diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go index 97ce36e70..fcaaaf870 100644 --- a/cli/slsa-verifier/verify.go +++ b/cli/slsa-verifier/verify.go @@ -76,7 +76,7 @@ func verifyArtifactCmd() *cobra.Command { } func verifyImageCmd() *cobra.Command { - o := &verify.VerifyImageOptions{} + o := &verify.VerifyOptions{} cmd := &cobra.Command{ Use: "verify-image [flags] image", diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go index fec526979..e9079ea44 100644 --- a/cli/slsa-verifier/verify/options.go +++ b/cli/slsa-verifier/verify/options.go @@ -38,8 +38,9 @@ type VerifyOptions struct { BuildWorkflowInputs workflowInputs BuilderID string /* Other */ - ProvenancePath string - PrintProvenance bool + ProvenancePath string + ProvenanceRepository string + PrintProvenance bool } var _ Interface = (*VerifyOptions)(nil) @@ -67,6 +68,9 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.ProvenancePath, "provenance-path", "", "path to a provenance file") + cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "", + "image repository for provenance with format: /") + cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false, "[optional] print the verified provenance to stdout") @@ -74,24 +78,6 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { cmd.MarkFlagsMutuallyExclusive("source-versioned-tag", "source-tag") } -// VerifyImageOptions is the top-level options for the `verifyImage` command - -type VerifyImageOptions struct { - VerifyOptions - /* Other */ - ProvenanceRepository string -} - -var _ Interface = (*VerifyImageOptions)(nil) - -// AddFlags implements Interface. -func (o *VerifyImageOptions) AddFlags(cmd *cobra.Command) { - o.VerifyOptions.AddFlags(cmd) - - cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "", - "image repository for provenance with format: /. When set, overrides COSIGN_REPOSITORY environment variable") -} - // VerifyNpmOptions is the top-level options for the `verifyNpmPackage` command. type VerifyNpmOptions struct { VerifyOptions diff --git a/cli/slsa-verifier/verify/verify_image.go b/cli/slsa-verifier/verify/verify_image.go index a1207446b..3dd5650a9 100644 --- a/cli/slsa-verifier/verify/verify_image.go +++ b/cli/slsa-verifier/verify/verify_image.go @@ -72,10 +72,7 @@ func (c *VerifyImageCommand) Exec(ctx context.Context, artifacts []string) (*uti } } - var verifiedProvenance []byte - var outBuilderID *utils.TrustedBuilderID - - verifiedProvenance, outBuilderID, err = verifiers.VerifyImage(ctx, artifacts[0], provenance, provenanceOpts, builderOpts) + verifiedProvenance, outBuilderID, err := verifiers.VerifyImage(ctx, artifacts[0], provenance, provenanceOpts, builderOpts) if err != nil { return nil, err diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go index b6d0fc7c0..68dd86f08 100644 --- a/verifiers/internal/gha/verifier.go +++ b/verifiers/internal/gha/verifier.go @@ -257,17 +257,11 @@ func (v *GHAVerifier) VerifyImage(ctx context.Context, var provenanceTargetRepository name.Repository // Consume input for --provenance-repository when set - if *provenanceOpts.ExpectedProvenanceRepository != "" { + if provenanceOpts.ExpectedProvenanceRepository != nil { provenanceTargetRepository, err = name.NewRepository(*provenanceOpts.ExpectedProvenanceRepository) if err != nil { return nil, nil, err } - } else { - // If user input --provenance-repository is empty, look for COSIGN_REPOSITORY environment - provenanceTargetRepository, err = ociremote.GetEnvTargetRepository() - if err != nil { - return nil, nil, err - } } registryClientOpts := []ociremote.Option{}