hmz007
36ed224bac
|
1 year ago | |
|---|---|---|
| .. | ||
| cmd/verifier | 1 year ago | |
| internal | 1 year ago | |
| README.md | 1 year ago | |
| go.mod | 1 year ago | |
| go.sum | 1 year ago | |
README.md
Verifier of Binary Transparency for Pixel Factory Images
This repository contains code to read the transparency log for Binary Transparency for Pixel Factory Images. See the particular section for this tool here.
Files and Directories
cmd/verifier/- Contains the binary to read the transparency log. It is embedded with the public key of the log to verify log identity.
internal/- Internal libraries for the verifier binary.
Build
This module requires Go 1.17. Install here, and run go build cmd/verifier/verifier.go.
An executable named verifier should be produced upon successful build.
Usage
The verifier uses the checkpoint and the log contents (found at the tile directory) to check that your image payload is in the transparency log, i.e. that it is published by Google.
To run the verifier after you have built it in the previous section:
$ ./verifier --payload_path=${PAYLOAD_PATH}
Input
The verifier takes a payload_path as input.
Each Pixel Factory image corresponds to a payload stored in the transparency log, the format of which is:
<build_fingerprint>\n<vbmeta_digest>\n
See here for a few methods detailing how to extract this payload from an image.
Output
The output of the command is written to stdout:
OKif the image is included in the log, i.e. that this claim is true,FAILUREotherwise.