remove experimental

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
2026-05-16 13:36:33 +00:00 · 2024-06-25 15:39:11 +00:00
parent e45249353a
commit 781304651e
3 changed files with 4 additions and 13 deletions
--- a/README.md
+++ b/README.md
@@ -483,11 +483,11 @@ Note that `--source-uri` supports GitHub repository URIs like `github.com/$OWNER

 ### Verification Summary Attestations (VSA)

-We have experimental support for [verifying](https://slsa.dev/spec/v1.1/verification_summary#how-to-verify) VSAs.
+We have support for [verifying](https://slsa.dev/spec/v1.1/verification_summary#how-to-verify) VSAs.
 Rather than passing in filepaths as arguments, we allow passing in mulitple `--subject-digest` cli options, to
 accomodate subjects that are not simple-files.

-This experimental support does not work yet with VSAs wrapped in Sigstore bundles, only with simple DSSE envelopes.
+This support does not work yet with VSAs wrapped in Sigstore bundles, only with simple DSSE envelopes.
 With that, we allow the user to pass in the public key.
 Note that if the DSSE Envelope `signatures` specifies a `keyid` that is not a unpadded base64 encoded sha256 hash the key, like `sha256:abc123...` (not a well-known identifier, e.g, `my-kms:prod-vsa-key`), then you must supply the `--public-key-id` cli option.

@@ -496,7 +496,7 @@ The verify-vsa command

 ```shell
 $ slsa-verifier verify-vsa --help
-Verifies SLSA VSAs for the given subject-digests [experimental]
+Verifies SLSA VSAs for the given subject-digests

 Usage:
  slsa-verifier verify-vsa [flags] subject-digest [subject-digest...]
@@ -517,8 +517,7 @@ Flags:
 To verify VSAs, invoke like this

 ```shell
-$ SLSA_VERIFIER_EXPERIMENTAL=1 \
-slsa-verifier verify-vsa \
+$ slsa-verifier verify-vsa \
 --subject-digest gce_image_id:8970095005306000053 \
 --attestations-path ./cli/slsa-verifier/testdata/vsa/gce/v1/gke-gce-pre.bcid-vsa.jsonl \
 --verifier-id https://bcid.corp.google.com/verifier/bcid_package_enforcer/v0.1 \
--- a/cli/slsa-verifier/main_regression_test.go
+++ b/cli/slsa-verifier/main_regression_test.go
@@ -1796,8 +1796,6 @@ func Test_runVerifyNpmPackage(t *testing.T) {
 }

 func Test_runVerifyVSA(t *testing.T) {
-	// We cannot use t.Setenv due to parallelized tests.
-	os.Setenv("SLSA_VERIFIER_EXPERIMENTAL", "1")
 	t.Parallel()

 	tests := []struct {
--- a/cli/slsa-verifier/verify/verify_vsa.go
+++ b/cli/slsa-verifier/verify/verify_vsa.go
@@ -17,7 +17,6 @@ package verify
 import (
 	"context"
 	"crypto"
-	"errors"
 	"fmt"
 	"os"

@@ -50,11 +49,6 @@ var hashAlgos = map[string]crypto.Hash{

 // Exec executes the verifiers.VerifyVSA.
 func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID, error) {
-	if !options.ExperimentalEnabled() {
-		err := errors.New("feature support is only provided in SLSA_VERIFIER_EXPERIMENTAL mode")
-		printFailed(err)
-		return nil, err
-	}
 	vsaOpts := &options.VSAOpts{
 		ExpectedDigests:        c.SubjectDigests,
 		ExpectedVerifierID:     c.VerifierID,