-role/blobs/sha256/6536fc6f6e006b674a97c23b28c01e97153533777a48c3de9ff06a20a200dcbc

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:84fd82cab3086626411db7936836bca343f3f2cb7a9b41846cbc42d6ff64da98"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":742,"digest":"sha256:ad7b6cdc3c7c0af0f8f05459471074adb6353ff72e65e2ec2629fafcce1603b1","annotations":{"tuf.io/filename":"2.test-role.json"}}]}

test/testdata/tuf/test-repo-oci/metadata/test-role/blobs/sha256/7c8d8f5dfca62068e3a4b18bb41cf85dad23ec9cdc7d7d2e10bc37b86ebffff5

@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:9edf24c022c2cd6796e87f49ec6a6ea2fad3e7c939c32a8219aaa4726792457c"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":764,"digest":"sha256:2b2d4fba192ec164e05e6d90399c5cf4a45e4fe2ddebb9066c55aa2bcf0a73d3","annotations":{"tuf.io/filename":"3.test-role.json"}}]}

test/testdata/tuf/test-repo-oci/metadata/test-role/blobs/sha256/84fd82cab3086626411db7936836bca343f3f2cb7a9b41846cbc42d6ff64da98

@@ -1 +1 @@
-{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:2b2d4fba192ec164e05e6d90399c5cf4a45e4fe2ddebb9066c55aa2bcf0a73d3"]},"config":{}}
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:ad7b6cdc3c7c0af0f8f05459471074adb6353ff72e65e2ec2629fafcce1603b1"]},"config":{}}

test/testdata/tuf/test-repo-oci/metadata/test-role/blobs/sha256/ad7b6cdc3c7c0af0f8f05459471074adb6353ff72e65e2ec2629fafcce1603b1

@@ -0,0 +1 @@
+{"signatures":[{"keyid":"76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221","sig":"3065023100c37572d6e0608e0501026d99238ee37d26856d93074227410b0748e56775f8369cf7c44553b73d8a30aa94a388148ca602305b46acbb0e8818657725024a39d02589538845ad9fa0c2b6eb18f431f560096045fd825586dce81688c9574b11b975da"}],"signed":{"_type":"targets","expires":"2034-05-29T20:25:01Z","spec_version":"1.0.31","targets":{"test-role/dir1/dir2/dir3/test.txt":{"hashes":{"sha256":"bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465"},"length":46},"test-role/test.txt":{"hashes":{"sha256":"d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"},"length":32}},"version":2,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}

test/testdata/tuf/test-repo-oci/metadata/test-role/index.json

@@ -5,7 +5,7 @@
       {
          "mediaType": "application/vnd.oci.image.manifest.v1+json",
          "size": 444,
-         "digest": "sha256:7c8d8f5dfca62068e3a4b18bb41cf85dad23ec9cdc7d7d2e10bc37b86ebffff5"
+         "digest": "sha256:6536fc6f6e006b674a97c23b28c01e97153533777a48c3de9ff06a20a200dcbc"
       }
    ]
 }

test/testdata/tuf/test-repo-oci/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml/blobs/sha256/08fcd920e5ff68ff16601b7952c58b05a947e007ebf4cc8898c43b71a375604f

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:518931eb24f93aa58c711c77e59d63171462133141ba9c6f8b6bc99a8daaab4d"},"layers":[{"mediaType":"application/vnd.tuf.target","size":272,"digest":"sha256:baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1","annotations":{"tuf.io/filename":"baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml"}}]}

test/testdata/tuf/test-repo-oci/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml/blobs/sha256/518931eb24f93aa58c711c77e59d63171462133141ba9c6f8b6bc99a8daaab4d

@@ -1 +1 @@
-{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"]},"config":{}}
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1"]},"config":{}}

test/testdata/tuf/test-repo-oci/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml/blobs/sha256/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1

@@ -0,0 +1,12 @@
+version: v1
+kind: policy-mapping
+policies:
+  - origin:
+      domain: docker.io
+      prefix: jonnystoten2/
+    id: jonnystoten2
+    description: jonnystoten2 personal images for testing
+    attestations:
+      style: "referrers"
+    files:
+      - path: jonnystoten2.rego

test/testdata/tuf/test-repo-oci/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml/index.json

@@ -0,0 +1,11 @@
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.oci.image.index.v1+json",
+   "manifests": [
+      {
+         "mediaType": "application/vnd.oci.image.manifest.v1+json",
+         "size": 498,
+         "digest": "sha256:08fcd920e5ff68ff16601b7952c58b05a947e007ebf4cc8898c43b71a375604f"
+      }
+   ]
+}

test/testdata/tuf/test-repo-oci/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml/oci-layout

@@ -0,0 +1,3 @@
+{
+    "imageLayoutVersion": "1.0.0"
+}

test/testdata/tuf/test-repo-oci/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego/blobs/sha256/4f6f31200d0a02278381a1c3c54e4a45e24ce0e36698ad73f5e067cf7b986315

