Provenance flag fixes:

- Skip passing provenance flag to buildctl when '--provenance=disabled'
- Skip listing attestation manifest on `image ls`

Signed-off-by: Swapnanil-Gupta <[email protected]>

Author: Swapnanil-Gupta

pkg/cmd/builder/build.go

@@ -404,6 +404,15 @@ func generateBuildctlArgs(ctx context.Context, client *containerd.Client, option
 	for _, s := range strutil.DedupeStrSlice(options.Attest) {
 		optAttestType, optAttestAttrs, _ := strings.Cut(s, ",")
 		if strings.HasPrefix(optAttestType, "type=") {
+			if strings.HasPrefix(optAttestAttrs, "disabled=") {
+				disabled, err := strconv.ParseBool(strings.TrimPrefix(optAttestAttrs, "disabled="))
+				if err != nil {
+					return "", nil, false, "", nil, nil, fmt.Errorf("invalid value for attribute \"disabled\"")
+				}
+				if disabled {
+					continue
+				}
+			}
 			optAttestType := strings.TrimPrefix(optAttestType, "type=")
 			buildctlArgs = append(buildctlArgs, fmt.Sprintf("--opt=attest:%s=%s", optAttestType, optAttestAttrs))
 		} else {

pkg/cmd/image/list.go

@@ -312,6 +312,10 @@ func readIndex(ctx context.Context, provider content.Provider, snapshotter snaps
 
 	// Iterate over manifest descriptors and read them all
 	for _, manifestDescriptor := range index.Manifests {
+		if isAttestationManifestDescriptor(manifestDescriptor) {
+			continue
+		}
+
 		manifest, err := readManifest(ctx, provider, snapshotter, manifestDescriptor)
 		if err != nil {
 			continue
@@ -419,3 +423,9 @@ func (x *imagePrinter) printImageSinglePlatform(desc ocispec.Descriptor, img ima
 	}
 	return nil
 }
+
+func isAttestationManifestDescriptor(desc ocispec.Descriptor) bool {
+	const manifestReferenceType = "vnd.docker.reference.type"
+	const attestationManifest = "attestation-manifest"
+	return desc.Annotations[manifestReferenceType] == attestationManifest
+}