cosign sign --payload hardcodes layer MIME to application/vnd.dev.cosign.simplesigning.v1+json #4300
Description
Description
When using cosign sign --payload you are free to provide any payload you want. This is officially documented in https://docs.sigstore.dev/cosign/signing/signing_with_containers/#sign-and-upload-a-generated-payload-in-another-format-from-another-tool
$ cosign sign --key cosign.key --payload=statement.json $IMAGE
(I'm using cosign sign to sign arbitrary in-toto statements while #4019 is being discussed)
At the moment, when doing this, even if you sign a README.md as per the example, the OCI layer MIME type is hardcoded to application/vnd.dev.cosign.simplesigning.v1+json which is not technically correct. This can be worked around by ignoring the mime type in implementations that have to read the layer, but it would be nice if the MIME was truthful.
Additionally, because the MIME is incorrect, cosign verify fails in cryptic ways since it tries to parse the payload as a SimpleSigning JSON object. Here's an example:
$ cosign verify --key=cosign.pub $IMAGE
Error: no matching signatures: invalid or missing digest in claim:
error during command execution: no matching signatures: invalid or missing digest in claim:
Obviously guessing the mime type, especially if it's JSON is not possible, so my suggestion would be to provide a --payload-type flag to allow setting the type (and falling back to application/vnd.dev.cosign.simplesigning.v1+json if not provided, so nobody is broken by this, at least initially.
Cheers
Version
$ cosign version
______ ______ _______. __ _______ .__ __.
/ | / __ \ / || | / _____|| \ | |
| ,----'| | | | | (----`| | | | __ | \| |
| | | | | | \ \ | | | | |_ | | . ` |
| `----.| `--' | .----) | | | | |__| | | |\ |
\______| \______/ |_______/ |__| \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.
GitVersion: v2.5.0
GitCommit: unknown
GitTreeState: clean
BuildDate: unknown
GoVersion: go1.24.3
Compiler: gc
Platform: linux/amd64