-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Package Signing #214
Implement Package Signing #214
Conversation
1f8d93f
to
4c4edd1
Compare
26a3286
to
bca560c
Compare
The general idea is that the image specified in spec.targets.x.package_config.signer.image will receive an `llb.State` as an input, and provide a tranformed state (with the artifacts in question signed in the desired manner) as the output. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
I had been using debugging symbols to fix some issues in the integration tests. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Instead of telling the frontend how to search for artifacts to sign, only provide `dalec.target` and delegate responsibility for finding the artifacts to the signing side. The target should be sufficient to determine what to do. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
72c6130
to
accc429
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking really close!
test/fixtures/signer/main.go
Outdated
signOp = linuxSignOp | ||
} | ||
|
||
config := Config{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we simplify this down to something minimal for the test fixture?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is done.
* Move signing tests to mariner2_test and windows_test, respectively, since the test is checking 1) that the forwarding happens and 2) that the signing frontend receives sufficient information to determine signing logic. * Simplify the test signing frontend to do less. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
This allows the same signer to be configured for all distros in the spec. Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
test/mariner2_test.go
Outdated
}, | ||
} | ||
|
||
sr := newSolveRequest(withSpec(ctx, t, &spec), withBuildTarget("mariner2/rpm")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is specific to mariner, but we should treat this as a more generic test so that we can add other distros (azlinux3, jammy, etc) and get these tests for free.
Maybe we need to add an extra parameter to the test function to specify the signing target.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made this generic. LMK what you think
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: