feat: support oci image verification

[asraa]

Signed-off-by: Asra Ali [email protected]

Support OCI image verification in the GHA verifier. OCI images can be verified using

slsa-verifier verify-image ${IMAGE} --source-uri ${SOURCE_URI}

Added initial testing, for valid signatures, invalid builder IDs and invalid source repositories.

[naveensrinivasan]

What is the process to verify the attached binaries?

The goal is to make sure the e2e tests are reliable.

[asraa]

Yes @naveensrinivasan I'm still trying to figure out a testing strategy

What is the process to verify the attached binaries?

I don't understand the question. Binaries are already e2e tested.

The goal is to make sure the e2e tests are reliable.

Yeah. Ideally I'd be able to attach manifests for OCI images and use those to verify. I will probably need to implement a fake registry and a fake signed image for cosign. do you have other ideas?

[naveensrinivasan]

Binaries are already e2e tested.

How were these specific binaries already e2e tested? I am trying to understand, so pardon my ignorance.

[naveensrinivasan]

Binaries are already e2e tested.

How were these specific binaries already e2e tested? I am trying to understand, so pardon my ignorance.

🤦 Now, I see them as renamed and not new binaries. Thanks, it makes sense. I thought these were new binaries.

[ianlewis]

I feel like we should have different commands for containers vs. artifacts

The combinations of how flags are used isn't really very user friendly and I feel like it will just get worse over time.

[ianlewis]

...not that I expect that to be implemented in this PR. Just a general comment.

[asraa]

For v2, I'll try to write a one-pager on the SLSA verifier API. There are a few issues on this (#180) and I am worried without writing it up first I'll get it wrong.

[ianlewis]

Just to be clear, I was simply thinking something like slsa-verifier verify-artifact ... and slsa-verifier verify-image ... something like that. Right now it's down to the combination of what flags users use. Commands allow us to have different flags for different CLI commands.

[asraa]

Ah, yes I agree too we should have sub-commands separating the two.

[laurentsimon]

SGTM

[asraa]

Currently working with example-test packages

$ go run . -oci-image ghcr.io/slsa-framework/example-package.e2e.container.schedule.main.default.slsa3@sha256:93e556b16d8be1283f3825aa0ee595250649f56e70e18a3089d92ba29cd81e85 -source github.com/slsa-framework/example-package
Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/heads/main at commit 8837317a8c8021fa59bb05260f363c7deb4ca63d
PASSED: Verified SLSA provenance

For some reason, crane manifest'ing the image doesn't show me where the cosign attesation layer is. Trying to retrieve some testadata manifests.

[asraa]

Got tests in. Waiting for the queue of PRs #187

and then I'll implement the VerifyImage on the builder interface.

[asraa]

@ianlewis @laurentsimon This is ready now.

I had to make a few changes for testing -- remote and local images behave slightly different. See the container package.

I will make an issue to add more testing: malicious tests, tag verification. Just wanted to start the functionality.

[laurentsimon]

LGTM overall. Excited to see this one land!!

[laurentsimon]

so are we giving up on the idea of verify-artifact and verify-container subcommand? What was decided in the end?

[asraa]

I think we should, should I do that in this PR though? If it's pretty easy to review I can split the commands

[laurentsimon]

up to you, I don't mind either way

[laurentsimon]

I'm curious: is "reference" is standard term in container world?

[asraa]

yes, it means repository:tag. technically it also supports the actual digest, so maybe I should say -artifact-image (and image reference resolution will be implicit)?

[laurentsimon]

I see. If this is a common term, then it's fine. artifact-image would also work for me.
/cc @ianlewis any thoughts?

[asraa]

Changed to artifact-image for now. Leaving unresolved for feedback from Ian

[laurentsimon]

Thanks. Left a few comments.

[laurentsimon]

Note: would this break if we verify in parallel different images that require changing this global variable?
I don't think we're going to need that any time soon.. unless the unit tests have to.

I wonder whether we this should be a func GetImageDigest() and have an interface that this function implement in a structure. This way anyone who needs to update the function can create their structure and set the function to whatever they want. By default, the function would be the one declared in this file.

[asraa]

Hmmm The purpose of this global is just for testing -- only testing will use the modified vars (and always will)

I wonder whether we this should be a func GetImageDigest() and have an interface that this function implement in a structure.

Actually, that can work. We can do a file-based impl and a registry-based implementation of the container. Then we can instantiate based on the params (was image str a local file or a container reference)

[laurentsimon]

It's fine to do that in a follow-up PR. Up to you.