Merge branch 'main' of github.com:sigstore/cosign into changelog

sigstore · Aug 4, 2022 · d5f27d6 · d5f27d6
2 parents e373bb7 + a39ce91
commit d5f27d6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 # v1.10.1
 
+**Note: This release comes with a fix for CVE-2022-35929 described in this [Github Security Advisory](https://github.com/sigstore/cosign/security/advisories/GHSA-vjxv-45g9-9296). Please upgrade to this release ASAP**
+
 ## Enhancements
 * update cross-builder to go1.18.5 and cosign image to 1.10.0 (#2119)
 * feat: attach: attestation: allow passing multiple payloads (#2085)

diff --git a/test/e2e_test.go b/test/e2e_test.go
@@ -992,7 +992,7 @@ func TestSaveLoadAttestation(t *testing.T) {
 	must(verify(pubKeyPath, imgName, true, nil, ""), t)
 
 	// now, append an attestation to the image
-	slsaAttestation := `{ "builder": { "id": "2" }, "recipe": {} }`
+	slsaAttestation := `{ "buildType": "x", "builder": { "id": "2" }, "recipe": {} }`
 	slsaAttestationPath := filepath.Join(td, "attestation.slsa.json")
 	if err := os.WriteFile(slsaAttestationPath, []byte(slsaAttestation), 0600); err != nil {
 		t.Fatal(err)
@@ -1001,7 +1001,7 @@ func TestSaveLoadAttestation(t *testing.T) {
 	// Now attest the image
 	ko = options.KeyOpts{KeyRef: privKeyPath, PassFunc: passFunc}
 	must(attest.AttestCmd(ctx, ko, options.RegistryOptions{}, imgName, "", "", false, slsaAttestationPath, false,
-		"custom", false, 30*time.Second, false), t)
+		"slsaprovenance", false, 30*time.Second, false), t)
 
 	// save the image to a temp dir
 	imageDir := t.TempDir()