Make builder ID not compulsory for BYOB builders hosted on our repo #659
Comments
|
Any luck on this feature, @enteraga6 ? |
|
@laurentsimon writing tests for it, then will pr |
This was referenced Jul 28, 2023
laurentsimon
added a commit
that referenced
this issue
Aug 11, 2023
/cc @mihaimaruseac /cc @laurentsimon Based off the prefix of the BuilderID within the provenance, if the builder use to build the artifact is one of the BYOB builders of slsa-framework/slsa-github-generator repo, the --builderid flag is not need and is handled automatically. This was done to increase access to users since before the automatic pickup of the builder-id would get the delegator. Test cases that cover verifyProvenance will need to be complete after the v1.8.0 release of slsa-framework/slsa-github-generator. The main structure that is changed is the ExpectedBuilderPath is hardcoded now to slsa-framework builders within `/cli/slsa-verifier/verify/verify_artifact.go `. This can later be changed now if needed to be an input like the other fields of `provenanceOpts` populated during `verify_artifact.go`. The added function within `provenance.go`, `verifyBuilderIDPath` is called during `verifyProvenance` to check this path within `provenanceOpts`. Upon failure of this function, expected and received BuilderID's are also outputted. closes #659 makes use of discussion on closed pr #673 --------- Signed-off-by: Noah Elzner <elzner@google.com> Signed-off-by: Noah Elzner <78953604+enteraga6@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See original discussion in #656
/cc @enteraga6
The text was updated successfully, but these errors were encountered: