| 26 | ) |
| 27 | |
| 28 | func NewInspectCmd(f *cmdutil.Factory, runF func(*Options) error) *cobra.Command { |
| 29 | opts := &Options{} |
| 30 | inspectCmd := &cobra.Command{ |
| 31 | Use: "inspect <path-to-sigstore-bundle>", |
| 32 | Args: cmdutil.ExactArgs(1, "must specify bundle file path"), |
| 33 | Hidden: true, |
| 34 | Short: "Inspect a Sigstore bundle", |
| 35 | Long: heredoc.Docf(` |
| 36 | Inspect a Sigstore bundle that has been downloaded to disk. To download bundles |
| 37 | associated with your artifact(s), see the %[1]sgh at download%[1]s command. |
| 38 | |
| 39 | Given a .json or .jsonl file, this command will: |
| 40 | - Extract the bundle's statement and predicate |
| 41 | - Provide a certificate summary, if present, and indicate whether the cert |
| 42 | was issued by GitHub or by Sigstore's Public Good Instance (PGI) |
| 43 | - Check the bundles' "authenticity" |
| 44 | |
| 45 | For our purposes, a bundle is authentic if we have the trusted materials to |
| 46 | verify the included certificate(s), transparency log entries, and signed |
| 47 | timestamps, and if the included signatures match the provided public key. |
| 48 | |
| 49 | This command cannot be used to verify a bundle. To verify a bundle, see the |
| 50 | %[1]sgh at verify%[1]s command. |
| 51 | |
| 52 | By default, this command prints a condensed table. To see full results, provide the |
| 53 | %[1]s--format=json%[1]s flag. |
| 54 | `, "`"), |
| 55 | Example: heredoc.Doc(` |
| 56 | # Inspect a Sigstore bundle and print the results in table format |
| 57 | $ gh attestation inspect <path-to-bundle> |
| 58 | |
| 59 | # Inspect a Sigstore bundle and print the results in JSON format |
| 60 | $ gh attestation inspect <path-to-bundle> --format=json |
| 61 | `), |
| 62 | PreRunE: func(cmd *cobra.Command, args []string) error { |
| 63 | // Create a logger for use throughout the inspect command |
| 64 | opts.Logger = io.NewHandler(f.IOStreams) |
| 65 | |
| 66 | // set the bundle path |
| 67 | opts.BundlePath = args[0] |
| 68 | |
| 69 | // Clean file path options |
| 70 | opts.Clean() |
| 71 | |
| 72 | return nil |
| 73 | }, |
| 74 | RunE: func(cmd *cobra.Command, args []string) error { |
| 75 | // handle tenancy |
| 76 | if opts.Hostname == "" { |
| 77 | opts.Hostname, _ = ghauth.DefaultHost() |
| 78 | } |
| 79 | |
| 80 | if err := auth.IsHostSupported(opts.Hostname); err != nil { |
| 81 | return err |
| 82 | } |
| 83 | |
| 84 | hc, err := f.HttpClient() |
| 85 | if err != nil { |