Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added --client-signing-algorithms flag #1974

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added --client-signing-algorithms flag #1974

wants to merge 1 commit into from
+159 −5

Conversation

ret2libc
Copy link
Contributor

Summary

Add --client-signing-algorithms flag to rekor-server to restrict the set of client keys accepted by a Rekor instance. See #1724 .

This work depends on sigstore/sigstore#1601

Release Note

Documentation

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from ee1f9ae to be96ecd Compare January 29, 2024 12:38
@ret2libc ret2libc marked this pull request as ready for review January 29, 2024 12:39
@ret2libc ret2libc requested a review from a team as a code owner January 29, 2024 12:39
@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from be96ecd to b450afb Compare January 29, 2024 12:42
@codecov Codecov
Copy link

codecov bot commented Jan 29, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 7.33945% with 101 lines in your changes missing coverage. Please review.

Project coverage is 41.78%. Comparing base (488eb97) to head (c31e028).
Report is 300 commits behind head on main.

Files with missing lines Patch % Lines
pkg/api/entries.go 0.00% 56 Missing ⚠️
pkg/api/api.go 0.00% 24 Missing ⚠️
pkg/types/jar/v0.0.1/entry.go 0.00% 19 Missing ⚠️
cmd/rekor-server/app/root.go 80.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #1974       +/-   ##
===========================================
- Coverage   66.46%   41.78%   -24.68%     
===========================================
  Files          92      192      +100     
  Lines        9258    24857    +15599     
===========================================
+ Hits         6153    10387     +4234     
- Misses       2359    13695    +11336     
- Partials      746      775       +29
Flag Coverage Δ
e2etests ?
unittests 41.78% <7.33%> (-5.90%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch 3 times, most recently from bffe52e to 55f01c3 Compare January 29, 2024 13:29
@ret2libc
Copy link
Contributor Author 

--- FAIL: TestJAR (0.07s)
    e2e_test.go:33: Using config file:%!(EXTRA string=/tmp/rekor_test.9ofp49.rekor.yaml)
        [POST /api/v1/log/entries][400] createLogEntryBadRequest  &{Code:400 Message:error processing entry: getting verifiers: jar v0.0.1 entry not initialized}
        warning: GOCOVERDIR not set, no coverage data emitted

Apparently the e2e test does not fill the Signature part of the JARModel:

	if v.JARModel.Signature == nil || v.JARModel.Signature.PublicKey == nil || v.JARModel.Signature.PublicKey.Content == nil {
		return nil, errors.New("jar v0.0.1 entry not initialized")
	}

Shall this be handled or is the signature always expected to be present?

@haydentherapper
Copy link
Contributor

Signature should be present, it's required to validate a new jar entry -

rekor/pkg/types/jar/v0.0.1/entry.go

Line 248 in d596e9d

if v.JARModel.Signature == nil || v.JARModel.Signature.Content == nil {

@ret2libc ret2libc mentioned this pull request Feb 19, 2024
Open
bobcallaway
bobcallaway reviewed Feb 19, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
cmd/rekor-server/app/root.go Show resolved Hide resolved
go.mod Outdated
@@ -204,3 +204,5 @@ require (
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.1 // indirect
)

replace github.com/sigstore/sigstore => github.com/trail-of-forks/sigstore v0.0.0-20240219090738-536a0415e570
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still needs removed before merge

@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from 2ac074e to 34f31c3 Compare February 29, 2024 11:30
@ret2libc ret2libc requested a review from bobcallaway January 22, 2025 15:43
@ret2libc ret2libc force-pushed the add-client-signing-algorithms-flag-2 branch from 808f8d9 to c31e028 Compare January 30, 2025 10:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway Awaiting requested review from bobcallaway

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ret2libc @haydentherapper @bobcallaway