Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: verify claims in provenance match the certificate #572

Merged
merged 31 commits into from
May 9, 2023
Merged

feat: verify claims in provenance match the certificate #572

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
7241f81
update
laurentsimon Apr 20, 2023
18541c7
update
laurentsimon Apr 21, 2023
e2e1b79
update
laurentsimon Apr 21, 2023
ff8fdda
update
laurentsimon Apr 21, 2023
6dd5255
update
laurentsimon Apr 21, 2023
d84147c
update
laurentsimon Apr 22, 2023
ecb4f9b
update
laurentsimon Apr 24, 2023
73b2678
update
laurentsimon Apr 24, 2023
850cd1b
update
laurentsimon Apr 24, 2023
768fd0d
update
laurentsimon Apr 24, 2023
bfe5913
update
laurentsimon Apr 24, 2023
cc5b79f
update
laurentsimon Apr 24, 2023
2639884
update
laurentsimon Apr 24, 2023
7606efd
update
laurentsimon Apr 25, 2023
03bd38b
update
laurentsimon Apr 25, 2023
f8d35f0
update
laurentsimon Apr 25, 2023
784fec4
update
laurentsimon Apr 25, 2023
cbafe52
update
laurentsimon Apr 25, 2023
38d631b
update
laurentsimon Apr 25, 2023
2e8be27
update
laurentsimon Apr 25, 2023
6b0106a
update
laurentsimon May 2, 2023
693486a
update
laurentsimon May 2, 2023
4b7f159
update
laurentsimon May 5, 2023
3a769a9
update
laurentsimon May 9, 2023
172cd95
update
laurentsimon May 9, 2023
a36c23e
update
laurentsimon May 9, 2023
b57e722
update
laurentsimon May 9, 2023
b179065
update
laurentsimon May 9, 2023
b305527
update
laurentsimon May 9, 2023
89ea911
update
laurentsimon May 9, 2023
f35f0a1
Fix linter errors
May 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ linters:
disable-all: true
enable:
- asciicheck
- deadcode
- depguard
- dogsled
# TODO(https://github.com/slsa-framework/slsa-verifier/issues/363): Restore linter
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ unit-test: ## Runs all unit tests.
regression-test: ## Runs all regression and unit tests.
go mod vendor
# NOTE: go test builds packages even if there are no tests.
go test -mod=vendor -tags=regression -v -timeout=20m ./...
go test -mod=vendor -tags=regression -v -timeout=25m ./...

## Linters
#####################################################################
Expand Down
3 changes: 3 additions & 0 deletions errors/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,15 @@ var (
ErrorMismatchSource = errors.New("source used to generate the binary does not match provenance")
ErrorMismatchWorkflowInputs = errors.New("workflow input does not match")
ErrorMalformedURI = errors.New("URI is malformed")
ErrorMismatchCertificate = errors.New("certificate and provenance mismatch")
ErrorInvalidCertificate = errors.New("invalid certificate")
ErrorMismatchTag = errors.New("tag used to generate the binary does not match provenance")
ErrorInvalidRecipe = errors.New("the recipe is invalid")
ErrorMismatchVersionedTag = errors.New("tag used to generate the binary does not match provenance")
ErrorInvalidSemver = errors.New("invalid semantic version")
ErrorRekorSearch = errors.New("error searching rekor entries")
ErrorMismatchHash = errors.New("artifact hash does not match provenance subject")
ErrorNonVerifiableClaim = errors.New("provenance claim cannot be verified")
ErrorMismatchIntoto = errors.New("verified intoto provenance does not match text provenance")
ErrorInvalidRef = errors.New("invalid ref")
ErrorUntrustedReusableWorkflow = errors.New("untrusted reusable workflow")
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ require (
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/segmentio/ksuid v1.0.4 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/sigstore/fulcio v1.2.0 // indirect
github.com/sigstore/fulcio v1.2.0
github.com/sigstore/protobuf-specs v0.1.1-0.20230503063121-91485b44360d
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
Expand Down
Loading