[e2e]: generic schedule main multi-subjects slsa3

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3087641521
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Tue Sep 20 05:36:34 UTC 2022

[ianlewis]

Getting a rekor error:

Getting rekor entry error error verifying tlog entry: calculated root:
[24 12 212 170 213 2 56 52 155 205 63 112 44 220 2 1 231 110 52 155 94 169 129 26 157 212 5 37 124 99 64 196]
 does not match expected root:
[161 54 80 70 6 156 217 165 66 112 218 229 59 131 190 83 40 141 66 118 98 5 110 175 23 241 106 177 93 217 127 40]: verifying inclusion proof, trying Redis search index to find entries by subject digest
FAILED: SLSA verification failed: could not find a matching valid signature entry: got unexpected errors 

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3095402001
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Wed Sep 21 05:38:18 UTC 2022

[asraa]

Rekor is stuck at v0.10.0, which never included my race condition fix, FYI!

They are working on it
sigstore/rekor#1055 (comment)

[haydentherapper]

Rekor 0.11.0 has now been rolled out.

[ianlewis]

Thanks @haydentherapper! Hopefully the next run of the test will be successful and this issue will close automatically.

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3103039195
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Thu Sep 22 05:33:38 UTC 2022

[haydentherapper]

@asraa Is this the client breaking change?

[asraa]

@asraa Is this the client breaking change?

What do you mean? I don't think it's related to cosign sign-blob fixes

The current failure is a little hard to read...

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3110557080
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Fri Sep 23 05:33:58 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3117121479
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Sat Sep 24 05:21:29 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3120946282
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Sun Sep 25 05:14:01 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3125318142
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Mon Sep 26 05:44:06 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3133135546
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Tue Sep 27 05:31:00 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3141068254
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Wed Sep 28 05:43:10 UTC 2022

[stephenfuqua]

I'm using slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 and encountering message FAILED: SLSA verification failed: could not find a matching valid signature entry.

Based on the above information, it is hard for me to tell if this is expected right now or if perhaps I have done something wrong in my implementation.

• Example error
• Workflow file

Will keep an eye on this issue to see if/when there is a resolution.

[asraa]

I'm using slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.0 and encountering message FAILED: SLSA verification failed: could not find a matching valid signature entry.

Hi! I don't think this is the same issue given that the error here is from multi subjects. There was a recent regression just today in Rekor regarding blob verification, see similar issue here (sigstore/cosign#2294).

I'll check to see what is the cause and update you here.

[asraa]

Correct! Your issue will be fixed when this is rolled into production: sigstore/rekor#1082

For reference: we aren't retrieving the Rekor log entry for the builder's attestation so the workflow is failing because it cannot verify the builder. This is because when we sharded, Rekor only retrieves log entries on the CURRENT shard, which is now rotated.

You can use the compile-builder: true option to mitigate in the meantime.

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3148877983
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Thu Sep 29 05:40:07 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3156492149
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Fri Sep 30 05:29:50 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3163294962
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Sat Oct 1 05:26:16 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3167380678
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Sun Oct 2 05:23:27 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3171659138
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Mon Oct 3 05:04:50 UTC 2022

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3179542292
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: schedule
Branch: main
Date: Tue Oct 4 05:28:37 UTC 2022

[ianlewis]

I think this was caused by a buggy tag check in the tests. The if failed and continues down the wrong code branch.

./.github/workflows/scripts/e2e-verify.common.sh: line 115: v1.1.2: command not found

It should be fixed by slsa-framework/example-package@87a5fb1

[ianlewis]

Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/3186949273
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.generic.schedule.main.multi-subjects.slsa3.yml
Trigger: workflow_dispatch
Branch: main
Date: Wed Oct 5 03:28:13 UTC 2022

Tests are passing now. Closing this issue.