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:b3ed84cbb194e472b365c914d6551e2420167022e156409e10701c0ec9418b10"},"layers":[{"mediaType":"application/vnd.tuf.target","size":5857,"digest":"sha256:bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1","annotations":{"tuf.io/filename":"bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego"}}]}

test/testdata/tuf/test-repo-oci/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego/blobs/sha256/b3ed84cbb194e472b365c914d6551e2420167022e156409e10701c0ec9418b10

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1"]},"config":{}}

test/testdata/tuf/test-repo-oci/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego/blobs/sha256/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1

@@ -0,0 +1,200 @@
+package attest
+
+import rego.v1
+
+split_digest := split(input.digest, ":")
+
+digest_type := split_digest[0]
+
+digest := split_digest[1]
+
+keys := [{
+	"id": "a0c296026645799b2a297913878e81b0aefff2a0c301e97232f717e14402f3e4",
+	"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgH23D1i2+ZIOtVjmfB7iFvX8AhVN\n9CPJ4ie9axw+WRHozGnRy99U2dRge3zueBBg2MweF0zrToXGig2v3YOrdw==\n-----END PUBLIC KEY-----",
+	"from": "2023-12-15T14:00:00Z",
+	"to": null,
+	"status": "active",
+	"signing-format": "dssev1",
+}]
+
+verify_opts := {"keys": keys}
+
+verify_attestation(att) := attest.verify(att, verify_opts)
+
+attestations contains att if {
+	result := attest.fetch("https://slsa.dev/verification_summary/v1")
+	not result.error
+	some att in result.value
+}
+
+signed_statements contains statement if {
+	some att in attestations
+	result := verify_attestation(att)
+	not result.error
+	statement := result.value
+}
+
+statements_with_subject contains statement if {
+	some statement in signed_statements
+	some subject in statement.subject
+	subject.digest[digest_type] == digest
+	valid_subject_name(input.isCanonical, subject.name, input.purl)
+}
+
+id(statement) := crypto.sha256(json.marshal(statement))
+
+subjects contains subject if {
+	some statement in statements_with_subject
+	some subject in statement.subject
+}
+
+global_violations contains v if {
+	count(attestations) == 0
+	v := {
+		"type": "missing_attestation",
+		"description": "No https://slsa.dev/verification_summary/v1 attestation found",
+		"attestation": null,
+		"details": {},
+	}
+}
+
+# we need to key this by statement_id rather than statement because we can't
+# use an object as a key due to a bug(?) in OPA: https://github.com/open-policy-agent/opa/issues/6736
+statement_violations[statement_id] contains v if {
+	some att in attestations
+	result := verify_attestation(att)
+	err := result.error
+	statement := unsafe_statement_from_attestation(att)
+	statement_id := id(statement)
+	v := {
+		"type": "unsigned_statement",
+		"description": sprintf("Statement is not correctly signed: %v", [err]),
+		"attestation": statement,
+		"details": {"error": err},
+	}
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in signed_statements
+	statement_id := id(statement)
+	not statement in statements_with_subject
+	v := {
+		"type": "bad_subjects",
+		"description": "Statement does not have this image as a subject",
+		"attestation": statement,
+		"details": {"input": input},
+	}
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "verificationResult", "PASSED", "wrong_verification_result")
+}
+
+# TODO: add to statement_violations if there are statements that have an incorrect resource_uri
+# this should match the input.purl, but we really only care about the repo name and the digest
+# we need to receive the input.purl as a parsed object so we can compare only the parts we care about
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "verifier.id", "signing-demo-verifier", "wrong_verifier")
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "policy.uri", "https://docker.com/official/policy/v0.1", "wrong_policy_uri")
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := array_field_does_not_contain(statement, "verifiedLevels", "SLSA_BUILD_LEVEL_3", "wrong_verified_levels")
+}
+
+bad_statements contains statement if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	statement_violations[statement_id]
+}
+
+good_statements := statements_with_subject - bad_statements
+
+all_violations contains v if {
+	some v in global_violations
+}
+
+all_violations contains v if {
+	some violations in statement_violations
+	some v in violations
+}
+
+result := {
+	"success": allow,
+	"violations": all_violations,
+	"summary": {
+		"subjects": subjects,
+		"slsa_levels": ["SLSA_BUILD_LEVEL_3"],
+		"verifier": "signing-demo-verifier",
+		"policy_uri": "https://docker.com/official/policy/v0.1",
+	},
+}
+
+default allow := false
+
+allow if {
+	count(good_statements) > 0
+}
+
+# TODO: this should take into account the repo name from the purl
+valid_subject_name(true, name, purl)
+
+valid_subject_name(false, name, purl) if {
+	name == purl
+}
+
+field_value_does_not_equal(statement, field, expected, type) := v if {
+	path := split(field, ".")
+	actual := object.get(statement.predicate, path, null)
+	expected != actual
+	v := is_not_violation(statement, field, expected, actual, type)
+}
+
+array_field_does_not_contain(statement, field, expected, type) := v if {
+	path := split(field, ".")
+	actual := object.get(statement.predicate, path, null)
+	not expected in actual
+	v := not_contains_violation(statement, field, expected, actual, type)
+}
+
+is_not_violation(statement, field, expected, actual, type) := {
+	"type": type,
+	"description": sprintf("%v is not %v", [field, expected]),
+	"attestation": statement,
+	"details": {
+		"field": field,
+		"actual": actual,
+		"expected": expected,
+	},
+}
+
+not_contains_violation(statement, field, expected, actual, type) := {
+	"type": type,
+	"description": sprintf("%v does not contain %v", [field, expected]),
+	"attestation": statement,
+	"details": {
+		"field": field,
+		"actual": actual,
+		"expected": expected,
+	},
+}
+
+# This is unsafe because we're not checking the signature on the attestation,
+# do not call this unless you've already verified the attestation or you need the
+# statement for some other reason
+unsafe_statement_from_attestation(att) := statement if {
+	payload := att.payload
+	statement := json.unmarshal(base64.decode(payload))
+}

