feat!(sign): add package sign command (#4301)

Signed-off-by: Brandt Keller <brandt.keller@defenseunicorns.com>

Author: brandtkeller

site/src/content/docs/commands/zarf_package.md

@@ -41,4 +41,5 @@ Zarf package commands for creating, deploying, and inspecting packages
 * [zarf package publish](/commands/zarf_package_publish/)	 - Publishes a Zarf package to a remote registry
 * [zarf package pull](/commands/zarf_package_pull/)	 - Pulls a Zarf package from a remote registry and save to the local file system
 * [zarf package remove](/commands/zarf_package_remove/)	 - Removes a Zarf package that has been deployed already (runs offline)
+* [zarf package sign](/commands/zarf_package_sign/)	 - Signs an existing Zarf package
 

site/src/content/docs/commands/zarf_package_sign.md

@@ -0,0 +1,72 @@
+---
+title: zarf package sign
+description: Zarf CLI command reference for <code>zarf package sign</code>.
+tableOfContents: false
+---
+
+<!-- Page generated by Zarf; DO NOT EDIT -->
+
+## zarf package sign
+
+Signs an existing Zarf package
+
+### Synopsis
+
+Signs an existing Zarf package with a private key. The package can be a local tarball or pulled from an OCI registry. The signature is created by signing the zarf.yaml file and does not modify the package checksums.
+
+```
+zarf package sign PACKAGE_SOURCE [flags]
+```
+
+### Examples
+
+```
+
+# Sign an unsigned package
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./private-key.pem
+
+# Re-sign with a new key (overwrite existing signature)
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./new-key.pem --overwrite
+
+# Sign a package from an OCI registry and output to local directory
+$ zarf package sign oci://ghcr.io/my-org/my-package:1.0.0 --signing-key ./private-key.pem --output ./signed/
+
+# Sign a package and publish directly to OCI registry
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./private-key.pem --output oci://ghcr.io/my-org/signed-packages
+
+# Sign with a cloud KMS key
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key awskms://alias/my-signing-key
+
+```
+
+### Options
+
+```
+  -h, --help                      help for sign
+  -k, --key string                Public key to verify the existing signature before re-signing (optional)
+      --oci-concurrency int       Number of concurrent layer operations when pulling or pushing images or packages to/from OCI registries. (default 6)
+  -o, --output string             Output destination for the signed package. Can be a local directory or an OCI registry URL (oci://). Default: same directory as source package for files, current directory for OCI sources
+      --overwrite                 Overwrite an existing signature if the package is already signed
+      --retries int               Number of retries to perform for Zarf operations like git/image pushes (default 3)
+      --signing-key string        Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider (awskms://, gcpkms://, azurekms://, hashivault://)
+      --signing-key-pass string   Password for encrypted private key
+```
+
+### Options inherited from parent commands
+
+```
+  -a, --architecture string        Architecture for OCI images and Zarf packages
+      --features stringToString    [ALPHA] Provide a comma-separated list of feature names to bools to enable or disable. Ex. --features "foo=true,bar=false,baz=true" (default [])
+      --insecure-skip-tls-verify   Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture.
+      --log-format string          Select a logging format. Defaults to 'console'. Valid options are: 'console', 'json', 'dev'. (default "console")
+  -l, --log-level string           Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info")
+      --no-color                   Disable terminal color codes in logging and stdout prints.
+      --plain-http                 Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture.
+      --tmpdir string              Specify the temporary directory to use for intermediate files
+      --zarf-cache string          Specify the location of the Zarf cache directory (default "~/.zarf-cache")
+```
+
+### SEE ALSO
+
+* [zarf package](/commands/zarf_package/)	 - Zarf package commands for creating, deploying, and inspecting packages
+

src/api/v1alpha1/package.go

@@ -269,6 +269,8 @@ type ZarfBuildData struct {
 	DifferentialMissing []string `json:"differentialMissing,omitempty"`
 	// The flavor of Zarf used to build this package.
 	Flavor string `json:"flavor,omitempty"`
+	// Whether this package was signed
+	Signed *bool `json:"signed,omitempty"`
 	// Requirements for specific package operations.
 	VersionRequirements []VersionRequirement `json:"versionRequirements,omitempty"`
 }

src/cmd/package.go

@@ -60,6 +60,7 @@ func newPackageCommand() *cobra.Command {
 	cmd.AddCommand(newPackageListCommand())
 	cmd.AddCommand(newPackagePublishCommand(v))
 	cmd.AddCommand(newPackagePullCommand(v))
+	cmd.AddCommand(newPackageSignCommand(v))
 
 	return cmd
 }
@@ -1582,6 +1583,153 @@ func (o *packagePullOptions) run(cmd *cobra.Command, args []string) error {
 	return nil
 }
 
