Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support for GCB verification #202

Merged
merged 22 commits into from
Aug 24, 2022

Conversation

laurentsimon
Copy link
Contributor

@laurentsimon laurentsimon commented Aug 9, 2022

This PR depends on #147 which should be merged.

Please verify the GCB public keys in this PR, using steps in verifiers/internal/gcb/keys/README.md.

This PR adds support for verification of GCB provenance. Some TODOS:

  • Unit tests. Follow-up PRs will be needed
  • This only works for containers today, but does not support provenance available next to the registry. (current limitation of GCB).

In a follow-up PR: #221

@laurentsimon laurentsimon marked this pull request as draft August 9, 2022 22:47
@laurentsimon laurentsimon changed the title Support for GCB verification [DRAFT] Support for GCB verification Aug 9, 2022
@laurentsimon laurentsimon changed the title [DRAFT] Support for GCB verification feat: Support for GCB verification Aug 16, 2022
@laurentsimon laurentsimon marked this pull request as ready for review August 16, 2022 22:19
@laurentsimon laurentsimon requested review from ianlewis and asraa August 16, 2022 22:19
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for starting this! Some comments. Overall, implementation of the provenance looks fine to me.

verifiers/internal/gcb/keys/keys.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/keys/keys.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Show resolved Hide resolved
verifiers/internal/gcb/verifier.go Show resolved Hide resolved
verifiers/internal/gcb/verifier.go Show resolved Hide resolved
verifiers/internal/gcb/verifier.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
@laurentsimon
Copy link
Contributor Author

Added more tests, ready for review!

main_test.go Outdated Show resolved Hide resolved
main_test.go Outdated Show resolved Hide resolved
main_test.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/keys/keys.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/keys/keys.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
verifiers/internal/gcb/provenance.go Outdated Show resolved Hide resolved
@laurentsimon laurentsimon merged commit 3b5c68f into slsa-framework:main Aug 24, 2022
@laurentsimon laurentsimon mentioned this pull request Sep 1, 2022
23 tasks
ramonpetgrave64 pushed a commit to ramonpetgrave64/slsa-verifier that referenced this pull request Apr 18, 2024
The markdown table should have just one row. However, the example is
formatted in such a way that it gets 3 rows. This is just minor cleanup,
with no functional change.

Co-authored-by: Ian Lewis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants