Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added --client-signing-algorithms flag #1974

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Added --client-signing-algorithms flag #1974

wants to merge 5 commits into from

Conversation

ret2libc
Copy link
Contributor

Summary

Add --client-signing-algorithms flag to rekor-server to restrict the set of client keys accepted by a Rekor instance. See #1724 .

This work depends on sigstore/sigstore#1601

Release Note

Documentation

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from ee1f9ae to be96ecd Compare January 29, 2024 12:38
@ret2libc ret2libc marked this pull request as ready for review January 29, 2024 12:39
@ret2libc ret2libc requested a review from a team as a code owner January 29, 2024 12:39
@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from be96ecd to b450afb Compare January 29, 2024 12:42
@codecov Codecov
Copy link

codecov bot commented Jan 29, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 82 lines in your changes are missing coverage. Please review.

Project coverage is 48.34%. Comparing base (488eb97) to head (4a0e998).
Report is 61 commits behind head on main.

Files Patch % Lines
pkg/api/entries.go 0.00% 48 Missing ⚠️
pkg/api/api.go 0.00% 20 Missing ⚠️
pkg/types/jar/v0.0.1/entry.go 0.00% 14 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #1974       +/-   ##
===========================================
- Coverage   66.46%   48.34%   -18.12%     
===========================================
  Files          92       80       -12     
  Lines        9258     6723     -2535     
===========================================
- Hits         6153     3250     -2903     
- Misses       2359     3069      +710     
+ Partials      746      404      -342
Flag Coverage Δ
e2etests ?
unittests 48.34% <0.00%> (+0.65%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch 3 times, most recently from bffe52e to 55f01c3 Compare January 29, 2024 13:29
@ret2libc
Copy link
Contributor Author 

--- FAIL: TestJAR (0.07s)
    e2e_test.go:33: Using config file:%!(EXTRA string=/tmp/rekor_test.9ofp49.rekor.yaml)
        [POST /api/v1/log/entries][400] createLogEntryBadRequest  &{Code:400 Message:error processing entry: getting verifiers: jar v0.0.1 entry not initialized}
        warning: GOCOVERDIR not set, no coverage data emitted

Apparently the e2e test does not fill the Signature part of the JARModel:

	if v.JARModel.Signature == nil || v.JARModel.Signature.PublicKey == nil || v.JARModel.Signature.PublicKey.Content == nil {
		return nil, errors.New("jar v0.0.1 entry not initialized")
	}

Shall this be handled or is the signature always expected to be present?

@haydentherapper
Copy link
Contributor

Signature should be present, it's required to validate a new jar entry -

rekor/pkg/types/jar/v0.0.1/entry.go

Line 248 in d596e9d

if v.JARModel.Signature == nil || v.JARModel.Signature.Content == nil {

@ret2libc ret2libc mentioned this pull request Feb 19, 2024
Open
bobcallaway
bobcallaway reviewed Feb 19, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
cmd/rekor-server/app/root.go Show resolved Hide resolved
go.mod
@@ -204,3 +204,5 @@ require (
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1 // indirect
)

replace github.com/sigstore/sigstore => github.com/trail-of-forks/sigstore v0.0.0-20240219090738-536a0415e570
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still needs removed before merge

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from 2ac074e to 34f31c3 Compare February 29, 2024 11:30
woodruffw and others added 2 commits March 19, 2024 16:08
@woodruffw
Merge branch 'main' into add-client-signing-algorithms-flag-2
356eab8 
Signed-off-by: William Woodruff <[email protected]>
@woodruffw
jar: fmt
4a0e998 
Signed-off-by: William Woodruff <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ret2libc @haydentherapper @bobcallaway @woodruffw