feat: Verify all artifacts passed in cmdline

[mihaimaruseac]

This should close #91.

Turns out that even if we pass an artifact that does not match provenance (same name, invalid hash) or an artifact that is not covered by the provenance (not in subject), the verifier reports the same error: hash not matching provenance. See below:

[...]$ go run ./cli/slsa-verifier/{main,verify}.go verify-artifact --provenance-path /tmp/demo/multiple.intoto.jsonl --source-uri github.com/mihaimaruseac/slsa-lvl3-generic-provenance-with-bazel-example /tmp/demo/*
Verifying artifact /tmp/demo/fib
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/demo/fib: PASSED

Verifying artifact /tmp/demo/hello
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/demo/hello: PASSED

Verifying artifact /tmp/demo/multiple.intoto.jsonl
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verifying artifact /tmp/demo/multiple.intoto.jsonl: FAILED: expected hash 'f846eb812add7699a757e3a91df0a1c3a7b083fb2d907ae4c00e1e186f8641fe' not found: artifact hash does not match provenance subject

FAILED: SLSA verification failed: expected hash 'f846eb812add7699a757e3a91df0a1c3a7b083fb2d907ae4c00e1e186f8641fe' not found: artifact hash does not match provenance subject
Usage:
...

In this case, I used the artifacts from the test repo and passed the provenance as an additional artifact to verify. Observe how verification fails for this additional "artifact".

If I only pass fib and hello, all passes:

[...]$ go run ./cli/slsa-verifier/{main,verify}.go verify-artifact --provenance-path /tmp/demo/multiple.intoto.jsonl --source-uri github.com/mihaimaruseac/slsa-lvl3-generic-provenance-with-bazel-example /tmp/demo/{fib,hello}
Verifying artifact /tmp/demo/fib
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/demo/fib: PASSED

Verifying artifact /tmp/demo/hello
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/demo/hello: PASSED

PASSED: Verified SLSA provenance

Verification still passes if passing one single blob for a correct artifact:

[...]$ go run ./cli/slsa-verifier/{main,verify}.go verify-artifact --provenance-path /tmp/demo/multiple.intoto.jsonl --source-uri github.com/mihaimaruseac/slsa-lvl3-generic-provenance-with-bazel-example /tmp/demo/fib
Verifying artifact /tmp/demo/fib
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/demo/fib: PASSED

PASSED: Verified SLSA provenance

And it fails if the artifact cannot be verified:

[...]$ cp /bin/ls /tmp/demo/fib
[...]$ go run ./cli/slsa-verifier/{main,verify}.go verify-artifact --provenance-path /tmp/demo/multiple.intoto.jsonl --source-uri github.com/mihaimaruseac/slsa-lvl3-generic-provenance-with-bazel-example /tmp/demo/fib
Verifying artifact /tmp/demo/fib
Verified signature against tlog entry index 9712459 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a1544828b67bb5a2335f7e0d01c504a32ceb6f3a8814ed12c8f1b222d308bd9e8
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.4.0 at commit 11fab87c5ee6f46c6f5e68f6c5378c62ce1ca77c
Verifying artifact /tmp/bbss/fib: FAILED: expected hash 'd9408a51bd2846813db391cd58a4f5d2dba116fdd1be31968652cd8ca282ed6f' not found: artifact hash does not match provenance subject

FAILED: SLSA verification failed: expected hash 'd9408a51bd2846813db391cd58a4f5d2dba116fdd1be31968652cd8ca282ed6f' not found: artifact hash does not match provenance subject
Usage:
...

I think maybe we should not print the usage if validation fails. Also, should we do the same for image verification or allow only one argument there?

At the moment, validation fails on the first error. If needed, I'll send a different PR that tries to do as much work as possible and report all errors at the end.

Signed-off-by: Mihai Maruseac mihaimaruseac@google.com

[laurentsimon]

+1 on not showing the Usage when it fails. I think there's a tracking issue for it. tracks it, IIUC

Turns out that even if we pass an artifact that does not match provenance (same name, invalid hash) or an artifact that is not covered by the provenance (not in subject), the verifier reports the same error: hash not matching provenance

We don't check the subject name, so this seems correct. We only check for a matching hash.

