Merge pull request #12478 from eduardoj/add_build_env_info_to_provenance

Add builder, invocation and metadata to provenance file
openSUSE · Apr 25, 2022 · 48f6ae4 · 48f6ae4
2 parents 5a404e5 + b4629c8
commit 48f6ae4
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 2 deletions.
diff --git a/src/backend/bs_worker b/src/backend/bs_worker
@@ -3233,7 +3233,29 @@ sub generate_slsa_provenance_statement {
   my $stmt = {
     '_type' => "https://in-toto.io/Statement/v0.1",
     'subject' => $subject,
-    'materials' => $buildinfo->{'materials'} || [],
+    'predicateType' => 'https://slsa.dev/provenance/v0.2',
+    'predicate' => {
+      'builder' => {
+        'id' => $buildinfo->{'srcserver'}
+      },
+      'buildType' => 'https://open-build-server/worker',
+      'invocation' => {
+        'configSource' => {
+          'uri' => BSHTTP::urlencode("$buildinfo->{'srcserver'}/source/$buildinfo->{'project'}/$buildinfo->{'package'}")."?rev=$buildinfo->{'srcmd5'}",
+          'digest' => { 'md5' => $buildinfo->{'srcmd5'} }, # TODO: change to sha256
+          'entryPoint' => $buildinfo->{'file'},
+        },
+      },
+      'metadata' => {
+        'completeness' => {
+          'parameters' => 1,
+          'environment' => 1,
+          'materials' => 1,
+        },
+        'reproducible' => 0,
+      },
+      'materials' => $buildinfo->{'materials'} || [],
+    },
   };
   require Build::SimpleJSON;
   return Build::SimpleJSON::unparse($stmt,  'template' => $slsa_json_template, 'keepspecial' => 1);

diff --git a/src/backend/t/1000-bs_worker.t b/src/backend/t/1000-bs_worker.t
@@ -27,6 +27,7 @@ my $buildinfo = {
   package    => 'package1',
   srcmd5     => 'f157738ddea737a2b7479996175a6cec',
   verifymd5  => 'f157738ddea737a2b7479996175a6cec',
+  file       => 'hello_world.spec',
   bdep       => [
                   {
                     'notmeta' => '1',
@@ -183,7 +184,6 @@ use JSON::XS ();
 $got = JSON::XS::decode_json($got);
 my $expected_statement = {
   '_type' => 'https://in-toto.io/Statement/v0.1',
-  'materials' => $expected_materials,
   'subject' => [
     {
       'digest' => {
@@ -198,5 +198,28 @@ my $expected_statement = {
       }
     }
   ],
+  'predicateType' => 'https://slsa.dev/provenance/v0.2',
+  'predicate' => {
+    'buildType' => 'https://open-build-server/worker',
+    'builder' => {
+      'id' => 'srcserver',
+    },
+    'invocation' => {
+      'configSource' => {
+        'uri' => 'srcserver/source/project1/package1?rev=f157738ddea737a2b7479996175a6cec',
+        'digest' => { 'md5' => 'f157738ddea737a2b7479996175a6cec' },
+        'entryPoint' => 'hello_world.spec',
+      },
+    },
+    'metadata' => {
+      'completeness' => {
+        'parameters' => 1,
+        'environment' => 1,
+        'materials' => 1,
+      },
+      'reproducible' => 0,
+    },
+    'materials' => $expected_materials,
+  }
 };
 is_deeply($got, $expected_statement, 'generate_slsa_provenance_statement - Return value');