diff --git a/crates/aqua-registry/src/types.rs b/crates/aqua-registry/src/types.rs index fcc74567b8..9b76dc6237 100644 --- a/crates/aqua-registry/src/types.rs +++ b/crates/aqua-registry/src/types.rs @@ -113,7 +113,6 @@ pub struct AquaCosignSignature { #[derive(Debug, Deserialize, Clone)] pub struct AquaCosign { pub enabled: Option, - pub experimental: Option, pub signature: Option, pub key: Option, pub certificate: Option, @@ -684,9 +683,6 @@ impl AquaCosign { if let Some(enabled) = other.enabled { self.enabled = Some(enabled); } - if let Some(experimental) = other.experimental { - self.experimental = Some(experimental); - } if let Some(signature) = other.signature.clone() { if self.signature.is_none() { self.signature = Some(signature.clone()); diff --git a/src/backend/aqua.rs b/src/backend/aqua.rs index 9bb0ba0630..c87b61b09b 100644 --- a/src/backend/aqua.rs +++ b/src/backend/aqua.rs @@ -812,32 +812,6 @@ impl AquaBackend { } } } - } else if cosign.experimental == Some(true) { - // Keyless verification with experimental mode - // This would need to download the signature/bundle from a default location - let sig_or_bundle_path = checksum_path.with_extension("bundle"); - if sig_or_bundle_path.exists() { - match sigstore_verification::verify_cosign_signature( - checksum_path, - &sig_or_bundle_path, - ) - .await - { - Ok(true) => { - ctx.pr.set_message( - "✓ Cosign keyless verification successful".to_string(), - ); - debug!("Cosign keyless verification successful for {tv}"); - } - Ok(false) => { - return Err(eyre!("Cosign keyless verification failed for {tv}")); - } - Err(e) => { - // If keyless fails, it might not have the bundle, which is OK - debug!("Cosign keyless verification not available for {tv}: {e}"); - } - } - } } } Ok(())