test/testdata/tuf/test-repo-oci/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego/index.json

@@ -0,0 +1,11 @@
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.oci.image.index.v1+json",
+   "manifests": [
+      {
+         "mediaType": "application/vnd.oci.image.manifest.v1+json",
+         "size": 504,
+         "digest": "sha256:4f6f31200d0a02278381a1c3c54e4a45e24ce0e36698ad73f5e067cf7b986315"
+      }
+   ]
+}

test/testdata/tuf/test-repo-oci/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego/oci-layout

@@ -0,0 +1,3 @@
+{
+    "imageLayoutVersion": "1.0.0"
+}

test/testdata/tuf/test-repo-oci/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints/blobs/sha256/3367ba9d6820ec214f616be99d8b2e7be302d9eab8d258aed8d723e3dd696664

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:d8be98f75d88fafaf2195e64474570f79d918741cf0e90603304b4035e86200a"},"layers":[{"mediaType":"application/vnd.tuf.target","size":12,"digest":"sha256:bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3","annotations":{"tuf.io/filename":"bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints"}}]}

test/testdata/tuf/test-repo-oci/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints/blobs/sha256/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3

@@ -0,0 +1 @@
+>= v0.1.4-0

test/testdata/tuf/test-repo-oci/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints/blobs/sha256/d8be98f75d88fafaf2195e64474570f79d918741cf0e90603304b4035e86200a

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3"]},"config":{}}

test/testdata/tuf/test-repo-oci/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints/index.json

@@ -0,0 +1,11 @@
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.oci.image.index.v1+json",
+   "manifests": [
+      {
+         "mediaType": "application/vnd.oci.image.manifest.v1+json",
+         "size": 504,
+         "digest": "sha256:3367ba9d6820ec214f616be99d8b2e7be302d9eab8d258aed8d723e3dd696664"
+      }
+   ]
+}

test/testdata/tuf/test-repo-oci/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints/oci-layout

@@ -0,0 +1,3 @@
+{
+    "imageLayoutVersion": "1.0.0"
+}

test/testdata/tuf/test-repo-oci/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego/blobs/sha256/1ec0122bb46783966623e1c099362eaf0bd06d476142d9c9b9c328ecd07f365b

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:9ecff174eabe9768063a2686be1ef45185c5932916e4e108f4f9fde20f6d3f97"},"layers":[{"mediaType":"application/vnd.tuf.target","size":364,"digest":"sha256:e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac","annotations":{"tuf.io/filename":"e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego"}}]}

test/testdata/tuf/test-repo-oci/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego/blobs/sha256/9ecff174eabe9768063a2686be1ef45185c5932916e4e108f4f9fde20f6d3f97

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac"]},"config":{}}

test/testdata/tuf/test-repo-oci/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego/blobs/sha256/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac

@@ -0,0 +1,19 @@
+package attest
+
+import rego.v1
+
+violations contains {
+	"type": "always_fail",
+	"description": "This policy always fails",
+}
+
+result := {
+	"success": false,
+	"violations": violations,
+	"summary": {
+		"subjects": set(),
+		"slsa_levels": ["SLSA_BUILD_LEVEL_3"],
+		"verifier": "docker-official-images",
+		"policy_uri": "https://docker.com/official/policy/v0.1",
+	},
+}

test/testdata/tuf/test-repo-oci/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego/index.json

