/cc @mihaimaruseac
/cc @laurentsimon
Based off the prefix of the BuilderID within the provenance, if the
builder use to build the artifact is one of the BYOB builders of
slsa-framework/slsa-github-generator repo, the --builderid flag is not
need and is handled automatically. This was done to increase access to
users since before the automatic pickup of the builder-id would get the
delegator.
Test cases that cover verifyProvenance will need to be complete after
the v1.8.0 release of slsa-framework/slsa-github-generator.
The main structure that is changed is the ExpectedBuilderPath is
hardcoded now to slsa-framework builders within
`/cli/slsa-verifier/verify/verify_artifact.go `. This can later be
changed now if needed to be an input like the other fields of
`provenanceOpts` populated during `verify_artifact.go`. The added
function within `provenance.go`, `verifyBuilderIDPath` is called during
`verifyProvenance` to check this path within `provenanceOpts`. Upon
failure of this function, expected and received BuilderID's are also
outputted.
closes#659
makes use of discussion on closed pr #673
---------
Signed-off-by: Noah Elzner <elzner@google.com>
Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
* cleanup: use a uniform verifier interface for provenance type
Signed-off-by: Asra Ali <asraa@google.com>
* fix experimental gateg
Signed-off-by: Asra Ali <asraa@google.com>
* oops
Signed-off-by: Asra Ali <asraa@google.com>
---------
Signed-off-by: Asra Ali <asraa@google.com>
