diff --git a/model_signing/model.py b/model_signing/model.py index e7d279bc..866ebce5 100644 --- a/model_signing/model.py +++ b/model_signing/model.py @@ -41,6 +41,7 @@ def verify(sig: signing.Signature, serializer: serialization.Serializer, ignore_paths: list[pathlib.Path] = []): peer_manifest = verifier.verify(sig) - local_manifest = serializer.serialize(model_path, ignore_paths) + local_manifest = serializer.serialize( + model_path, ignore_paths=ignore_paths) if peer_manifest != local_manifest: raise verifying.VerificationError('the manifest do not match') diff --git a/sign.py b/sign_model.py similarity index 100% rename from sign.py rename to sign_model.py diff --git a/model_signing/verify.py b/verify_model.py similarity index 94% rename from model_signing/verify.py rename to verify_model.py index 458c39cc..73f95e5c 100644 --- a/model_signing/verify.py +++ b/verify_model.py @@ -28,6 +28,7 @@ from model_signing.signature import pki from model_signing.signature import sigstore from model_signing.signature import fake +from model_signing.signing import in_toto log = logging.getLogger(__name__) @@ -131,8 +132,7 @@ def main(): log.info(f'Verifying model signature from {args.sig_path}') - bundle = bundle_pb.Bundle().from_json( - value=args.sig_path.read_text()) + sig = in_toto.IntotoSignature.read(args.sig_path) def hasher_factory(file_path: pathlib.Path) -> file.FileHasher: return file.SimpleFileHasher( @@ -140,13 +140,15 @@ def hasher_factory(file_path: pathlib.Path) -> file.FileHasher: content_hasher=memory.SHA256(), ) - serializer = serialize_by_file.FilesSerializer( + serializer = serialize_by_file.ManifestSerializer( file_hasher_factory=hasher_factory) + intoto_verifier = in_toto.IntotoVerifier(verifier) + try: model.verify( - bundle=bundle, - verifier=verifier, + sig=sig, + verifier=intoto_verifier, model_path=args.model_path, serializer=serializer, ignore_paths=[args.sig_path])