I am a little worried that printing PASSED: Verified SLSA provenance may lead users to conclude that it passed, even if there's another error. But so long as the return error is not 0, that's probably OK (in particular when used in a script)... wdut?

Gathering all errors in a proper "log" structure is something that would be useful #161. It would allow us to also report everything in a JSON format (if users want to parse the results or if it's the response to a REST API).

[mihaimaruseac]

We only print PASSED: Verified SLSA provenance if all artifacts passed in the command line have been verified. In all other cases, the last lines are the FAILED:... line and the usage.

[laurentsimon]

LGTM. Would you be able to add some tests in main_test.go?

(We can add some e2e in the slsa-framework/example-package repo later)

[mihaimaruseac]

Let me look into it

[laurentsimon]

Could you also update the documentation in the README.md?

[laurentsimon]

We only print PASSED: Verified SLSA provenance if all artifacts passed in the command line have been verified. In all other cases, the last lines are the FAILED:... line and the usage.

Awesome, that sounds great! Maybe we can point that out in the README.md too.

[asraa]

LGTM! Seems like just a few lint/build failures

[mihaimaruseac]

Ok, got it. The issue was that there are a lot of occurrences of FAIL in the log, so if a test fail it gets confusing to see what's the culprit.

Updating the README.md and it should all be done in the next 5-10 mins

[mihaimaruseac]

All ready for a new review, PTAL and sorry it took so long to fix

[asraa]

Thanks for the README!

[asraa]

apologies for only seeing this now!

likely it probably makes the most sense to migate ExpectedDigest to ExpectedDigests so that we don't have to run signature verification more than once. I realize that's a breaking change -- maybe we should file a cleanup issue before the next major release?

doing it in a backwards compatible way with a new field would i guess be possible, and we could check for both ExpectedDigest/ExpectedDigests. It's not urgent to me though

[mihaimaruseac]

That's a good idea. Created #422 to track

[laurentsimon]

is it breaking for CLI or just the API? If just for the API, we could add a section to the README saying that we respect semver for the CLI only at the moment.

[asraa]

Yeah, it would be just for the API -- the CLI would still have the versioning.

Interesting about CLI semver -- in the past I've experienced only API being the versioning importance, but actually here CLI may be the only thing. No one is using as a library yet..

[laurentsimon]

I like what OSV does: the call out exactly what follows semver https://github.com/google/osv-scanner#semver-adherence. Created slsa-framework/slsa-github-generator#1427 for tracking.

[laurentsimon]

@mihaimaruseac in a follow-up PR, we also need to update the REST service. See https://github.com/slsa-framework/slsa-verifier/blob/main/experimental/rest/service.go#L21 used by https://github.com/slsa-framework/slsa-verifier/blob/main/cli/experimental/service/main.go

[laurentsimon]

Ready to merge?

[mihaimaruseac]

Ready to merge on my side. I'll look into upgrading the REST service and the e2e test in the example repo as well as #422 (shouldn't break anything, afaik, but I'll check to be sure)

[laurentsimon]

Great, thanks @mihaimaruseac Maybe also we need to update the verify-image to do something similar. Can you create a tracking issue for it too?

[mihaimaruseac]

MAde #423 to track that. Thanks for review and merging!

[mihaimaruseac]

@mihaimaruseac in a follow-up PR, we also need to update the REST service. See https://github.com/slsa-framework/slsa-verifier/blob/main/experimental/rest/service.go#L21 used by https://github.com/slsa-framework/slsa-verifier/blob/main/cli/experimental/service/main.go

So I look at these and this is just the verification, it will need to be updated only after #422, when we migrate to do a single verification for multiple artifacts. I could be mistaken though?

[laurentsimon]

+1, you're correct. Just wanted to be sure we have a tracking issue for it

[mihaimaruseac]

Added a mention of this in #422