I have an image that verifies with the cosign cli, but not with this crate. It turns out that the image signature has a newline in it. For example.
SignatureLayer { simple_signing: SimpleSigning { critical: Critical { identity: Identity { docker_reference: "<IMAGE_NAME>" }, image: Image { docker_manifest_digest: "<IMAGE_DIGEST>" }, type_name: "cosign container image signature" }, optional: None }, oci_digest: "<OCI_DIGEST>", certificate_signature: None, bundle: None, signature: Some("MEUCIQDc8DHhEwX/CCESLh
5RGT+RpA93/Quj9/fi9QpdbZNZPgIgHmhY2+hQLMPQ\npGQbgJr5OqSFOVi3z59+c+wiHNXR2jA=\n"), raw_data: [123, 34, ...] }
I'm not sure exactly where these newlines are coming from (although I have some guesses), but if I strip out the newlines before verifying the image, things work fine. Would it be appropriate to add this logic to the crate itself?
I have an image that verifies with the cosign cli, but not with this crate. It turns out that the image signature has a newline in it. For example.
I'm not sure exactly where these newlines are coming from (although I have some guesses), but if I strip out the newlines before verifying the image, things work fine. Would it be appropriate to add this logic to the crate itself?