summaryrefslogtreecommitdiff
path: root/cli/tools/registry/mod.rs
diff options
context:
space:
mode:
authorBob Callaway <bobcallaway@users.noreply.github.com>2024-08-31 11:53:46 -0400
committerGitHub <noreply@github.com>2024-08-31 15:53:46 +0000
commit3a63572187ef435e254a4c753d03a39effae0761 (patch)
tree4f92936facec978c0329b98e0e70fe9ce001d729 /cli/tools/registry/mod.rs
parentb536ed1a7498b8f1c7d46aa9a7ed745870a9e99e (diff)
fix(publish): ensure provenance is spec compliant (#25200)
Fixes: #25199 Ensures that for the SLSA provenance document generated on publishing, `subject` is an array of ResourceDescriptor objects per the in-toto specification [requirements](https://github.com/in-toto/attestation/blob/main/spec/v1/statement.md#fields). --------- Signed-off-by: Bob Callaway <bcallaway@google.com>
Diffstat (limited to 'cli/tools/registry/mod.rs')
-rw-r--r--cli/tools/registry/mod.rs3
1 files changed, 2 insertions, 1 deletions
diff --git a/cli/tools/registry/mod.rs b/cli/tools/registry/mod.rs
index 24b3051e4..fbdcd9e77 100644
--- a/cli/tools/registry/mod.rs
+++ b/cli/tools/registry/mod.rs
@@ -1049,7 +1049,8 @@ async fn publish_package(
sha256: faster_hex::hex_string(&sha2::Sha256::digest(&meta_bytes)),
},
};
- let bundle = provenance::generate_provenance(http_client, subject).await?;
+ let bundle =
+ provenance::generate_provenance(http_client, vec![subject]).await?;
let tlog_entry = &bundle.verification_material.tlog_entries[0];
log::info!("{}",
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 23:15:33 +0000