@@ -0,0 +1,11 @@
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.oci.image.index.v1+json",
+   "manifests": [
+      {
+         "mediaType": "application/vnd.oci.image.manifest.v1+json",
+         "size": 502,
+         "digest": "sha256:1ec0122bb46783966623e1c099362eaf0bd06d476142d9c9b9c328ecd07f365b"
+      }
+   ]
+}

test/testdata/tuf/test-repo-oci/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego/oci-layout

@@ -0,0 +1,3 @@
+{
+    "imageLayoutVersion": "1.0.0"
+}

test/testdata/tuf/test-repo-oci/targets/test-role/blobs/sha256/0d097261f1f5e01d310d34d8da4343ffa574fb44cb5010a0bca5a50568cda7aa

@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:1691cdc848fa42fceb9f97f195c4e2372fba2cbe2984801f5296d26032d822b0"},"layers":[{"mediaType":"application/vnd.tuf.target","size":46,"digest":"sha256:bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465","annotations":{"tuf.io/filename":"bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465.test.txt"}}]}

test/testdata/tuf/test-repo-oci/targets/test-role/blobs/sha256/1691cdc848fa42fceb9f97f195c4e2372fba2cbe2984801f5296d26032d822b0

@@ -0,0 +1 @@
+{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465"]},"config":{}}

test/testdata/tuf/test-repo-oci/targets/test-role/blobs/sha256/8d320e9d3f3663613df6e4fca1651604a6c0323011023145a140b38f02105b04

@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:0b6b8fdb10421310b9aca2f1fb6ce51537baa243fb9fccca03f2ff3c15fb52f8"},"layers":[{"mediaType":"application/vnd.tuf.target","size":10,"digest":"sha256:ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1","annotations":{"tuf.io/filename":"ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1.myfile.txt"}}]}

test/testdata/tuf/test-repo-oci/targets/test-role/blobs/sha256/bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465

@@ -0,0 +1 @@
+this is a deeply nested delegated targets file

test/testdata/tuf/test-repo-oci/targets/test-role/blobs/sha256/ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1

@@ -1 +0,0 @@
-hello tuf

test/testdata/tuf/test-repo-oci/targets/test-role/index.json

@@ -1 +1 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":495,"digest":"sha256:8d320e9d3f3663613df6e4fca1651604a6c0323011023145a140b38f02105b04","annotations":{"tuf.io/filename":"test-role/dir1/dir2/dir3/ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1.myfile.txt"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":493,"digest":"sha256:0a4afcdad291941327b070ab4feaf052425fbf4ded864bc55c18cfefec8be6e2","annotations":{"tuf.io/filename":"test-role/d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2.test.txt"}}]}
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":493,"digest":"sha256:0d097261f1f5e01d310d34d8da4343ffa574fb44cb5010a0bca5a50568cda7aa","annotations":{"tuf.io/filename":"test-role/dir1/dir2/dir3/bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465.test.txt"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":493,"digest":"sha256:0a4afcdad291941327b070ab4feaf052425fbf4ded864bc55c18cfefec8be6e2","annotations":{"tuf.io/filename":"test-role/d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2.test.txt"}}]}

test/testdata/tuf/test-repo/metadata/1.root.json

@@ -1,42 +1,42 @@
 {
  "signatures": [
   {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": "3064023037bbb03c3472b140572a7d5a2895bd80e74435bbcb7053949731f81b104c6d05a0876590cd6a2e94d7ed619426a2f6fa02303adc8c9006fa5506fdd7ea87d2960074a537ad8bf2459f2863e806b47682cbb2f9b01b7502eaf5437a1a68fdaaeac114"
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": "3065023000f7d0a866576e94eaabc173b9233d4c8fcfa495527088f9022dff5a553f7a457da1015a6d0fc714f84848ec627387360231009fa70b2eebbe15241a2ec9b96a094ebd28661e30b8c3d1eab8d694df2b340bda511c489393630c9a9dacde42c99e9fa1"
   }
  ],
  "signed": {
   "_type": "root",
   "consistent_snapshot": true,
-  "expires": "2034-04-02T17:00:22Z",
+  "expires": "2034-05-29T20:14:11Z",
   "keys": {
-   "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
-    "keytype": "ecdsa",
-    "keyval": {
-     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
-    },
-    "scheme": "ecdsa-sha2-nistp256",
-    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
-   },
-   "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
+   "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221": {
     "keytype": "ecdsa",
     "keyval": {
      "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
     },
     "scheme": "ecdsa-sha2-nistp384",
     "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+   },
+   "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5": {
+    "keytype": "ecdsa",
+    "keyval": {
+     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
+    },
+    "scheme": "ecdsa-sha2-nistp256",
+    "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
    }
   },
   "roles": {
    "root": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "snapshot": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,
@@ -44,13 +44,13 @@
    },
    "targets": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
     ],
     "threshold": 1
    },
    "timestamp": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,

