Update slsa-provenance predicate to v0.2 #1054

priyawadhwa · 2021-11-15T16:48:44Z

Update the in-toto-golang dependency to generate the slsa-provenance predicate at version v0.2. This way chains can update to v0.2 as well without conflicting with the pinned version for in-toto-golang in cosign!

Signed-off-by: Priya Wadhwa priyawadhwa@google.com

pkg/cosign/tuf/client.go

This dep update also required updating the go-tuf dependency, so there are some bug fixes in the go-tuf code in this PR as well. Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

priyawadhwa commented Nov 15, 2021

View reviewed changes

pkg/cosign/tuf/client.go Show resolved Hide resolved

Update slsa-provenance to v0.2

50739ff

This dep update also required updating the go-tuf dependency, so there are some bug fixes in the go-tuf code in this PR as well. Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

priyawadhwa force-pushed the slsa-provenance-v0.2 branch 5 times, most recently from bf1572f to 8660314 Compare November 23, 2021 00:41

Remove newlines from targets so that they match expected targets

45da5ef

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

priyawadhwa force-pushed the slsa-provenance-v0.2 branch from 8660314 to 45da5ef Compare November 23, 2021 00:46

dlorenc approved these changes Nov 23, 2021

View reviewed changes

dlorenc merged commit 98cf544 into sigstore:main Nov 23, 2021

github-actions bot added this to the v1.4.0 milestone Nov 23, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update slsa-provenance predicate to v0.2 #1054

Update slsa-provenance predicate to v0.2 #1054

priyawadhwa commented Nov 15, 2021

Update slsa-provenance predicate to v0.2 #1054

Update slsa-provenance predicate to v0.2 #1054

Conversation

priyawadhwa commented Nov 15, 2021