Tried verifying a model and signed signature using the Model Validation Operator with my own Sigstore stack (custom Fulcio, Rekor, and Keycloak OIDC provider).
-
I have signed the model using model-signing CLI passing --trust_config=trust-config.json (which contains the details of Fulcio, Rekor, CTlogs and OIDC Provider)
Cmd Used: model_signing sign sigstore model --trust_config <trust-config.json> --client_id --client_secret "secret"
-
To access the signed model and model signature, uploaded both to a PVC and tried verifying using Model Validation Operator Webhook.
-
Verification by the Model Validation Operator Webhook fails
Error:
Key </hash value> failed to verify root
Key </hash value> failed to verify targets
I couldn't find a way to provide a trust_config or root of trust to the Model Validator Operator.
Currently Operator (apiVersion: ml.sigstore.dev/v1alpha1, kind: ModelValidation) allows only
sigstoreConfig:
certificateIdentity:
certificateOidcIssuer:
Is there a solution to pass this root of trust to the operator?
Tried verifying a model and signed signature using the Model Validation Operator with my own Sigstore stack (custom Fulcio, Rekor, and Keycloak OIDC provider).
I have signed the model using model-signing CLI passing --trust_config=trust-config.json (which contains the details of Fulcio, Rekor, CTlogs and OIDC Provider)
Cmd Used: model_signing sign sigstore model --trust_config <trust-config.json> --client_id --client_secret "secret"
To access the signed model and model signature, uploaded both to a PVC and tried verifying using Model Validation Operator Webhook.
Verification by the Model Validation Operator Webhook fails
Error:
Key </hash value> failed to verify root
Key </hash value> failed to verify targets
I couldn't find a way to provide a trust_config or root of trust to the Model Validator Operator.
Currently Operator (apiVersion: ml.sigstore.dev/v1alpha1, kind: ModelValidation) allows only
sigstoreConfig:
certificateIdentity:
certificateOidcIssuer:
Is there a solution to pass this root of trust to the operator?