test/testdata/tuf/test-repo/metadata/2.root.json

@@ -1,20 +1,28 @@
 {
  "signatures": [
   {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": "3066023100e99acc5f74777ebf40376b60f0216e8fe1829c1a49a5f6a6899126c15de1df7a56533baf493b2b53159c50843a289102023100b6a006b24da62ea0b743fbe38e1497ff485bf3a0833894985fc27a0305ad0693eeb968a7b52723ed3c49af8bef2027b6"
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": "3065023079fce0ddea385d0e5b6eed0da688946f417d1c1bf6397edaa44279bf948d6de41daf5e0852069900f363175abd95959b023100d2b950cb3f39cc4df8140d2ec3c60d81d2811827fbc61034786cd877586f6ab5f9ba03ad95d7de58e9241917d79687a9"
   },
   {
-   "keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
-   "sig": "30440220136debcc2f60dd1d63c9c2704f9b13c2cb2f5d2df58ea93f07f7c10f54f36742022059d7f8c6620e33506c6f1766394a32f86c9b008328f6398831ba7ebcf4ce0838"
+   "keyid": "beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72",
+   "sig": ""
   }
  ],
  "signed": {
   "_type": "root",
   "consistent_snapshot": true,
-  "expires": "2034-04-03T08:45:50Z",
+  "expires": "2034-06-12T17:21:13Z",
   "keys": {
-   "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
+   "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221": {
+    "keytype": "ecdsa",
+    "keyval": {
+     "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
+    },
+    "scheme": "ecdsa-sha2-nistp384",
+    "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+   },
+   "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5": {
     "keytype": "ecdsa",
     "keyval": {
      "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
@@ -22,34 +30,26 @@
     "scheme": "ecdsa-sha2-nistp256",
     "x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
    },
-   "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664": {
+   "beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72": {
     "keytype": "ecdsa",
     "keyval": {
-     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"
+     "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEERet/8hs3WHIXyOXNzhLpTOz6DBx\n7zzHnenJgV/TB0dRMAx6j9UVRvlEkh5OcYuktNeqnLpHce1rLjLjpiRPVg==\n-----END PUBLIC KEY-----\n"
     },
     "scheme": "ecdsa-sha2-nistp256",
-    "x-tuf-on-ci-keyowner": "@kipz"
-   },
-   "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
-    "keytype": "ecdsa",
-    "keyval": {
-     "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
-    },
-    "scheme": "ecdsa-sha2-nistp384",
-    "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+    "x-tuf-on-ci-keyowner": "@jonnystoten"
    }
   },
   "roles": {
    "root": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-     "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+     "beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72"
     ],
     "threshold": 1
    },
    "snapshot": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,
@@ -57,14 +57,14 @@
    },
    "targets": {
     "keyids": [
-     "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-     "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
+     "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+     "beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72"
     ],
     "threshold": 1
    },
    "timestamp": {
     "keyids": [
-     "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
+     "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5"
     ],
     "threshold": 1,
     "x-tuf-on-ci-expiry-period": 3650,

test/testdata/tuf/test-repo/metadata/2.test-role.json

@@ -0,0 +1,30 @@
+{
+ "signatures": [
+  {
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": "3065023100c37572d6e0608e0501026d99238ee37d26856d93074227410b0748e56775f8369cf7c44553b73d8a30aa94a388148ca602305b46acbb0e8818657725024a39d02589538845ad9fa0c2b6eb18f431f560096045fd825586dce81688c9574b11b975da"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "expires": "2034-05-29T20:25:01Z",
+  "spec_version": "1.0.31",
+  "targets": {
+   "test-role/dir1/dir2/dir3/test.txt": {
+    "hashes": {
+     "sha256": "bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465"
+    },
+    "length": 46
+   },
+   "test-role/test.txt": {
+    "hashes": {
+     "sha256": "d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"
+    },
+    "length": 32
+   }
+  },
+  "version": 2,
+  "x-tuf-on-ci-expiry-period": 3650,
+  "x-tuf-on-ci-signing-period": 60
+ }
+}

test/testdata/tuf/test-repo/metadata/3.test-role.json

@@ -1,34 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": ""
-  },
-  {
-   "keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
-   "sig": "3044022015b6ebe9d30895e3be20e707a6738e38460197d90cae3dc37527ddb7c437868602207f85f3d4e068bef4c51a749f5d166cc7fe2cb9483999ea197e72395081c3aa61"
-  }
- ],
- "signed": {
-  "_type": "targets",
-  "expires": "2034-04-03T15:39:02Z",
-  "spec_version": "1.0.31",
-  "targets": {
-   "test-role/dir1/dir2/dir3/myfile.txt": {
-    "hashes": {
-     "sha256": "ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"
-    },
-    "length": 10
-   },
-   "test-role/test.txt": {
-    "hashes": {
-     "sha256": "d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"
-    },
-    "length": 32
-   }
-  },
-  "version": 3,
-  "x-tuf-on-ci-expiry-period": 3650,
-  "x-tuf-on-ci-signing-period": 60
- }
-}

test/testdata/tuf/test-repo/metadata/5.targets.json

@@ -1,65 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-   "sig": ""
-  },
-  {
-   "keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
-   "sig": "3046022100f892a496c9bd96082e3b06d5eae85429355876b8eb455aa04b53ab9051911d90022100a3e89c29b15bccfc2877278c0fb2d3b34500da6351e245ad0b3f8c0ae6b67eff"
-  }
- ],
- "signed": {
-  "_type": "targets",
-  "delegations": {
-   "keys": {
-    "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664": {
-     "keytype": "ecdsa",
-     "keyval": {
-      "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"
-     },
-     "scheme": "ecdsa-sha2-nistp256",
-     "x-tuf-on-ci-keyowner": "@kipz"
-    },
-    "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
-     "keytype": "ecdsa",
-     "keyval": {
-      "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
-     },
-     "scheme": "ecdsa-sha2-nistp384",
-     "x-tuf-on-ci-keyowner": "@mrjoelkamp"
-    }
-   },
-   "roles": [
-    {
-     "keyids": [
-      "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
-      "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
-     ],
-     "name": "test-role",
-     "paths": [
-      "test-role/*",
-      "test-role/*/*",
-      "test-role/*/*/*",
-      "test-role/*/*/*/*"
-     ],
-     "terminating": true,
-     "threshold": 1
-    }
-   ]
-  },
-  "expires": "2034-04-03T15:28:29Z",
-  "spec_version": "1.0.31",
-  "targets": {
-   "test.txt": {
-    "hashes": {
-     "sha256": "02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"
-    },
-    "length": 31
-   }
-  },
-  "version": 5,
-  "x-tuf-on-ci-expiry-period": 3650,
-  "x-tuf-on-ci-signing-period": 60
- }
-}

test/testdata/tuf/test-repo/metadata/6.snapshot.json

@@ -1,22 +0,0 @@
-{
- "signatures": [
-  {
-   "keyid": "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3",
-   "sig": "3044022039b56cd2e3597df74e57d200a652ba020cdc9a8cd050bd65b5f8e2640d50691d02205e073e4b6fc260acc64327a331e4440601af5b1cbff594ea91cf7b70d5828fb1"
-  }
- ],
- "signed": {
-  "_type": "snapshot",
-  "expires": "2034-04-03T15:59:47Z",
-  "meta": {
-   "targets.json": {
-    "version": 5
-   },
-   "test-role.json": {
-    "version": 3
-   }
-  },
-  "spec_version": "1.0.31",
-  "version": 6
- }
-}

test/testdata/tuf/test-repo/metadata/7.snapshot.json

@@ -0,0 +1,22 @@
+{
+ "signatures": [
+  {
+   "keyid": "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5",
+   "sig": "3045022018e31a2e743b21054939262706520be10375829fb93dec7f3042e48ed8eb9cec0221008c2765ee9e49d49c12a6b9a5124c984d414b8d86452cdbcc2fc2f2ca10a11e67"
+  }
+ ],
+ "signed": {
+  "_type": "snapshot",
+  "expires": "2034-06-23T12:47:16Z",
+  "meta": {
+   "targets.json": {
+    "version": 8
+   },
+   "test-role.json": {
+    "version": 2
+   }
+  },
+  "spec_version": "1.0.31",
+  "version": 7
+ }
+}

test/testdata/tuf/test-repo/metadata/8.targets.json

@@ -0,0 +1,80 @@
+{
+ "signatures": [
+  {
+   "keyid": "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221",
+   "sig": ""
+  },
+  {
+   "keyid": "beac53949c4cf075824edede7d41715941f524db247d1b455a2389d7490ecd72",
+   "sig": "304602210086552ad4ffddd7e60f2b80d095b4dfad9d2836cfce5d6b12dfb2aec0786240df02210097807190a1f64c615798b74068e8c9f19a29f495566bc1f16d296c7edd9343b3"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "delegations": {
+   "keys": {
+    "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221": {
+     "keytype": "ecdsa",
+     "keyval": {
+      "public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
+     },
+     "scheme": "ecdsa-sha2-nistp384",
+     "x-tuf-on-ci-keyowner": "@mrjoelkamp"
+    }
+   },
+   "roles": [
+    {
+     "keyids": [
+      "76d0a7e1ff8617ce99627d0fa5c9809f2c0f0d52e0bf65c7b84c031608d25221"
+     ],
+     "name": "test-role",
+     "paths": [
+      "test-role/*",
+      "test-role/*/*",
+      "test-role/*/*/*",
+      "test-role/*/*/*/*"
+     ],
+     "terminating": true,
+     "threshold": 1
+    }
+   ]
+  },
+  "expires": "2034-06-23T12:42:15Z",
+  "spec_version": "1.0.31",
+  "targets": {
+   "always-fail.rego": {
+    "hashes": {
+     "sha256": "e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac"
+    },
+    "length": 364
+   },
+   "jonnystoten2.rego": {
+    "hashes": {
+     "sha256": "bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1"
+    },
+    "length": 5857
+   },
+   "mapping.yaml": {
+    "hashes": {
+     "sha256": "baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1"
+    },
+    "length": 272
+   },
+   "test.txt": {
+    "hashes": {
+     "sha256": "02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"
+    },
+    "length": 31
+   },
+   "version-constraints": {
+    "hashes": {
+     "sha256": "bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3"
+    },
+    "length": 12
+   }
+  },
+  "version": 8,
+  "x-tuf-on-ci-expiry-period": 3650,
+  "x-tuf-on-ci-signing-period": 60
+ }
+}

