Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

action: handle slashes in ref names #63

Merged
merged 2 commits into from
Apr 24, 2023
Merged

action: handle slashes in ref names #63

merged 2 commits into from
Apr 24, 2023

Conversation

woodruffw
Copy link
Member

@woodruffw
action: handle slashes in ref names
9a93bbf 
Fixes #62.

Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested review from di and tnytown April 22, 2023 21:22
@woodruffw woodruffw self-assigned this Apr 22, 2023
tnytown
tnytown previously approved these changes Apr 22, 2023
View reviewed changes
Copy link
Contributor

@tnytown tnytown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tnytown
Copy link
Contributor

tnytown commented Apr 22, 2023

CI may be failing because of the recent change in the staging root.

@woodruffw
Copy link
Member Author

Hmm, not sure why TUF is failing here:

Run /home/runner/work/gh-action-sigstore-python/gh-action-sigstore-python/.//action.py "./test/artifact.txt"
Traceback (most recent call last):
  File "/usr/lib/python3.10/runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.10/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/__main__.py", line 22, in <module>
    main()
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_cli.py", line 542, in main
    _sign(args)
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_cli.py", line 636, in _sign
    signer = Signer.staging()
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/sign.py", line 113, in staging
    rekor = RekorClient.staging(updater)
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_internal/rekor/client.py", line 296, in staging
    rekor_keys = updater.get_rekor_keys()
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_internal/tuf.py", line 178, in get_rekor_keys
    keys = self._get("Rekor", ["Active"])
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_internal/tuf.py", line 143, in _get
    self._updater = self._setup()
  File "/home/runner/.local/lib/python3.10/site-packages/sigstore/_internal/tuf.py", line 137, in _setup
    updater.refresh()
  File "/home/runner/.local/lib/python3.10/site-packages/tuf/ngclient/updater.py", line [132](https://github.com/sigstore/gh-action-sigstore-python/actions/runs/4774812030/jobs/8488732941#step:3:135), in refresh
    self._load_root()
  File "/home/runner/.local/lib/python3.10/site-packages/tuf/ngclient/updater.py", line 323, in _load_root
    self._trusted_set.update_root(data)
  File "/home/runner/.local/lib/python3.10/site-packages/tuf/ngclient/_internal/trusted_metadata_set.py", line 164, in update_root
    self.root.verify_delegate(Root.type, new_root)
  File "/home/runner/.local/lib/python3.10/site-packages/tuf/api/metadata.py", line 452, in verify_delegate
    raise exceptions.UnsignedMetadataError(
tuf.api.exceptions.UnsignedMetadataError: root was signed by 0/1 keys

I tried an equivalent sigstore sign locally, which succeeds. Will keep debugging.

CC @jku for potential opinions 🙂

@woodruffw
Copy link
Member Author

This looks like it might be more fallout from the underlying cause of sigstore/sigstore-python#594; CC @tnytown

@woodruffw
Copy link
Member Author

The release in sigstore/sigstore-python#621 should fix this.

@tnytown tnytown mentioned this pull request Apr 22, 2023
Closed
@woodruffw
requirements: bump sigstore
4f637fd 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from tnytown April 22, 2023 22:50
@woodruffw woodruffw requested a review from tetsuo-cpp April 23, 2023 03:52
tetsuo-cpp
tetsuo-cpp approved these changes Apr 24, 2023
View reviewed changes
Copy link
Contributor

@tetsuo-cpp tetsuo-cpp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tetsuo-cpp tetsuo-cpp merged commit 64c04b5 into main Apr 24, 2023
@tetsuo-cpp tetsuo-cpp deleted the ww/fix-ref-path branch April 24, 2023 02:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tetsuo-cpp tetsuo-cpp tetsuo-cpp approved these changes

@tnytown tnytown tnytown approved these changes

@di di Awaiting requested review from di

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

_download_ref_asset does not handle file separators in branch names
3 participants
@woodruffw @tnytown @tetsuo-cpp