+type packageSignOptions struct {
+	signingKeyPath     string
+	signingKeyPassword string
+	publicKeyPath      string
+	overwrite          bool
+	output             string
+	ociConcurrency     int
+	retries            int
+}
+
+func newPackageSignCommand(v *viper.Viper) *cobra.Command {
+	o := &packageSignOptions{}
+
+	cmd := &cobra.Command{
+		Use:     "sign PACKAGE_SOURCE",
+		Aliases: []string{"s"},
+		Args:    cobra.ExactArgs(1),
+		Short:   lang.CmdPackageSignShort,
+		Long:    lang.CmdPackageSignLong,
+		Example: lang.CmdPackageSignExample,
+		RunE:    o.run,
+	}
+
+	cmd.Flags().StringVar(&o.signingKeyPath, "signing-key", v.GetString(VPkgSignSigningKey), lang.CmdPackageSignFlagSigningKey)
+	cmd.Flags().StringVar(&o.signingKeyPassword, "signing-key-pass", v.GetString(VPkgSignSigningKeyPassword), lang.CmdPackageSignFlagSigningKeyPass)
+	cmd.Flags().StringVarP(&o.output, "output", "o", v.GetString(VPkgSignOutput), lang.CmdPackageSignFlagOutput)
+	cmd.Flags().BoolVar(&o.overwrite, "overwrite", v.GetBool(VPkgSignOverwrite), lang.CmdPackageSignFlagOverwrite)
+	cmd.Flags().StringVarP(&o.publicKeyPath, "key", "k", v.GetString(VPkgPublicKey), lang.CmdPackageSignFlagKey)
+	cmd.Flags().IntVar(&o.ociConcurrency, "oci-concurrency", v.GetInt(VPkgOCIConcurrency), lang.CmdPackageFlagConcurrency)
+	cmd.Flags().IntVar(&o.retries, "retries", v.GetInt(VPkgRetries), lang.CmdPackageFlagRetries)
+
+	return cmd
+}
+
+func (o *packageSignOptions) run(cmd *cobra.Command, args []string) error {
+	ctx := cmd.Context()
+	l := logger.From(ctx)
+	packageSource := args[0]
+
+	if o.signingKeyPath == "" {
+		return errors.New("--signing-key is required")
+	}
+
+	// Determine output destination
+	outputDest := o.output
+	if outputDest == "" {
+		if helpers.IsOCIURL(packageSource) {
+			// For OCI sources, default to publishing back to the same OCI location
+			// Extract the repository portion (without package name and tag) from source
+			trimmed := strings.TrimPrefix(packageSource, helpers.OCIURLPrefix)
+			srcRef, err := registry.ParseReference(trimmed)
+			if err != nil {
+				return fmt.Errorf("failed to parse source OCI reference: %w", err)
+			}
+
+			// Extract repository path without the package name
+			// e.g., "registry.com/namespace/package:tag" -> "registry.com/namespace"
+			repoParts := strings.Split(srcRef.Repository, "/")
+			if len(repoParts) > 1 {
+				// Remove the last part (package name)
+				repoPath := strings.Join(repoParts[:len(repoParts)-1], "/")
+				outputDest = helpers.OCIURLPrefix + srcRef.Registry + "/" + repoPath
+			} else {
+				// Package is directly under registry (no namespace)
+				outputDest = helpers.OCIURLPrefix + srcRef.Registry
+			}
+		} else {
+			// For file sources, use the same directory as the source
+			outputDest = filepath.Dir(packageSource)
+		}
+	}
+
+	// If output is OCI (either default or user-specified), delegate to publish workflow
+	if helpers.IsOCIURL(outputDest) {
+		l.Info("signing and publishing package to OCI registry", "source", packageSource, "destination", outputDest)
+
+		// Create publish options from sign options
+		publishOpts := &packagePublishOptions{
+			signingKeyPath:          o.signingKeyPath,
+			signingKeyPassword:      o.signingKeyPassword,
+			skipSignatureValidation: o.overwrite, // Use overwrite flag for skip validation
+			ociConcurrency:          o.ociConcurrency,
+			retries:                 o.retries,
+			publicKeyPath:           o.publicKeyPath,
+		}
+
+		// Call publish with source and destination repository
+		return publishOpts.run(cmd, []string{packageSource, outputDest})
+	}
+
+	// For local file output, use existing sign logic
+	cachePath, err := getCachePath(ctx)
+	if err != nil {
+		return err
+	}
+
+	// Load the package
+	loadOpts := packager.LoadOptions{
+		PublicKeyPath:           o.publicKeyPath,
+		SkipSignatureValidation: o.overwrite,
+		Filter:                  filters.Empty(),
+		Architecture:            config.GetArch(),
+		OCIConcurrency:          o.ociConcurrency,
+		RemoteOptions:           defaultRemoteOptions(),
+		CachePath:               cachePath,
+	}
+
+	l.Info("loading package", "source", packageSource)
+	pkgLayout, err := packager.LoadPackage(ctx, packageSource, loadOpts)
+	if err != nil {
+		return fmt.Errorf("unable to load package: %w", err)
+	}
+	defer func() {
+		if cleanupErr := pkgLayout.Cleanup(); cleanupErr != nil {
+			l.Warn("failed to cleanup package layout", "error", cleanupErr)
+		}
+	}()
+
+	signed := pkgLayout.IsSigned()
+
+	if signed && !o.overwrite {
+		return errors.New("package is already signed, use --overwrite to re-sign")
+	}
+
+	// Sign the package
+	l.Info("signing package with provided key")
+
+	signOpts := utils.DefaultSignBlobOptions()
+	signOpts.KeyRef = o.signingKeyPath
+	signOpts.Password = o.signingKeyPassword
+
+	err = pkgLayout.SignPackage(ctx, signOpts)
+	if err != nil {
+		return fmt.Errorf("failed to sign package: %w", err)
+	}
+
+	// Archive to local directory
+	l.Info("archiving signed package to local directory", "directory", outputDest)
+	signedPath, err := pkgLayout.Archive(ctx, outputDest, 0)
+	if err != nil {
+		return fmt.Errorf("failed to archive signed package: %w", err)
+	}
+
+	l.Info("package signed successfully", "path", signedPath)
+	return nil
+}
+
 func choosePackage(ctx context.Context, args []string) (string, error) {
 	if len(args) > 0 {
 		return args[0], nil

