verify-blob laods entire payload into memory #4112
Labels
enhancement
New feature or request
Comments
|
I am working on this |
|
@ramonpetgrave64 how big do you want me to make the buffer? |
|
@krisharyan117 Can you explain a bit more, or open a draft PR, if you're ready? 1KB sounds like an okay buffer size, if the performance is still good. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Description
Currently, when calling cosign’s verify-blob subcommand, it will actually load the entire message into memory first, before passing it to the
SignerVerifier.VerifySignature()method. This means that verifying a 1GB file will use an additional 1GB of memory. This is likely undesirable, so this issue is requesting that it instead pass along anio.Readerof the file, so it can be streamed, instead of pre-loaded.cosign/cmd/cosign/cli/verify/verify_blob.go
Line 181 in 647eca1
The text was updated successfully, but these errors were encountered: