Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Switch to newer DSSE rekor type #3299

Merged
merged 8 commits into from
Mar 26, 2024
Merged

fix: Switch to newer DSSE rekor type #3299

merged 8 commits into from
Mar 26, 2024

Commits on Feb 29, 2024

  1. fix: Switch to newer DSSE rekor type 

    The intoto v001 type does not persist signatures of the DSSE envelope,
as noted in sigstore/rekor#973. We introduced an
intoto v002 type shortly after to fix this, but since then, we've
introduced another newer type, DSSE v001, which also does not persist
the attestation in Rekor (as we discourage using Rekor as storage).

I also updated the verifier in slsa-framework/slsa-verifier#742
to search for both Rekor entry types.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    bdeea00 View commit details
    Browse the repository at this point in the history

Commits on Mar 5, 2024

  1. Update CHANGELOG.md 

    Signed-off-by: Hayden B <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Mar 5, 2024
    Configuration menu
    Copy the full SHA
    9d72468 View commit details
    Browse the repository at this point in the history

Commits on Mar 6, 2024

  1. Fix lint 

    Signed-off-by: Hayden B <hblauzvern@google.com>
    @haydentherapper
    haydentherapper committed Mar 6, 2024
    Configuration menu
    Copy the full SHA
    e91f0bc View commit details
    Browse the repository at this point in the history

Commits on Mar 26, 2024

  1. Merge branch 'main' into dsse-entry 

    Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
    @laurentsimon
    laurentsimon committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    7ec2f7f View commit details
    Browse the repository at this point in the history

  2. Update CHANGELOG.md 

    Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
    @laurentsimon
    laurentsimon committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    bbf63c1 View commit details
    Browse the repository at this point in the history

  3. Update CHANGELOG.md 

    Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
    @laurentsimon
    laurentsimon committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    e0093c8 View commit details
    Browse the repository at this point in the history

  4. Update CHANGELOG.md 

    Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
    @laurentsimon
    laurentsimon committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    99c25a8 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'main' into dsse-entry

    @laurentsimon
    laurentsimon committed Mar 26, 2024
    Configuration menu
    Copy the full SHA
    0ed5031 View commit details
    Browse the repository at this point in the history