src/cmd/viper.go

@@ -109,6 +109,13 @@ const (
 	VPkgPublishRetries              = "package.publish.retries"
 	VPkgPublishWithBuildMachineInfo = "package.publish.with_build_machine_info"
 
+	// Package sign config keys
+
+	VPkgSignSigningKey         = "package.sign.signing_key"
+	VPkgSignSigningKeyPassword = "package.sign.signing_key_password"
+	VPkgSignOutput             = "package.sign.output"
+	VPkgSignOverwrite          = "package.sign.overwrite"
+
 	// Package pull config keys
 
 	VPkgPullOutputDir = "package.pull.output_directory"

src/config/lang/english.go

@@ -311,6 +311,30 @@ $ zarf package publish ./path/to/dir oci://my-registry.com/my-namespace
 	CmdPackagePublishFlagConfirm            = "Confirms package publish without prompting. Skips prompt for the signing key password"
 	CmdPackagePublishFlagFlavor             = "The flavor of components to include in the resulting package. The flavor will be appended to the package tag"
 
+	CmdPackageSignShort   = "Signs an existing Zarf package"
+	CmdPackageSignLong    = "Signs an existing Zarf package with a private key. The package can be a local tarball or pulled from an OCI registry. The signature is created by signing the zarf.yaml file and does not modify the package checksums."
+	CmdPackageSignExample = `
+# Sign an unsigned package
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./private-key.pem
+
+# Re-sign with a new key (overwrite existing signature)
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./new-key.pem --overwrite
+
+# Sign a package from an OCI registry and output to local directory
+$ zarf package sign oci://ghcr.io/my-org/my-package:1.0.0 --signing-key ./private-key.pem --output ./signed/
+
+# Sign a package and publish directly to OCI registry
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key ./private-key.pem --output oci://ghcr.io/my-org/signed-packages
+
+# Sign with a cloud KMS key
+$ zarf package sign zarf-package-demo-amd64-1.0.0.tar.zst --signing-key awskms://alias/my-signing-key
+`
+	CmdPackageSignFlagSigningKey     = "Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider (awskms://, gcpkms://, azurekms://, hashivault://)"
+	CmdPackageSignFlagSigningKeyPass = "Password for encrypted private key"
+	CmdPackageSignFlagOutput         = "Output destination for the signed package. Can be a local directory or an OCI registry URL (oci://). Default: same directory as source package for files, current directory for OCI sources"
+	CmdPackageSignFlagOverwrite      = "Overwrite an existing signature if the package is already signed"
+	CmdPackageSignFlagKey            = "Public key to verify the existing signature before re-signing (optional)"
+
 	CmdPackagePullShort   = "Pulls a Zarf package from a remote registry and save to the local file system"
 	CmdPackagePullExample = `
 # Pull a package matching the current architecture

src/pkg/packager/layout/assemble.go

@@ -22,8 +22,6 @@ import (
 
 	"github.com/defenseunicorns/pkg/helpers/v2"
 	goyaml "github.com/goccy/go-yaml"
-	"github.com/sigstore/cosign/v3/cmd/cosign/cli/options"
-	"github.com/sigstore/cosign/v3/cmd/cosign/cli/sign"
 	"github.com/zarf-dev/zarf/src/api/v1alpha1"
 	"github.com/zarf-dev/zarf/src/config"
 	"github.com/zarf-dev/zarf/src/config/lang"
@@ -187,12 +185,17 @@ func AssemblePackage(ctx context.Context, pkg v1alpha1.ZarfPackage, packagePath
 		return nil, err
 	}
 
-	err = signPackage(buildPath, opts.SigningKeyPath, opts.SigningKeyPassword)
+	pkgLayout, err := LoadFromDir(ctx, buildPath, PackageLayoutOptions{SkipSignatureValidation: true})
 	if err != nil {
 		return nil, err
 	}
 
-	pkgLayout, err := LoadFromDir(ctx, buildPath, PackageLayoutOptions{SkipSignatureValidation: true})
+	// Sign the package with the provided options
+	signOpts := utils.DefaultSignBlobOptions()
+	signOpts.KeyRef = opts.SigningKeyPath
+	signOpts.Password = opts.SigningKeyPassword
+
+	err = pkgLayout.SignPackage(ctx, signOpts)
 	if err != nil {
 		return nil, err
 	}
@@ -251,11 +254,6 @@ func AssembleSkeleton(ctx context.Context, pkg v1alpha1.ZarfPackage, packagePath
 		return nil, err
 	}
 
-	err = signPackage(buildPath, opts.SigningKeyPath, opts.SigningKeyPassword)
-	if err != nil {
-		return nil, err
-	}
-
 	layoutOpts := PackageLayoutOptions{
 		SkipSignatureValidation: true,
 		IsPartial:               false,
@@ -265,6 +263,16 @@ func AssembleSkeleton(ctx context.Context, pkg v1alpha1.ZarfPackage, packagePath
 		return nil, fmt.Errorf("unable to load skeleton: %w", err)
 	}
 
+	// Sign the package with the provided options
+	signOpts := utils.DefaultSignBlobOptions()
+	signOpts.KeyRef = opts.SigningKeyPath
+	signOpts.Password = opts.SigningKeyPassword
+
+	err = pkgLayout.SignPackage(ctx, signOpts)
+	if err != nil {
+		return nil, err
+	}
+
 	return pkgLayout, nil
 }
 
@@ -740,6 +748,10 @@ func recordPackageMetadata(pkg v1alpha1.ZarfPackage, flavor string, registryOver
 
 	pkg.Build.RegistryOverrides = overrides
 
+	// set signed to false by default - this is updated if signing occurs.
+	signed := false
+	pkg.Build.Signed = &signed
+
 	return pkg
 }
 
@@ -776,35 +788,6 @@ func getChecksum(dirPath string) (string, string, error) {
 	return checksumContent, hex.EncodeToString(sha[:]), nil
 }
 
-func signPackage(dirPath, signingKeyPath, signingKeyPassword string) error {
-	if signingKeyPath == "" {
-		return nil
-	}
-	passFunc := func(_ bool) ([]byte, error) {
-		return []byte(signingKeyPassword), nil
-	}
-	keyOpts := options.KeyOpts{
-		KeyRef:   signingKeyPath,
-		PassFunc: passFunc,
-	}
-	rootOpts := &options.RootOptions{
-		Verbose: false,
-		Timeout: options.DefaultTimeout,
-	}
-	_, err := sign.SignBlobCmd(
-		rootOpts,
-		keyOpts,
-		filepath.Join(dirPath, ZarfYAML),
-		true,
-		filepath.Join(dirPath, Signature),
-		"",
-		false)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 func createReproducibleTarballFromDir(dirPath, dirPrefix, tarballPath string, overrideMode bool) (err error) {
 	tb, err := os.Create(tarballPath)
 	if err != nil {