test/testdata/tuf/test-repo/metadata/timestamp.json

@@ -1,19 +1,19 @@
 {
  "signatures": [
   {
-   "keyid": "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3",
-   "sig": "3045022011f2afa9b448fcbbac983c11fc3e264e95d5d7a9c9527b09d83a316ee762635f022100d05197a78ccc7a713ebdb0bccb44844f67a7c5208af8d346e201064b7ce11055"
+   "keyid": "bdd1703ecbde8812614b112a6551d58de3ad681048fd90fca2a3e491edd8afe5",
+   "sig": "304502204019c08b30b7525b95c4010e5c1420c5618c18d5b0719fb1d9392ef93322ca4e022100924ec18242ba21edcc2c7ad92ee13a38a6f4a8e1315c588eb9eb2d0bce0a1a80"
   }
  ],
  "signed": {
   "_type": "timestamp",
-  "expires": "2034-04-03T15:59:47Z",
+  "expires": "2034-06-23T12:47:16Z",
   "meta": {
    "snapshot.json": {
-    "version": 6
+    "version": 7
    }
   },
   "spec_version": "1.0.31",
-  "version": 6
+  "version": 7
  }
 }

test/testdata/tuf/test-repo/targets/baad1a9d61afa5d6f8717f576b57b9749e5549da4b826746fd73a5a914ac5be1.mapping.yaml

@@ -0,0 +1,12 @@
+version: v1
+kind: policy-mapping
+policies:
+  - origin:
+      domain: docker.io
+      prefix: jonnystoten2/
+    id: jonnystoten2
+    description: jonnystoten2 personal images for testing
+    attestations:
+      style: "referrers"
+    files:
+      - path: jonnystoten2.rego

test/testdata/tuf/test-repo/targets/bc46e8c31646f166a9efbd14fef154dd84cf07efc95c96be3a201c84470dcbc1.jonnystoten2.rego

