ensure shbang check only checks valid shbangs #1160
Merged
Chainguard Enforce / Enforce - Commit Signing
succeeded
Apr 23, 2024 in 0s
Successfully verified commit signature.
| CLAIM | DESCRIPTION | |
|---|---|---|
| ✅ | Found Git signature | |
| ✅ | Validated Git signature | |
| ✅ | Validated Rekor entry | |
| ✅ | Allowed by policy |
Details
Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 16093994514956338538643163352158455577296507307 (0x2d1adff1613d580a0398bdca1452f2069d011ab)
Signature Algorithm: ECDSA-SHA384
Issuer: O=sigstore.dev,CN=sigstore-intermediate
Validity
Not Before: Apr 23 15:14:35 2024 UTC
Not After : Apr 23 15:24:35 2024 UTC
Subject: Subject Public Key Info:
Public Key Algorithm: ECDSA
Public-Key: (256 bit)
X:
6b:4b:76:ff:fa:f8:bc:4a:39:11:75:86:f4:62:f0:
35:a4:47:fe:cc:6e:e5:fb:f2:4c:77:1b:5d:3b:1c:
9e:6c
Y:
cc:15:e3:f0:1c:1d:1c:ec:c0:fe:bc:e5:07:e3:36:
35:05:1c:b1:e0:b6:89:01:6f:a7:48:c4:34:ea:f3:
93:7a
Curve: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 Subject Key Identifier:
83:05:BE:6D:EF:99:5C:D2:58:6F:33:76:A6:59:A2:64:D6:1C:4D:A6
X509v3 Authority Key Identifier:
keyid:DF:D3:E9:CF:56:24:11:96:F9:A8:D8:E9:28:55:A2:C6:2E:18:64:3F
X509v3 Subject Alternative Name: critical
email:joshwolf@chainguard.dev
oidcIssuer:
https://accounts.google.com
Unknown extension 1.3.6.1.4.1.57264.1.8
Signed Certificate Timestamp:
BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABjwuF5TYAAAQDAEgwRgIhAOqOyHIpmtGOPb+g2FlcbNU9xxF6qC1PMC+MVhoQEcH0AiEApAUfO5TeIfm9EUNVh2swu3JZPI1srl1LKKwQ8vTb8Lo=
Signature Algorithm: ECDSA-SHA384
30:65:02:31:00:ff:8c:5a:72:f6:a7:f0:4c:17:65:b2:3e:d8:
d9:68:10:a9:a1:c7:a8:c8:dc:4d:e8:3a:bf:cd:8a:29:ce:33:
e9:8d:6c:7b:d3:ea:d9:f1:7f:38:dc:cc:9f:87:3b:b4:ec:02:
30:0b:f0:c3:d2:92:10:9d:45:0e:df:29:42:23:bb:ca:3e:c7:
46:35:97:ed:65:63:cf:4d:bb:b2:5a:db:db:30:41:a6:37:29:
19:4e:5b:f1:8b:d3:c0:32:d8:9a:52:9e:6a
Rekor Entry
{
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMWI4ZjcwNTlhMGNkNTJkMzlmZmM0NzhlZWIwMzI0NzJiNDYwZDNmZGQ4OTcwY2JjZjg0MDlmYTY5MjBlN2QyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRHA0WXNTSkx5a1NPVmVSTUQ3Q3BobXJSWGc3WW9XK2hHZ2lEV3Rwa25KL0FpRUE4Y3hMS014TDFiOWZKWUI5ZGc5UEY4OXA5bi9jZzZuNksvVHI3V0tScjd3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXdWRU5EUVd4bFowRjNTVUpCWjBsVlFYUkhkQzk0V1ZReFdVTm5UMWwyWTI5VlZYWkpSMjVSUldGemQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDVFU1hwTlZGVjRUa1JOTVZkb1kwNU5hbEYzVGtSSmVrMVVWWGxPUkUweFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZoTUhReUx5OXlOSFpGYnpWRldGZEhPVWRNZDA1aFVrZ3ZjM2gxTldaMmVWUklZMklLV0ZSelkyNXRlazFHWlZCM1NFSXdZemROUkN0MlQxVklOSHBaTVVKU2VYZzBUR0ZLUVZjcmJsTk5VVEEyZGs5VVpYRlBRMEZZV1hkblowWjVUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZuZDFjckNtSmxLMXBZVGtwWllucE9NbkJzYldsYVRsbGpWR0ZaZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBwUldVUldVakJTUVZGSUwwSkNjM2RIV1VWWVlXMDVlbUZJWkhaaVIxcEJXVEpvYUdGWE5XNWtWMFo1V2tNMWExcFlXWGRMVVZsTFMzZFpRZ3BDUVVkRWRucEJRa0ZSVVdKaFNGSXdZMGhOTmt4NU9XaFpNazUyWkZjMU1HTjVOVzVpTWpsdVlrZFZkVmt5T1hSTlEzTkhRMmx6UjBGUlVVSm5OemgzQ2tGUlowVklVWGRpWVVoU01HTklUVFpNZVRsb1dUSk9kbVJYTlRCamVUVnVZakk1Ym1KSFZYVlpNamwwVFVsSFRFSm5iM0pDWjBWRlFXUmFOVUZuVVVNS1FrZ3dSV1YzUWpWQlNHTkJNMVF3ZDJGellraEZWRXBxUjFJMFkyMVhZek5CY1VwTFdISnFaVkJMTXk5b05IQjVaME00Y0Rkdk5FRkJRVWRRUXpSWWJBcE9aMEZCUWtGTlFWTkVRa2RCYVVWQk5tODNTV05wYldFd1dUUTVkalpFV1ZkV2VITXhWRE5JUlZoeGIweFZPSGRNTkhoWFIyaEJVbmRtVVVOSlVVTnJDa0pTT0Rkc1RqUm9LMkl3VWxFeFYwaGhla00zWTJ4ck9HcFhlWFZZVlhOdmNrSkVlVGxPZG5kMWFrRkxRbWRuY1docmFrOVFVVkZFUVhkT2IwRkVRbXdLUVdwRlFTODBlR0ZqZG1GdU9FVjNXRnBpU1NzeVRteHZSVXR0YUhnMmFra3pSVE52VDNJdlRtbHBiazlOSzIxT1lraDJWRFowYm5obWVtcGpla29yU0FwUE4xUnpRV3BCVERoTlVGTnJhRU5rVWxFM1prdFZTV3AxT0c4cmVEQlpNV3dyTVd4Wk9EbE9kVGRLWVRJNWMzZFJZVmt6UzFKc1QxY3ZSMHd3T0VGNUNqSktjRk51Ylc4OUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19",
"integratedTime": 1713885275,
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
"logIndex": 88066932,
"verification": {
"inclusionProof": {
"checkpoint": "rekor.sigstore.dev - 2605736670972794746\n83908273\nwXl4Nl/vLIVWVGyp3L7Le0oVVfOHiwcSvEyAxI4IwGI=\n\n— rekor.sigstore.dev wNI9ajBGAiEAqvJL0jB21hoIZAfpbE03TPAsymYQ2u+LNSNyik1Ea4UCIQDYp6y0F0UGy1Yoo69RZfa3XPmzkWj0b0Jf8ADjYp+KiQ==\n",
"hashes": [
"ffbcab18ae76193637efda47be6687eb0bf0349f360bd7f06ac8024368e94005",
"d3e8236d4fc880093ba221ac1fa52f3fba78f44aef2115d7e35305e7fb459e13",
"29c5084c6eba9a76635513f00686695bd7446bac451a7cf1cf2c9c4f72598801",
"635033c7871d5a9b84526ede853fd007a6ab80c8750043eb7e81ccb7f9164a18",
"f995a917af50432a6ace88a54f1f1be3313b2c7ad3657f4082d9af6586f72754",
"ad76fa8cb9f2db8ae4c87eeb45cbd61c20f077472303fc13472c9b31bce0e18a",
"035d3002fd578125789ab951512d7f8988267bbcc1ba8d29bbbd24069b7414c8",
"acb5a45de4f5af0de17a158ce11dc561b80bdb2f02b18284a86f62a9b9a5f2b5",
"edd8749db08e26fe2e87eb9ec4fbbd7ad6340a3f6b3cc3703107568224fe0306",
"3376ef8467cec7384cef84127af483ba60c4a2ddd4058e8333e65142a369e121",
"79907011860903911e123705acee583ec69167cdf712830568a83182a4c36d77",
"e917db49fbb43a9406439b98f14e3a41b9de92986af89229241124fecc1ad66b",
"ffa0e40ec4c54cdcb066d08230d8597b244bef0f8701c476414fb4d8a107ba87",
"a217eec22141022ea6fd4dd1cdc3bef52bec10e8f887ee095c99ae58a39b1e42",
"b23a2193fdc34087d74e07ffe57a70b5d17bc8d6eb7fc63290e307af50b20584",
"f7c7a7ccc682fb1e6808cbc8650039cfcbeed9aa4330216f13ff77e4d7ee3f0f"
],
"logIndex": 83903501,
"rootHash": "c17978365fef2c8556546ca9dcbecb7b4a1555f3878b0712bc4c80c48e08c062",
"treeSize": 83908273
},
"signedEntryTimestamp": "MEYCIQC9tREMkdTg0Z8Gr1dZMuXe59oU2mjNn0pG9ZQp58h5qgIhAI7L2J0RuceZzABkxivxVANgW/TLqju5a8nTQJt0QDcF"
}
}
Loading