Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Inclusion proof verification fails: wrong proof size #1055

Closed
asraa opened this issue Sep 15, 2022 · 7 comments
Closed

Inclusion proof verification fails: wrong proof size #1055

asraa opened this issue Sep 15, 2022 · 7 comments
Labels
bug Something isn't working ga_candidate Proposed blocking issue for GA release

Comments

@asraa
Copy link
Contributor

asraa commented Sep 15, 2022

Description

We're once again seeing errors: https://github.com/slsa-framework/example-package/actions/runs/3057744627/jobs/4933233549#step:3:74

validating log entry: verifying inclusion proof: wrong proof size 16, want 17

Version

This run was in the last 12 hours, so I believe 0.12 or 0.11 was deployed? Would be good to get confirmation.

Will check a little if I can reproduce sometime later.

cc @laurentsimon @ianlewis

@asraa asraa added the bug Something isn't working label Sep 15, 2022
@var-sdk var-sdk added the ga_candidate Proposed blocking issue for GA release label Sep 16, 2022
@znewman01
Copy link

We've seen a different verification failure at Chainguard a few times over the past week or two:

verifying inclusion proof: calculated root:
[119 6 99 127 2 28 252 162 65 159 51 229 121 172 227 71 23 198 147 59 68 41 156 37 253 82 90 121 25 9 94 245]
 does not match expected root:
[209 92 229 175 211 154 106 221 90 249 191 242 25 31 173 181 104 66 147 133 251 215 219 244 203 6 150 181 93 92 252 133]

(It's in the context of Gitsign verification.) Not sure if that's related.

@asraa
Copy link
Contributor Author

asraa commented Sep 19, 2022

It likely is! They go hand in hand: #956

There's probably another place this is happening.

@haydentherapper
Copy link
Contributor

It looks like the cause is that production is running 0.10.0 and not 0.11.0 which contains the fix. I'm updating prod now, though we can't rollout the latest 0.12.0 yet since we haven't verified it in staging.

@haydentherapper
Copy link
Contributor

@asraa, can you verify this is now working and mark as closed once you do?

@asraa
Copy link
Contributor Author

asraa commented Oct 3, 2022

We may have seen this happen again recently, but I'm trying to pinpoint if it's occuring after the rollout slsa-framework/slsa-verifier#285

@bobcallaway
Copy link
Member

@asraa can we close this out?

@ianlewis
Copy link

@bobcallaway @asraa We haven't seen it on slsa-github-generator e2e tests for a while so I think it's ok to close out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working ga_candidate Proposed blocking issue for GA release
Projects
None yet
Development

No branches or pull requests

6 participants