Fix package name handling to retain version and strip ‘@’ suffix #1472
+33
−4
Chainguard Enforce / Enforce - Commit Signing
succeeded
Jan 9, 2025 in 1s
Successfully verified commit signature.
| CLAIM | DESCRIPTION | |
|---|---|---|
| ✅ | Found Git signature | |
| ✅ | Validated Git signature | |
| ✅ | Validated Rekor entry | |
| ✅ | Allowed by policy |
Details
Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 654266087877075954738307162516640884698550509316 (0x729a4e5995d3203b5c1549a0a446c94e88e61f04)
Signature Algorithm: ECDSA-SHA384
Issuer: O=sigstore.dev,CN=sigstore-intermediate
Validity
Not Before: Jan 9 08:17:00 2025 UTC
Not After : Jan 9 08:27:00 2025 UTC
Subject: Subject Public Key Info:
Public Key Algorithm: ECDSA
Public-Key: (256 bit)
X:
0b:b3:77:ea:b9:58:f4:02:ca:80:66:1d:e1:56:3b:
7f:43:1f:74:bd:64:6f:af:8e:67:e5:e7:01:32:41:
b7:c3
Y:
34:70:5c:81:c2:5d:17:f4:bb:7e:94:be:ed:2d:67:
56:3b:63:ff:ab:65:29:c8:ce:44:14:8a:4f:ae:cf:
a8:49
Curve: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 Subject Key Identifier:
23:2B:E2:C1:AF:C8:1E:00:76:32:3E:93:FF:40:65:41:51:A0:38:56
X509v3 Authority Key Identifier:
keyid:DF:D3:E9:CF:56:24:11:96:F9:A8:D8:E9:28:55:A2:C6:2E:18:64:3F
X509v3 Subject Alternative Name: critical
email:[email protected]
oidcIssuer:
https://github.com/login/oauth
Unknown extension 1.3.6.1.4.1.57264.1.8
Signed Certificate Timestamp:
BHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABlEojYPoAAAQDAEYwRAIgf4jHurZDorFgXohPD+7hn0eecWKgpBYmWZ0eqOhB+EUCIB5eZ2WRoQ1IRQRI8ErolQX+5Olj0L0S3aGjwLOs+g7t
Signature Algorithm: ECDSA-SHA384
30:66:02:31:00:bd:77:94:05:cb:96:38:8f:53:b3:7d:5c:93:
6a:fb:65:53:dc:fb:70:66:52:ab:e0:39:b8:02:8c:69:e7:e6:
db:df:49:93:b8:17:1e:19:cc:e1:7c:9f:e6:08:38:54:e4:02:
31:00:c4:77:45:26:6b:c7:8d:0a:13:b6:c5:e2:4b:97:29:17:
a5:8e:db:39:df:16:31:da:d7:a4:3b:9a:e5:c0:67:9f:be:89:
2c:88:59:60:fb:a8:e7:b2:ab:17:41:17:d8:4c
Rekor Entry
{
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI4NzdjYmUzMWQwZGY2MzY1ODExN2Y2ZWRiM2M2ZjhkNjVhYjM5ZDI0ZWM5MGY2NGZjYWVkZjY2MzA0NWEwZTNjIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUURWSkJXcjNGZms4V2d1eWk0aGpKdHdvSFZYSjh5RUtnN1NxeE9jUGxvRXRRSWdKN1ZNdENlbFgwWDZVM0VQYThtNzg4QjN0amdBbFVUZ0VzcHF2WFJhVk5JPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXhSRU5EUVd4dFowRjNTVUpCWjBsVlkzQndUMWRhV0ZSSlJIUmpSbFZ0WjNCRllrcFViMnB0U0hkUmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDFVUVRWTlJHZDRUbnBCZDFkb1kwNU5hbFYzVFZSQk5VMUVaM2xPZWtGM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZETjA0ek5uSnNXVGxCVEV0blIxbGtORlpaTjJZd1RXWmtUREZyWWpZclQxb3JXRzRLUVZSS1FuUTRUVEJqUm5sQ2Qyd3dXRGxNZEN0c1REZDBURmRrVjA4eVVDOXhNbFZ3ZVUwMVJVWkpjRkJ5Y3l0dlUyRlBRMEZZWjNkblowWXdUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZKZVhacENuZGhMMGxJWjBJeVRXbzJWQzh3UW14UlZrZG5UMFpaZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBsM1dVUldVakJTUVZGSUwwSkNhM2RHTkVWV1dsY3hjR0p0Um5Ka1IwWjZUWHBTUVZveU1XaGhWM2QxV1RJNWRFMURkMGREYVhOSFFWRlJRZ3BuTnpoM1FWRkZSVWh0YURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPWE5pTW1Sd1ltazVkbGxZVmpCaFJFRjFRbWR2Y2tKblJVVkJXVTh2Q2sxQlJVbENRMEZOU0cxb01HUklRbnBQYVRoMldqSnNNR0ZJVm1sTWJVNTJZbE01YzJJeVpIQmlhVGwyV1ZoV01HRkVRMEpwVVZsTFMzZFpRa0pCU0ZjS1pWRkpSVUZuVWpkQ1NHdEJaSGRDTVVGT01EbE5SM0pIZUhoRmVWbDRhMlZJU214dVRuZExhVk5zTmpRemFubDBMelJsUzJOdlFYWkxaVFpQUVVGQlFncHNSVzlxV1ZCdlFVRkJVVVJCUlZsM1VrRkpaMlkwYWtoMWNscEViM0pHWjFodmFGQkVLemRvYmpCbFpXTlhTMmR3UWxsdFYxb3daWEZQYUVJclJWVkRDa2xDTldWYU1sZFNiMUV4U1ZKUlVrazRSWEp2YkZGWUt6VlBiR293VERCVE0yRkhhbmRNVDNNclp6ZDBUVUZ2UjBORGNVZFRUVFE1UWtGTlJFRXlhMEVLVFVkWlEwMVJRemxrTlZGR2VUVlpOR294VDNwbVZubFVZWFowYkZVNWVqZGpSMXBUY1N0Qk5YVkJTMDFoWldadE1qazVTbXMzWjFoSWFHNU5ORmg1WmdvMVoyYzBWazlSUTAxUlJFVmtNRlZ0WVRobFRrTm9Ueko0WlVwTWJIbHJXSEJaTjJKUFpEaFhUV1J5V0hCRWRXRTFZMEp1YmpjMlNreEphRnBaVUhWdkNqVTNTM0pHTUVWWU1rVjNQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09In19fX0=",
"integratedTime": 1736410621,
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
"logIndex": 161014662,
"verification": {
"inclusionProof": {
"checkpoint": "rekor.sigstore.dev - 1193050959916656506\n39110438\nV+c/Wnir35QOgV58lLNO4MeZziDxrYu2O0tkx4CiZS4=\n\n— rekor.sigstore.dev wNI9ajBEAiAOJP2xsYOvY6nv3lXrIn1f/PQEGd6roySo/BO5sqS7cgIgFzWnkyoy+TMpgWTzHrWA+aZ25slSrdas73/7crz8LHk=\n",
"hashes": [
"2af935897ff5ea5203aad2d03ba610ffc65b84859262329f80fa2e9f6102945f",
"08f8a700360e7b241ff761564278fe5a517e2f95992682a1628e5e3efbfa5449",
"8279dc5e8369e16f63bcd8f831801a8aa5760eb94d89a2e01002771c4e7c1bfd",
"bb52ef08fd23dea982c0577f7e9285519915cc843bb8fc23484cabb2ead74c0b",
"fc7c96d17d3862be49806c861e4cdd4d30558500634a316d2b154d5fd71ed1e5",
"916737c10bc6ecb72ddb2792759bfb464620b42a0a91fc0174a5841ccd6fda02",
"21522c03cb5630146ff588b2ea9371bf730b8254f279c5ddd38b01aba137a50e",
"7639f76cbfa87d5a7a951f185f8c64f7024a3a74e168ced59ffe5bcec94d0a60",
"c4276bed4cdfe291031b49991b52b7d6204bb31946648645243af2dc9c13d9ef",
"b2c5bb77ac8f9f2ebe7a0695369827c6f99bb89b4f0025fbbd1dd99fd9278fc8",
"8404c99179aff01260bf8f31e3b32e68f4d2f6c5cbb111b37ba3d65bf974a1cc",
"09dfa31db19b4b16ed002320d1c1144aba3049e2a8740566cc7c78232253c2ae",
"bead1293e6fa47e2e311a6a2cc3ac923547b5a2cff0a1f784529f1f72206f2b2",
"2f14d54853eeae243645423c0dbbb6873e30cc01b51b6ef5fc98afaab7757adc",
"bde9b268c8f435ad4b3236c1ffd0e692af13fa301bde8fb20844a001ac940015"
],
"logIndex": 39110400,
"rootHash": "57e73f5a78abdf940e815e7c94b34ee0c799ce20f1ad8bb63b4b64c780a2652e",
"treeSize": 39110438
},
"signedEntryTimestamp": "MEUCIQCFJ4S7VbNLve8qDfQxJpmpsHhNdSwDomyweDYySjhVfgIgbAcDOrbKbTTJ7ndYHSvfslL4+rXwcFrvoip8g/tWKiA="
}
}
Loading