* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format
- new public key for "global PAE signing key"
- test data and unit tests
Signed-off-by: Kevin Halk <khalk@google.com>
---------
Signed-off-by: Kevin Halk <khalk@google.com>
* cleanup: use a uniform verifier interface for provenance type
Signed-off-by: Asra Ali <asraa@google.com>
* fix experimental gateg
Signed-off-by: Asra Ali <asraa@google.com>
* oops
Signed-off-by: Asra Ali <asraa@google.com>
---------
Signed-off-by: Asra Ali <asraa@google.com>
* Create references.sh
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* WIP: check docs in pre-submits
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Clean up
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Fix based on comments
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Add instructions to RELEASE.md
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Check references match version in PR body
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* Use `Run` instead of `RunE` to handle usage/errors
We want to only display the usage message if there is an error in the
parsing of arguments. Once the arguments are parsed and we invoke the
internal implementation the usage message should not be displayed
anymore, regardless of what internal error gets returned. Fortunately,
the fix is easy.
Tested:
* passing scenario:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo fib
Verified signature against tlog entry index 9712459 at URL: ...
Verified build using builder ...
Verifying artifact fib: PASSED
PASSED: Verified SLSA provenance
```
* failing scenario with missing artifact file:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo fibs
Verifying artifact fibs: FAILED: open fibs: no such file or directory
FAILED: SLSA verification failed: open fibs: no such file or directory
```
* failing scenario with invalid artifact:
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl \
--source-uri github.com/example/repo multiple.intoto.jsonl
Verified signature against tlog entry index 9712459 at URL: ...
Verifying artifact multiple.intoto.jsonl: FAILED: expected hash ...
FAILED: SLSA verification failed: expected hash ...
```
* failing scenario due to invalid usage (missing required arguments):
```
[...]$ slsa-verifier verify-artifact \
--provenance-path multiple.intoto.jsonl
Usage:
slsa-verifier verify-artifact [flags] artifact [artifact..]
Flags:
--build-workflow-input map[] [optional] a workflow input provided by a user at trigger time in the format 'key=value'. (Only for 'workflow_dispatch' events on GitHub Actions). (default map[])
--builder-id string [optional] the unique builder ID who created the provenance
-h, --help help for verify-artifact
--print-provenance [optional] print the verified provenance to stdout
--provenance-path string path to a provenance file
--source-branch string [optional] expected branch the binary was compiled from
--source-tag string [optional] expected tag the binary was compiled from
--source-uri string expected source repository that should have produced the binary, e.g. github.com/some/repo
--source-versioned-tag string [optional] expected version the binary was compiled from. Uses semantic version to match the tag
required flag(s) "source-uri" not set
exit status 1
```
Fixes#307
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Handle the same fix in image verification
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* go fmt
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Remove limit of number of artifacts to verify
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update short description
Mention that we support multiple artifacts as long as they come from the
same provenance.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Verify all artifacts passed in cmdline
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Remove header of verify step output
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Format the `cobra.Command.Use` argument
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Don't return a slice of builderIDs.
Since all images should come from the same provenance file, there's an
invariant that we will always get exactly one builderID. So, no need to
return a slice of them.
Just to preempt the case when the invariant would be broken, add a
specific check.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change existing tests to support multiple artifacts.
No new tests added, just changing table test data type.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* [nfc] Format test file
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Change test to allow passing multiple artifacts.
For now, just allow passing the entire array of artifacts to command
line / arguments. The functionality should still be the same.
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix typo
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix path to test artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Allow different provenance path
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Try 2 artifacts from existing testdata
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add more tests for multiple artifacts
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add failing test
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Fix artifact and error
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Add final test: no artifact match
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
* Update README.md
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
Signed-off-by: Mihai Maruseac <mihaimaruseac@google.com>
