fix(aqua): support cosign public-key bundles#9972
Conversation
Greptile SummaryThis PR fixes aqua cosign verification for packages like
Confidence Score: 4/5Safe to merge for the intended use case; the new local-verification path is isolated and well-guarded by the VerificationMaterialContent::PublicKey check. The new verify_public_key_bundle function introduces hand-rolled crypto verification logic in a security-sensitive path. The MessageSignature arm correctly binds the artifact, but the DsseEnvelope arm and require_inclusion_proof strictness have open questions from prior review rounds not yet resolved. crates/mise-sigstore/src/lib.rs — the new verify_public_key_bundle function, particularly the DsseEnvelope arm and the validate_bundle_with_options call. Important Files Changed
Reviews (2): Last reviewed commit: "fix(aqua): support cosign public-key bun..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
jdx
force-pushed
the
codex/fix-aqua-cosign-public-key-bundles
branch
from
b55fda6 to
e9aefc4
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds native Sigstore verification for public key bundles by introducing the verify_public_key_bundle function in the mise-sigstore crate and updating the Aqua backend to handle public key downloads. The implementation supports both message signatures and DSSE envelopes. Reviewer feedback suggests making the inclusion proof requirement conditional based on the bundle content and improving the CLI option parsing to support the --flag=value format.
I am having trouble creating individual review comments. Click here to see my feedback.
crates/mise-sigstore/src/lib.rs (458)
Hardcoding require_inclusion_proof: true might be too restrictive for some valid Sigstore bundles that do not include transparency log entries (e.g., those created with --tlog=false). To maintain consistency with the keyless verification path in verify_bundle, consider checking if the bundle actually contains an inclusion proof before requiring it.
require_inclusion_proof: bundle.has_inclusion_proof(),src/backend/aqua.rs (2528-2532)
The current implementation of cosign_opt_value only handles flags and values as separate elements in the options list (e.g., ["--key", "val"]). It will fail to find options provided in the --flag=value format (e.g., ["--key=val"]), which is also common in CLI usage. Consider updating the helper to support both formats for better compatibility with various aqua registry configurations.
fn cosign_opt_value<'a>(opts: &'a [String], flag: &str) -> Option<&'a str> {
opts.iter()
.find_map(|opt| opt.strip_prefix(flag)?.strip_prefix('='))
.or_else(|| {
opts.windows(2)
.find(|pair| pair[0] == flag)
.map(|pair| pair[1].as_str())
})
}
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.5.11 x -- echo |
21.7 ± 0.8 | 19.5 | 25.6 | 1.00 |
mise x -- echo |
22.1 ± 1.0 | 20.2 | 27.7 | 1.02 ± 0.06 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.5.11 env |
21.1 ± 0.7 | 19.7 | 23.6 | 1.00 |
mise env |
21.2 ± 0.8 | 19.7 | 25.5 | 1.01 ± 0.05 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.5.11 hook-env |
22.2 ± 0.7 | 20.8 | 26.3 | 1.00 |
mise hook-env |
22.4 ± 0.7 | 20.9 | 25.0 | 1.01 ± 0.05 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.5.11 ls |
17.9 ± 0.7 | 16.2 | 21.1 | 1.00 |
mise ls |
18.4 ± 0.7 | 16.8 | 21.0 | 1.03 ± 0.06 |
xtasks/test/perf
| Command | mise-2026.5.11 | mise | Variance |
|---|---|---|---|
| install (cached) | 140ms | 142ms | -1% |
| ls (cached) | 64ms | 65ms | -1% |
| bin-paths (cached) | 67ms | 67ms | +0% |
| task-ls (cached) | 130ms | 130ms | +0% |
### 🚀 Features - **(cli)** rename before flag to minimum release age by @risu729 in [#9768](#9768) - **(core)** deprecate default package files by @jdx in [#9970](#9970) - **(edit)** add --global flag for editing the global config file by @fru1tworld in [#9953](#9953) ### 🐛 Bug Fixes - **(aqua)** support cosign public-key bundles by @jdx in [#9972](#9972) - **(backend)** pass install_env to postinstall by @risu729 in [#9930](#9930) - **(backend)** apply install_env to install commands by @risu729 in [#9929](#9929) - **(cargo)** skip binstall for cargo install options by @risu729 in [#9928](#9928) - **(config)** restore MISE_ENV_FILE setting by @risu729 in [#9903](#9903) ### 🚜 Refactor - **(cli)** use tool wording in version env help by @risu729 in [#9906](#9906) - **(conda)** parse tool options locally by @risu729 in [#9960](#9960) - **(core)** parse plugin tool options locally by @risu729 in [#9963](#9963) - **(go)** parse tool options locally by @risu729 in [#9961](#9961) - **(http)** parse tool options locally by @risu729 in [#9870](#9870) ### 📦️ Dependency Updates - lock file maintenance by @renovate[bot] in [#9954](#9954) - lock file maintenance by @renovate[bot] in [#9957](#9957) ### 📦 Registry - use aqua backend for qsv by @risu729 in [#9910](#9910) ### Ci - build/publish snap package for arm64 by @jnsgruk in [#9948](#9948) ### New Contributors - @jnsgruk made their first contribution in [#9948](#9948) ## 📦 Aqua Registry Updates ### New Packages (2) - [`AOMediaCodec/libavif`](https://github.com/AOMediaCodec/libavif) - [`julian7/redact`](https://github.com/julian7/redact) ### Updated Packages (1) - [`apache/jena`](https://github.com/apache/jena)
1 participant
Summary
cosign.optssigstore-verifypublic-key pathaqua:stackrox/kube-linter@0.8.3to the aqua cosign e2e coverageRoot Cause
stackrox/kube-linter@0.8.3declares a Sigstore bundle plus a long-lived cosign public key. mise downloaded the bundle but treated it as keyless because the key lives in aquaopts, thensigstore-verify 0.7.0rejectedverificationMaterial.publicKeywithpublic key verification not yet supported.Validation
cargo check -p mise-sigstorecargo build./target/debug/mise install aqua:stackrox/kube-linter@0.8.3with clean tempMISE_*dirs./target/debug/mise run test:e2e e2e/backend/test_aqua_cosignNote
Medium Risk
Changes signature verification paths for Aqua cosign bundles by adding a new local verification flow for
verificationMaterial.publicKey, which could cause false accept/reject if bundle parsing or signature checks are incorrect.Overview
Adds support for Aqua cosign bundle configurations that supply a public key via
cosign.opts --key, downloading that key and usingverify_cosign_signature_with_keywhen verifying bundles.Updates
mise-sigstoreto locally verify Sigstore bundles whoseverificationMaterialis a public key (including message-signature and DSSE forms) instead of routing them throughsigstore-verify’s unsupported public-key bundle path.Extends the Aqua cosign E2E test to cover a real public-key bundle case (
aqua:stackrox/kube-linter@0.8.3).Reviewed by Cursor Bugbot for commit e9aefc4. Bugbot is set up for automated code reviews on this repo. Configure here.