Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions verifiers/internal/gcb/provenance.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package gcb
import (
"crypto/sha256"
"encoding/json"
"errors"
"fmt"
"os"
"reflect"
Expand Down Expand Up @@ -54,7 +55,7 @@ func ProvenanceFromBytes(payload []byte) (*Provenance, error) {
var prov gloudProvenance
err := json.Unmarshal(payload, &prov)
if err != nil {
return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidDssePayload, err)
return nil, fmt.Errorf("%w: %w", serrors.ErrorInvalidDssePayload, err)
}

return &Provenance{
Expand Down Expand Up @@ -492,7 +493,7 @@ func (p *Provenance) VerifyBranch(branch string) error {
func (p *Provenance) VerifyTag(expectedTag string) error {
provenanceTag, err := p.getTag()
if err != nil {
return fmt.Errorf("%w: %v", serrors.ErrorMismatchTag, err.Error())
return fmt.Errorf("%w: %w", serrors.ErrorMismatchTag, err)
}

if provenanceTag != expectedTag {
Expand All @@ -505,7 +506,7 @@ func (p *Provenance) VerifyTag(expectedTag string) error {
func (p *Provenance) VerifyVersionedTag(expectedTag string) error {
provenanceTag, err := p.getTag()
if err != nil {
return fmt.Errorf("%w: %v", serrors.ErrorMismatchVersionedTag, err.Error())
return fmt.Errorf("%w: %w", serrors.ErrorMismatchVersionedTag, err)
}
return utils.VerifyVersionedTag(provenanceTag, expectedTag)
}
Expand Down Expand Up @@ -611,7 +612,7 @@ func (p *Provenance) verifySignatures(prov *provenance) error {
return nil
}

return fmt.Errorf("%w: %v", serrors.ErrorNoValidSignature, errs)
return fmt.Errorf("%w: %w", serrors.ErrorNoValidSignature, errors.Join(errs...))
}

// VerifySignature verifiers the signature for a provenance.
Expand All @@ -632,5 +633,5 @@ func (p *Provenance) VerifySignature() error {
return nil
}

return fmt.Errorf("%w: %v", serrors.ErrorNoValidSignature, errs)
return fmt.Errorf("%w: %w", serrors.ErrorNoValidSignature, errors.Join(errs...))
}
2 changes: 1 addition & 1 deletion verifiers/internal/gha/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func verifyTrustedBuilderID(certBuilderID, certTag string, expectedBuilderID *st
// Note: the certificate builderID has the form `name@refs/tags/v1.2.3`,
// so we pass `allowRef = true`.
if err := trustedBuilderID.MatchesLoose(*expectedBuilderID, true); err != nil {
return nil, false, fmt.Errorf("%w: %v", serrors.ErrorUntrustedReusableWorkflow, err)
return nil, false, fmt.Errorf("%w: %w", serrors.ErrorUntrustedReusableWorkflow, err)
}

return trustedBuilderID, false, nil
Expand Down
3 changes: 2 additions & 1 deletion verifiers/utils/dsse.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"encoding/base64"
"encoding/json"
"encoding/pem"
"errors"
"fmt"
"math/big"

Expand Down Expand Up @@ -93,7 +94,7 @@ func DecodeSignature(s string) ([]byte, error) {
}
errs = append(errs, err)

return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidEncoding, errs)
return nil, fmt.Errorf("%w: %w", serrors.ErrorInvalidEncoding, errors.Join(errs...))
}

type SignatureEncoding int
Expand Down