@@ -0,0 +1,200 @@
+package attest
+
+import rego.v1
+
+split_digest := split(input.digest, ":")
+
+digest_type := split_digest[0]
+
+digest := split_digest[1]
+
+keys := [{
+	"id": "a0c296026645799b2a297913878e81b0aefff2a0c301e97232f717e14402f3e4",
+	"key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgH23D1i2+ZIOtVjmfB7iFvX8AhVN\n9CPJ4ie9axw+WRHozGnRy99U2dRge3zueBBg2MweF0zrToXGig2v3YOrdw==\n-----END PUBLIC KEY-----",
+	"from": "2023-12-15T14:00:00Z",
+	"to": null,
+	"status": "active",
+	"signing-format": "dssev1",
+}]
+
+verify_opts := {"keys": keys}
+
+verify_attestation(att) := attest.verify(att, verify_opts)
+
+attestations contains att if {
+	result := attest.fetch("https://slsa.dev/verification_summary/v1")
+	not result.error
+	some att in result.value
+}
+
+signed_statements contains statement if {
+	some att in attestations
+	result := verify_attestation(att)
+	not result.error
+	statement := result.value
+}
+
+statements_with_subject contains statement if {
+	some statement in signed_statements
+	some subject in statement.subject
+	subject.digest[digest_type] == digest
+	valid_subject_name(input.isCanonical, subject.name, input.purl)
+}
+
+id(statement) := crypto.sha256(json.marshal(statement))
+
+subjects contains subject if {
+	some statement in statements_with_subject
+	some subject in statement.subject
+}
+
+global_violations contains v if {
+	count(attestations) == 0
+	v := {
+		"type": "missing_attestation",
+		"description": "No https://slsa.dev/verification_summary/v1 attestation found",
+		"attestation": null,
+		"details": {},
+	}
+}
+
+# we need to key this by statement_id rather than statement because we can't
+# use an object as a key due to a bug(?) in OPA: https://github.com/open-policy-agent/opa/issues/6736
+statement_violations[statement_id] contains v if {
+	some att in attestations
+	result := verify_attestation(att)
+	err := result.error
+	statement := unsafe_statement_from_attestation(att)
+	statement_id := id(statement)
+	v := {
+		"type": "unsigned_statement",
+		"description": sprintf("Statement is not correctly signed: %v", [err]),
+		"attestation": statement,
+		"details": {"error": err},
+	}
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in signed_statements
+	statement_id := id(statement)
+	not statement in statements_with_subject
+	v := {
+		"type": "bad_subjects",
+		"description": "Statement does not have this image as a subject",
+		"attestation": statement,
+		"details": {"input": input},
+	}
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "verificationResult", "PASSED", "wrong_verification_result")
+}
+
+# TODO: add to statement_violations if there are statements that have an incorrect resource_uri
+# this should match the input.purl, but we really only care about the repo name and the digest
+# we need to receive the input.purl as a parsed object so we can compare only the parts we care about
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "verifier.id", "signing-demo-verifier", "wrong_verifier")
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := field_value_does_not_equal(statement, "policy.uri", "https://docker.com/official/policy/v0.1", "wrong_policy_uri")
+}
+
+statement_violations[statement_id] contains v if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	v := array_field_does_not_contain(statement, "verifiedLevels", "SLSA_BUILD_LEVEL_3", "wrong_verified_levels")
+}
+
+bad_statements contains statement if {
+	some statement in statements_with_subject
+	statement_id := id(statement)
+	statement_violations[statement_id]
+}
+
+good_statements := statements_with_subject - bad_statements
+
+all_violations contains v if {
+	some v in global_violations
+}
+
+all_violations contains v if {
+	some violations in statement_violations
+	some v in violations
+}
+
+result := {
+	"success": allow,
+	"violations": all_violations,
+	"summary": {
+		"subjects": subjects,
+		"slsa_levels": ["SLSA_BUILD_LEVEL_3"],
+		"verifier": "signing-demo-verifier",
+		"policy_uri": "https://docker.com/official/policy/v0.1",
+	},
+}
+
+default allow := false
+
+allow if {
+	count(good_statements) > 0
+}
+
+# TODO: this should take into account the repo name from the purl
+valid_subject_name(true, name, purl)
+
+valid_subject_name(false, name, purl) if {
+	name == purl
+}
+
+field_value_does_not_equal(statement, field, expected, type) := v if {
+	path := split(field, ".")
+	actual := object.get(statement.predicate, path, null)
+	expected != actual
+	v := is_not_violation(statement, field, expected, actual, type)
+}
+
+array_field_does_not_contain(statement, field, expected, type) := v if {
+	path := split(field, ".")
+	actual := object.get(statement.predicate, path, null)
+	not expected in actual
+	v := not_contains_violation(statement, field, expected, actual, type)
+}
+
+is_not_violation(statement, field, expected, actual, type) := {
+	"type": type,
+	"description": sprintf("%v is not %v", [field, expected]),
+	"attestation": statement,
+	"details": {
+		"field": field,
+		"actual": actual,
+		"expected": expected,
+	},
+}
+
+not_contains_violation(statement, field, expected, actual, type) := {
+	"type": type,
+	"description": sprintf("%v does not contain %v", [field, expected]),
+	"attestation": statement,
+	"details": {
+		"field": field,
+		"actual": actual,
+		"expected": expected,
+	},
+}
+
+# This is unsafe because we're not checking the signature on the attestation,
+# do not call this unless you've already verified the attestation or you need the
+# statement for some other reason
+unsafe_statement_from_attestation(att) := statement if {
+	payload := att.payload
+	statement := json.unmarshal(base64.decode(payload))
+}

test/testdata/tuf/test-repo/targets/bd6394a08afc1edfe5512fc14e63025a337e25ca0013c1068ec879742fc3a3c3.version-constraints

@@ -0,0 +1 @@
+>= v0.1.4-0

test/testdata/tuf/test-repo/targets/e8a5b75ac27a28056d2155ff63acc1ffd76c30ed8558011c54708f4832f073ac.always-fail.rego

@@ -0,0 +1,19 @@
+package attest
+
+import rego.v1
+
+violations contains {
+	"type": "always_fail",
+	"description": "This policy always fails",
+}
+
+result := {
+	"success": false,
+	"violations": violations,
+	"summary": {
+		"subjects": set(),
+		"slsa_levels": ["SLSA_BUILD_LEVEL_3"],
+		"verifier": "docker-official-images",
+		"policy_uri": "https://docker.com/official/policy/v0.1",
+	},
+}

test/testdata/tuf/test-repo/targets/test-role/dir1/dir2/dir3/bb8fcf06f6c067dcbcb394d7d9ced788316fc02b715fe679097281108a4bd465.test.txt

@@ -0,0 +1 @@
+this is a deeply nested delegated targets file

test/testdata/tuf/test-repo/targets/test-role/dir1/dir2/dir3/ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1.myfile.txt

@@ -1 +0,0 @@
-hello tuf