Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: TUF error in GHA installer #394

Merged
merged 1 commit into from
Dec 6, 2022
Merged

fix: TUF error in GHA installer #394

merged 1 commit into from
Dec 6, 2022

Conversation

laurentsimon
Copy link
Contributor

Signed-off-by: laurentsimon laurentsimon@google.com

@laurentsimon
update
74614b7 
Signed-off-by: laurentsimon <laurentsimon@google.com>
@laurentsimon laurentsimon requested review from kpk47 and asraa December 6, 2022 21:07
@laurentsimon
Copy link
Contributor Author

Please verify that the hash I updated corresponds to the one in the SLSA provenance.

asraa
asraa approved these changes Dec 6, 2022
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified the provenance and double checked

[
  {
    "name": "slsa-verifier-linux-amd64",
    "digest": {
      "sha256": "8d2e93a9ea0126d5daec22f2778b42fea79192605d16955f0c91847c3a6a8921"
    }
  }
]

also validated that the 2.0.0 release downloaded built at the gitcommit of the release

$ ~/Downloads/slsa-verifier-linux-amd64 version
  ____    _       ____       _             __     __  _____   ____    ___   _____   ___   _____   ____
 / ___|  | |     / ___|     / \            \ \   / / | ____| |  _ \  |_ _| |  ___| |_ _| | ____| |  _ \
 \___ \  | |     \___ \    / _ \    _____   \ \ / /  |  _|   | |_) |  | |  | |_     | |  |  _|   | |_) |
  ___) | | |___   ___) |  / ___ \  |_____|   \ V /   | |___  |  _ <   | |  |  _|    | |  | |___  |  _ <
 |____/  |_____| |____/  /_/   \_\            \_/    |_____| |_| \_\ |___| |_|     |___| |_____| |_| \_\
slsa-verifier: Verify SLSA provenance for Github Actions

GitVersion:    
GitCommit:     128324f48837d274fdb69870704477a8d2645b8d
GitTreeState:  clean
BuildDate:     2022-11-30T21:35:33
GoVersion:     go1.18.8
Compiler:      gc
Platform:      linux/amd64

@asraa asraa merged commit 901c5f7 into slsa-framework:main Dec 6, 2022
ramonpetgrave64 pushed a commit to ramonpetgrave64/slsa-verifier that referenced this pull request Apr 18, 2024
@naveensrinivasan @laurentsimon
Update deps and included dependabot settings for action (slsa-framewo…
87ed420 
…rk#394)

* Update deps and included dependabot settings for action

- Updated the deps for action
- Included the dependabot settings for detect-workflow

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Small tweaks

- Removed dependabot config
- Updated the tests based on comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

@kpk47 kpk47 Awaiting requested review from kpk47

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@laurentsimon @asraa