Documentation
¶
Overview ¶
Package attestation provides bundle attestation using Sigstore keyless signing.
It implements the Attester interface with two implementations:
- KeylessAttester: Signs using OIDC-based Fulcio certificates and logs to Rekor. Supports both ambient tokens (GitHub Actions) and interactive browser flow.
- NoOpAttester: Returns nil (used when --attest is not set).
Attestations use industry-standard formats:
- DSSE (Dead Simple Signing Envelope) as the transport format
- in-toto Statement v1 as the attestation statement
- SLSA Build Provenance v1 as the predicate type
- Sigstore bundle (.sigstore.json) packaging the signed envelope, certificate, and Rekor inclusion proof
The attestation subject is checksums.txt (covering all bundle content files). The SLSA predicate records build metadata including the tool version, recipe, components, and resolvedDependencies (binary provenance + external data files).
OIDC Token Acquisition ¶
Two paths for obtaining OIDC tokens:
- FetchAmbientOIDCToken: Uses ACTIONS_ID_TOKEN_REQUEST_URL/TOKEN env vars (GitHub Actions). No browser required.
- FetchInteractiveOIDCToken: Opens browser for Sigstore OIDC authentication (GitHub, Google, or Microsoft accounts). Has a 5-minute timeout.
Index ¶
- Constants
- func BuildStatement(subject AttestSubject, metadata StatementMetadata) ([]byte, error)
- func ComputeFileDigest(path string) (string, error)
- func FetchAmbientOIDCToken(ctx context.Context, requestURL, requestToken string) (string, error)
- func FetchInteractiveOIDCToken(ctx context.Context) (string, error)
- func FindBinaryAttestation(binaryPath string) (string, error)
- func ValidateSigstoreBundleData(data []byte) error
- type AttestSubject
- type Attester
- type Dependency
- type KeylessAttester
- type NoOpAttester
- type StatementMetadata
Constants ¶
const ( DefaultFulcioURL = "https://fulcio.sigstore.dev" DefaultRekorURL = "https://rekor.sigstore.dev" )
Sigstore public-good instance URLs.
const ( SigstoreOIDCIssuer = "https://oauth2.sigstore.dev/auth" SigstoreClientID = "sigstore" )
Sigstore public-good OIDC configuration.
const ( SLSAProvenanceType = "https://slsa.dev/provenance/v1" BundleBuildType = "https://aicr.nvidia.com/bundle/v1" )
SLSA and in-toto constants.
const AttestationDir = "attestation"
AttestationDir is the subdirectory within the bundle where attestation files are stored.
const AttestationFileSuffix = "-attestation.sigstore.json"
AttestationFileSuffix is the conventional suffix for attestation files.
const BinaryAttestationFile = AttestationDir + "/aicr-attestation.sigstore.json"
BinaryAttestationFile is the path for the binary attestation copied into the bundle.
const BundleAttestationFile = AttestationDir + "/bundle-attestation.sigstore.json"
BundleAttestationFile is the path for the bundle attestation within the output directory.
Variables ¶
This section is empty.
Functions ¶
func BuildStatement ¶
func BuildStatement(subject AttestSubject, metadata StatementMetadata) ([]byte, error)
BuildStatement constructs an in-toto Statement v1 with a SLSA Build Provenance v1 predicate. Returns the statement as serialized JSON.
func ComputeFileDigest ¶
ComputeFileDigest reads a file and returns its SHA256 hex digest.
func FetchAmbientOIDCToken ¶
FetchAmbientOIDCToken retrieves an OIDC identity token from the GitHub Actions ambient credential endpoint. This is used for keyless Fulcio signing in CI.
Parameters:
- requestURL: the ACTIONS_ID_TOKEN_REQUEST_URL environment variable
- requestToken: the ACTIONS_ID_TOKEN_REQUEST_TOKEN environment variable
func FetchInteractiveOIDCToken ¶
FetchInteractiveOIDCToken opens a browser for the user to authenticate with a Sigstore-supported identity provider (GitHub, Google, or Microsoft) and returns an OIDC identity token.
func FindBinaryAttestation ¶
FindBinaryAttestation locates the attestation file for a binary at the conventional path: <binary-path>-attestation.sigstore.json. Returns the attestation file path.
func ValidateSigstoreBundleData ¶
ValidateSigstoreBundleData checks that raw bytes are a structurally valid Sigstore bundle (valid JSON, valid protobuf). Does not verify signatures.
