You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi. Starting in v2 of slsa-verifier we updated the CLI to better support other types of artifacts.
I think this may just be a matter of updating the doc with the new command. We maintain backwards compatibility in the CLI (but may update it for major versions) and aren't likely to make more backwards incompatible changes any time soon.
I have some doubts but is it maybe helpful to note the version of the verifier used?
Describe the bug
Installation can't be done following instructions from https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md#installation.
To Reproduce
Follow instructions at https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md#installation
Note that provenance file was downloaded correctly even fix from #1539 is not visible in README.
Expected behavior
Installation to pass with all steps mentioned.
Working command:
./slsa-verifier-linux-amd64 verify-artifact go-containerregistry.tar.gz --provenance-path provenance.intoto.jsonl --source-uri github.com/google/go-containerregistry --source-tag "v${CRANE_VERSION}"
Additional context
Breaking change introduced at https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0
Add any other context about the problem here.
crane version
: 0.13.0The text was updated successfully, but these errors were encountered: