Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: v2.0.0-rc.0: update adversarial test: Adversarial container-based #367

Merged
merged 1 commit into from
Apr 22, 2024
Merged

chore: v2.0.0-rc.0: update adversarial test: Adversarial container-based #367

merged 1 commit into from
Apr 22, 2024

Conversation

ramonpetgrave64
Copy link
Collaborator

@ramonpetgrave64 ramonpetgrave64 merged commit 4f319c2 into main Apr 22, 2024
27 checks passed
@ramonpetgrave64
Copy link
Collaborator Author

with bad binary, failing

https://github.com/slsa-framework/example-package/actions/runs/8790801568/job/24123651337#step:2:214

Run ./__BUILDER_CHECKOUT_DIR__/.github/actions/generate-builder/generate-builder.sh
Fetching the builder with ref: refs/tags/v2.0.0
Builder version: v2.0.0
BUILDER_REPOSITORY: slsa-framework/slsa-github-generator
verifier hash computed is 54e4f40bf120bce1cef1ff123fef3456e8c526f315c47e22ed6acfe02a06b9a8
verifier hash verification has passed
Verified signature against tlog entry index 87834226 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a52619220ecd64c22b4b1c242282c7fa65b26ce614931f573cb64009e452612bd
Verifying artifact slsa-builder-docker-linux-amd64: FAILED: expected hash '5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03' not found: artifact hash does not match provenance subject

FAILED: SLSA verification failed: expected hash '5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03' not found: artifact hash does not match provenance subject
Error: Process completed with exit code 6.

@ramonpetgrave64
Copy link
Collaborator Author

Now passing with the original binary

https://github.com/slsa-framework/example-package/actions/runs/8790813270/job/24123689539#step:2:214

Run ./__BUILDER_CHECKOUT_DIR__/.github/actions/generate-builder/generate-builder.sh
Fetching the builder with ref: refs/tags/v2.0.0
Builder version: v2.0.0
BUILDER_REPOSITORY: slsa-framework/slsa-github-generator
verifier hash computed is 54e4f40bf120bce1cef1ff123fef3456e8c526f315c47e22ed6acfe02a06b9a8
verifier hash verification has passed
Verified signature against tlog entry index 87834226 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77a52619220ecd64c22b4b1c242282c7fa65b26ce614931f573cb64009e452612bd
Verified build using builder "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v2.0.0" at commit 5a775b367a56d5bd118a224a811bba288150a563
Verifying artifact slsa-builder-docker-linux-amd64: PASSED

PASSED: Verified SLSA provenance
Builder provenance verified at tag v2.0.0 and commit 5a775b367a56d5bd118a224a811bba288150a563
Run ./__BUILDER_CHECKOUT_DIR__/.github/actions/compute-sha256
Computing sha256 of slsa-builder-docker-linux-amd64
Computed sha256 of slsa-builder-docker-linux-amd64 as 3bf39dd2f8c3e4d480b4e2aa7d8bf92e54b939bf2a663a93fee69f4d9d1304d9

@ramonpetgrave64 ramonpetgrave64 deleted the ramonpetgrave64-patch-16 branch June 26, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon Awaiting requested review from laurentsimon laurentsimon is a code owner

@joshuagl joshuagl Awaiting requested review from joshuagl joshuagl is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ramonpetgrave64