Types ¶
type AttestSubject ¶
type AttestSubject struct {
// Name is the artifact name (e.g., "checksums.txt").
Name string
// Digest maps algorithm to hex-encoded digest (e.g., {"sha256": "abc123..."}).
Digest map[string]string
// ResolvedDependencies records build inputs in SLSA resolvedDependencies format.
ResolvedDependencies []Dependency
// Metadata provides build context for the SLSA predicate.
Metadata StatementMetadata
}
AttestSubject describes what is being attested.
type Attester ¶
type Attester interface {
// Attest creates a DSSE-signed in-toto SLSA provenance statement for the
// given subject, returning a serialized Sigstore bundle (.sigstore.json).
// Returns nil bytes when attestation is not performed (e.g., NoOpAttester).
Attest(ctx context.Context, subject AttestSubject) ([]byte, error)
// Identity returns the attester's identity as it appears in the signing
// certificate or key reference (e.g., OIDC email, KMS key URI).
// Returns empty string when no identity is available.
Identity() string
// HasRekorEntry reports whether produced attestations include a Rekor
// transparency log inclusion proof.
HasRekorEntry() bool
}
Attester signs bundle content and returns a Sigstore bundle.
type Dependency ¶
type Dependency struct {
// URI identifies the dependency (e.g., GitHub release URL or file:// URI).
URI string
// Digest maps algorithm to hex-encoded digest.
Digest map[string]string
}
Dependency records an input artifact in SLSA resolvedDependencies.
type KeylessAttester ¶
type KeylessAttester struct {
// contains filtered or unexported fields
}
KeylessAttester signs bundle content using Sigstore keyless OIDC signing (Fulcio for certificates, Rekor for transparency logging).
func NewKeylessAttester ¶
func NewKeylessAttester(oidcToken string) *KeylessAttester
NewKeylessAttester returns a new KeylessAttester configured for Sigstore public-good infrastructure.
func (*KeylessAttester) Attest ¶
func (k *KeylessAttester) Attest(ctx context.Context, subject AttestSubject) ([]byte, error)
Attest creates a DSSE-signed in-toto SLSA provenance statement for the given subject using keyless OIDC signing via Fulcio and Rekor. Returns the Sigstore bundle as serialized JSON.
func (*KeylessAttester) HasRekorEntry ¶
func (k *KeylessAttester) HasRekorEntry() bool
HasRekorEntry returns true — keyless attestations always include a Rekor transparency log entry.
func (*KeylessAttester) Identity ¶
func (k *KeylessAttester) Identity() string
Identity returns the attester's identity. This is populated from the signing certificate after a successful Attest() call. Before signing, returns empty string.
type NoOpAttester ¶
type NoOpAttester struct{}
NoOpAttester is an Attester that performs no signing. Used when --attest is not set.
func NewNoOpAttester ¶
func NewNoOpAttester() *NoOpAttester
NewNoOpAttester returns a new NoOpAttester.
func (*NoOpAttester) Attest ¶
func (n *NoOpAttester) Attest(_ context.Context, _ AttestSubject) ([]byte, error)
Attest returns nil — no attestation is performed.
func (*NoOpAttester) HasRekorEntry ¶
func (n *NoOpAttester) HasRekorEntry() bool
HasRekorEntry returns false — no transparency log entry.
func (*NoOpAttester) Identity ¶
func (n *NoOpAttester) Identity() string
Identity returns empty string — no identity for NoOp.
type StatementMetadata ¶
type StatementMetadata struct {
// Recipe name that produced this bundle.
Recipe string
// RecipeSource indicates where the recipe came from ("embedded" or "external").
RecipeSource string
// Components lists the component names in the bundle.
Components []string
// OutputDir is the bundle output directory.
OutputDir string
// BuilderID identifies who created this bundle (e.g., OIDC email or workflow URI).
BuilderID string
// ToolVersion is the aicr version that produced this bundle (e.g., "v1.0.0").
ToolVersion string
}
StatementMetadata provides build context for the SLSA predicate.
Source Files