Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract melange sign to a library #1198

Merged
merged 3 commits into from
May 9, 2024
Merged

Extract melange sign to a library #1198

merged 3 commits into from
May 9, 2024

Conversation

tcnghia
Copy link
Contributor

@tcnghia tcnghia commented May 7, 2024

No description provided.

@tcnghia tcnghia changed the title Extract melange sign to a package Extract melange sign to a library May 7, 2024
@tcnghia
Extract melange sign to a package
e93a0c5 
Signed-off-by: Nghia Tran <tcnghia@gmail.com>
k4leung4
k4leung4 reviewed May 7, 2024
View reviewed changes
Copy link
Contributor

@k4leung4 k4leung4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we add unit test?

@tcnghia
Do sign.APK instead of apk.Sign
540005c 
Signed-off-by: Nghia Tran <tcnghia@gmail.com>
@tcnghia
Copy link
Contributor Author

tcnghia commented May 7, 2024
edited
Loading

should we add unit test?

I don't have enough knowledge of how to do the signature verification here to write a meaningful unit test for this. Do you have a suggestion on how I can do so?

@k4leung4
Copy link
Contributor

k4leung4 commented May 7, 2024

should we add unit test?

I don't have enough knowledge of how to do the signature verification here to write a meaningful unit test for this. Do you have a suggestion on how I can do so?

i have even less of an idea then you
its definitely no worst than before, but having library code that arent tested doesnt seem right.

k4leung4
k4leung4 previously approved these changes May 7, 2024
View reviewed changes
@tcnghia
Copy link
Contributor Author

tcnghia commented May 7, 2024
edited
Loading

should we add unit test?

I don't have enough knowledge of how to do the signature verification here to write a meaningful unit test for this. Do you have a suggestion on how I can do so?

i have even less of an idea then you its definitely no worst than before, but having library code that arent tested doesnt seem right.

@jonjohnsonjr would RSAVerifySHA1Digest from go-apk work to verify package digest? I could try using that

@tcnghia
Add a unit test
bb0b8ae 
Signed-off-by: Nghia Tran <tcnghia@gmail.com>
@tcnghia tcnghia merged commit 2e6bd0f into chainguard-dev:main May 9, 2024
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k4leung4 k4leung4 k4leung4 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tcnghia @k4leung4