From f9a7e3e23c6734e332d0e464cb7ca0df664b384e Mon Sep 17 00:00:00 2001 From: Ramon Petgrave Date: Wed, 14 Aug 2024 17:55:43 -0400 Subject: [PATCH] print the rekor log index Signed-off-by: Ramon Petgrave --- CHANGELOG.md | 3 +++ signing/sigstore/bundle.go | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6c2327310..9c321f14d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -113,6 +113,9 @@ The workflows `generator_generic_slsa3.yml` and `builder_go_slsa3.yml` have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework. +The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on +https://search.sigstore.dev/. + ### Unreleased: Vars context recorded in provenance - **Updated**: GitHub `vars` context is now recorded in provenance for the generic and diff --git a/signing/sigstore/bundle.go b/signing/sigstore/bundle.go index 407b43ea11..3a74f5f5e7 100644 --- a/signing/sigstore/bundle.go +++ b/signing/sigstore/bundle.go @@ -17,6 +17,7 @@ package sigstore import ( "context" "encoding/json" + "fmt" intoto "github.com/in-toto/in-toto-golang/in_toto" sigstoreBundle "github.com/sigstore/sigstore-go/pkg/bundle" @@ -89,6 +90,7 @@ func (s *BundleSigner) Sign(ctx context.Context, statement *intoto.Statement) (s // signing opts. bundleOpts, err := getBundleOpts( + ctx, &s.fulcioAddr, &s.rekorAddr, &rawToken, @@ -103,6 +105,15 @@ func (s *BundleSigner) Sign(ctx context.Context, statement *intoto.Statement) (s return nil, err } + // print the logIndex. + // Bundle will have already verified that the TLog entries are signed. + logIndex := innerBundle.GetVerificationMaterial().GetTlogEntries()[0].GetLogIndex() + fmt.Printf("Signed attestation is in rekor with UUID %d.\n", logIndex) + fmt.Printf("You could use rekor-cli to view the log entry details:\n\n"+ + " $ rekor-cli get --log-index %[1]d\n\n"+ + "In addition to that, you could also use the Rekor Search UI:\n\n"+ + " https://search.sigstore.dev/?logIndex=%[1]d", logIndex) + // marshall to json. bundleWrapper := &sigstoreBundle.ProtobufBundle{ Bundle: innerBundle, @@ -120,11 +131,14 @@ func (s *BundleSigner) Sign(ctx context.Context, statement *intoto.Statement) (s // getBundleOpts provides the opts for sigstoreSign.Bundle(). func getBundleOpts( + ctx context.Context, fulcioAddr *string, rekorAddr *string, identityToken *string, ) (*sigstoreSign.BundleOptions, error) { - bundleOpts := &sigstoreSign.BundleOptions{} + bundleOpts := &sigstoreSign.BundleOptions{ + Context: ctx, + } fulcioOpts := &sigstoreSign.FulcioOptions{ BaseURL: *fulcioAddr,