Please reopen discussion #1171

[RoyalOughtness]

Verifying the build attestation is something that I think should be done as part of the build pipeline, not per client.

The build attestation is generated at build time, and while validating it after generating it is a good idea, part of the point of it is to allow consumers to ensure that a build was generated from a specific commit using a valid runner. So in much the same way that clients verify an image signature to ensure that the image was published by a holder of a valid private key, clients should also IMO verify an image attestation if present to ensure that the image was built against a valid commit using a valid runner.

[p5]

It would probably be worth opening an issue in https://github.com/containers/container-libs to support this, since bootc inherits Skopeo for verification, which inherits container-libs.

Though I'm not too sure how this would work or differ from something like keyless signing (which admittedly, isn't implemented yet). With keyless signing, you're verifying the repo it was signed from. Attestation is enriching the image with info on how it was built, but this isn't really something you can or would want to assert in policy on the endpoint AFAICT.

Signing:

• Who built this?

Attestation:

• How it was built?
• Where it was built?

What would you imagine this policy to look like?

[RoyalOughtness]

@p5 My limited understanding of cosign's "keyless signing" is that it enables signing by the build platform. This isn't parity with SLSA.

With keyless signing, you're verifying the repo it was signed from

For example, I don't think this is exactly the case relative to SLSA. You might be verifying that an artifact came from a particular platform, but SLSA verifies that it came from a particular commit on a specified branch, or a specific tag/commit. If keyless signing can provide parity with this and I'm missing that, that would be a viable alternative.

What would you imagine this policy to look like?

something like:

/etc/containers/provenance.json

{
  "default": [
    {
      "type": "reject"
    }
  ],
  "transports": {
    "docker": {
      "ghcr.io/secureblue": [
        {
          "type": "SLSA",
          "sourceBranch": "live"
          "sourceUri": "github.com/secureblue/secureblue"
        }
      ]
    }
...
}