comments 4

Signed-off-by: Martin Sablotny <[email protected]>

README.model_signing.md

@@ -47,6 +47,9 @@ The verification part reads the sigstore bundle file and firstly verifies that t
 signature is valid and secondly compute the model's file hashes again to compare
 against the signed ones.
 
+**Note**: The signature is stored as `./model.sig` by default and can be adjusted
+by setting the `--sig_out` flag.
+
 ### Usage
 
 There are two scripts one can be used to create and sign a bundle and the other to

src/model_signing/model.py

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 import pathlib
-from typing import Callable, TypeAlias
+from typing import Callable, TypeAlias, Iterable
 
 from model_signing.manifest import manifest
 from model_signing.serialization import serialization
@@ -32,7 +32,7 @@ def sign(
     signer: signing.Signer,
     payload_generator: PayloadGeneratorFunc,
     serializer: serialization.Serializer,
-    ignore_paths: list[pathlib.Path] | None = None,
+    ignore_paths: Iterable[pathlib.Path] = frozenset(),
 ) -> signing.Signature:
     """Provides a wrapper function for the steps necessary to sign a model.
 
@@ -47,8 +47,6 @@ def sign(
     Returns:
         The model's signature.
     """
-    if not ignore_paths:
-        ignore_paths = []
     manifest = serializer.serialize(model_path, ignore_paths=ignore_paths)
     payload = payload_generator(manifest)
     sig = signer.sign(payload)
@@ -60,7 +58,7 @@ def verify(
     verifier: signing.Verifier,
     model_path: pathlib.Path,
     serializer: serialization.Serializer,
-    ignore_paths: list[pathlib.Path] | None = None,
+    ignore_paths: Iterable[pathlib.Path] = frozenset(),
 ):
     """Provides a simple wrapper to verify models.
 
@@ -75,8 +73,6 @@ def verify(
     Raises:
         verifying.VerificationError: on any verification error.
     """
-    if not ignore_paths:
-        ignore_paths = []
     peer_manifest = verifier.verify(sig)
     local_manifest = serializer.serialize(model_path, ignore_paths=ignore_paths)
     if peer_manifest != local_manifest:

src/sign.py

@@ -47,7 +47,7 @@ def _arguments() -> argparse.Namespace:
         help="the output file, it defaults ./signature.json",
         required=False,
         type=pathlib.Path,
-        default=pathlib.Path("./signature.json"),
+        default=pathlib.Path("./model.sig"),
         dest="sig_out",
     )
 

tests/signing/in_toto_signature_test.py

@@ -34,7 +34,7 @@ def _shard_hasher_factory(
     def _hasher_factory(self, path: pathlib.Path) -> file.FileHasher:
         return file.SimpleFileHasher(path, memory.SHA256())
 
-    def test_sharded_payload_to_manifest(self, sample_model_folder):
+    def test_sign_and_verify_sharded_manifest(self, sample_model_folder):
         signer = in_toto_signature.IntotoSigner(fake.FakeSigner())
         verifier = in_toto_signature.IntotoVerifier(fake.FakeVerifier())
         shard_serializer = serialize_by_file_shard.ManifestSerializer(
@@ -50,7 +50,7 @@ def test_sharded_payload_to_manifest(self, sample_model_folder):
         manifest = sig.to_manifest()
         assert shard_manifest == manifest
 
-    def test_digest_sharded_payload_to_manifest(self, sample_model_folder):
+    def test_sign_and_verify_digest_sharded_manifest(self, sample_model_folder):
         signer = in_toto_signature.IntotoSigner(fake.FakeSigner())
         verifier = in_toto_signature.IntotoVerifier(fake.FakeVerifier())
         shard_serializer = serialize_by_file_shard.ManifestSerializer(
@@ -66,7 +66,7 @@ def test_digest_sharded_payload_to_manifest(self, sample_model_folder):
         manifest = sig.to_manifest()
         assert shard_manifest == manifest
 
-    def test_digest_of_digest_payload_to_manifest(self, sample_model_folder):
+    def test_sign_and_verify_digest_of_digest_manifest(self, sample_model_folder):
         signer = in_toto_signature.IntotoSigner(fake.FakeSigner())
         verifier = in_toto_signature.IntotoVerifier(fake.FakeVerifier())
         file_serializer = serialize_by_file.ManifestSerializer(
@@ -82,7 +82,7 @@ def test_digest_of_digest_payload_to_manifest(self, sample_model_folder):
         manifest = sig.to_manifest()
         assert file_manifest == manifest
 
-    def test_digest_payload_to_manifest(self, sample_model_folder):
+    def test_sign_and_verify_digest_manifest(self, sample_model_folder):
         signer = in_toto_signature.IntotoSigner(fake.FakeSigner())
         verifier = in_toto_signature.IntotoVerifier(fake.FakeVerifier())
         file_serializer = serialize_by_file.ManifestSerializer(