sign the envelope directly

Signed-off-by: Ramon Petgrave <[email protected]>
slsa-framework · Aug 1, 2024 · f6b4b61 · f6b4b61
1 parent 0405b72
commit f6b4b61
Showing 1 changed file with 12 additions and 15 deletions.
diff --git a/internal/builders/generic/attest.go b/internal/builders/generic/attest.go
@@ -112,21 +112,18 @@ run in the context of a Github Actions workflow.`,
 				attBytes, err = json.Marshal(p)
 				check(err)
 			} else {
-				// att, err := signer.Sign(ctx, &intoto.Statement{
-				// 	StatementHeader: p.StatementHeader,
-				// 	Predicate:       p.Predicate,
-				// })
-				// check(err)
+				att, err := signer.Sign(ctx, &intoto.Statement{
+					StatementHeader: p.StatementHeader,
+					Predicate:       p.Predicate,
+				})
+				check(err)
 
 				// _, err = tlog.Upload(ctx, att)
 				// check(err)
 
 				// attBytes = att.Bytes()
 
-				att, err := makeSigstoreBundleAttestation(ctx, &intoto.Statement{
-					StatementHeader: p.StatementHeader,
-					Predicate:       p.Predicate,
-				})
+				att, err = makeSigstoreBundleAttestation(ctx, att)
 				check(err)
 
 				attBytes = att.Bytes()
@@ -155,14 +152,14 @@ run in the context of a Github Actions workflow.`,
 	return c
 }
 
-func makeSigstoreBundleAttestation(ctx context.Context, statement *intoto.Statement) (signing.Attestation, error) {
+func makeSigstoreBundleAttestation(ctx context.Context, att signing.Attestation) (signing.Attestation, error) {
 	fmt.Println("debug: running makeSigstoreBundle")
-	statementBytes, err := json.Marshal(*statement)
-	if err != nil {
-		return nil, err
-	}
+	// statementBytes, err := json.Marshal(*statement)
+	// if err != nil {
+	// 	return nil, err
+	// }
 	content := &sigstoreSign.DSSEData{
-		Data:        statementBytes,
+		Data:        att.Bytes(),
 		PayloadType: "application/vnd.in-toto+json",
 	}
 	// content := &sigstoreSign.PlainData{