-
Notifications
You must be signed in to change notification settings - Fork 9
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Nice PR! :)
README.md
Outdated
binary is SHA256. For details about the format of the provenance statement please refer to | ||
[the SLSA provenance documentation](https://slsa.dev/provenance/v0.2). | ||
[the container-based SLSA3 builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/f14d71f7a0f58a45b6105c0b6d97c414328ceda0/internal/builders/docker/README.md), | ||
from the SLSA Framework, builds a binary and a corresponding SLSA v1.0 provenance statement. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: builds a binary and "generates"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Done.
|
||
The [`verifier`](/internal/verifier/) package provides functionality for verifying an input | ||
provenance file. The provenance file should follow the | ||
[Amber provenance](./../pkg/amber/schema/v1/provenance.json) format and provide a list of materials |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about Amber? Maybe add a reference to #224?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cmd/verifier/README.md
Outdated
|
||
To verify a SLSA provenance of the Amber build type run: | ||
|
||
```bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The snippet below is not valid bash, because of the $
. Either remove the $
, or change the type to console
(in which case you can also interleave $-prefixed commands with the corresponding output, if you like).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. I did not know about the console
style.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the reviews.
README.md
Outdated
binary is SHA256. For details about the format of the provenance statement please refer to | ||
[the SLSA provenance documentation](https://slsa.dev/provenance/v0.2). | ||
[the container-based SLSA3 builder workflow](https://github.com/slsa-framework/slsa-github-generator/blob/f14d71f7a0f58a45b6105c0b6d97c414328ceda0/internal/builders/docker/README.md), | ||
from the SLSA Framework, builds a binary and a corresponding SLSA v1.0 provenance statement. The |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. Done.
|
||
The [`verifier`](/internal/verifier/) package provides functionality for verifying an input | ||
provenance file. The provenance file should follow the | ||
[Amber provenance](./../pkg/amber/schema/v1/provenance.json) format and provide a list of materials |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
cmd/verifier/README.md
Outdated
|
||
To verify a SLSA provenance of the Amber build type run: | ||
|
||
```bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. I did not know about the console
style.
6e3f3a7
to
30f54d0
Compare
Ref #145
Removing the builder, now that it is migrated to the SLSA Framework repo.