The Repository trait and ManualRepository struct no longer require a feature flag
#331
Conversation
There was a problem hiding this comment.
Hi @tannaurus Thanks for the fix and it really makes sense where we do not need to rely on tough but only cosign.
Based on your refactoring, I want to share some more. Respository can be some default code of sigstore-rs without specifying a feature repository as it does not import any new dependencies.
At the same time, a new feature sigstore-repository to replace tuf, which will enable tough and regex and implementations of SigstoreRepository.
This would make the code and names more clear and straightforward. Wdyt?
I really like the idea of removing the I'm a bit more hesitant to get on board with changing the I've pushed a commit implements the change, but I'm personally in favor of leaving it as |
tannaurus
changed the title
Repository trait and ManualRepository no longer require a feature flag
tannaurus
changed the title
Repository trait and ManualRepository no longer require a feature flagRepository trait and ManualRepository struct no longer require a feature flag
|
Hey @tannaurus! thanks for fixing this fallout from some of our Extremely minor bikeshed: I wonder if there's a clearer name for the Of course, renaming all these things would be a breaking change, and I'll also defer judgement to the maintainers. Food for thought :) |
I'm all for bikeshedding like this! I agree with you. "Repository" does not feel intuitive to me either. This does feel like something that should be addressed in a follow up issue though, what do you think? We can keep the discussions around module/feature flag names in that issue and make the refactors once there is buy in from the maintainers. I've gone ahead and reverted the feature flag changes suggested by @Xynnn007 in an effort to keep these changes truer to its initial goal. I like these suggestions and would be happy to implement them in a different PR. |
Of course! I have no urgent need for the rename :) |
|
I'm fine changing the name of the feature, I'm not too afraid of breaking downstream users. I'm also in favor of renaming |
Works for me! I've renamed the following:
|
Looks good to me, thanks @tannaurus! |
|
@tannaurus Hi, the DCO check fails. You might need to add |
tannaurus
force-pushed
the
repository-feature-flag
branch
from
88266a5
to
4bfaba0
Compare
Ah, forgive me 👀 I missed that. I've just rebased my changes ( |
|
I'm a bit perplexed by the failing checks, they don't appear to be related the changes I've made here. It looks like Github's "Unchanged files with check annotations" feature is caught me in a snare. Could one of the maintainer's advise me towards a path forward? I'd be happy to push up the suggestions it is requesting, just feels a bit odd to be doing that in this PR. |
|
@tannaurus Yes. The lint error will be fixed by #334 Let us get that merged quickly and you can rebase this PR. cc @flavio |
…f' feature flag: 'tuf' lacks support for wasm due to its dependencies. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
… mod to preserve backwards compatibility. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…place. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…idden behind a feature flag. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
This reverts commit 1e6a059. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…at on save. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…struct ManualRepository -> ManualTrustRoot. Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…of 'trust' Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…re 'tuf' -> feature 'sigstore-trust-root' Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
…factor Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
Signed-off-by: Tanner Gill <contacttannergill@gmail.com>
tannaurus
force-pushed
the
repository-feature-flag
branch
from
4bfaba0
to
1f52b41
Compare
|
Looks like that did the trick! I believe this can be merged by someone who is authorized 🙂 |
== What's Changed * sign: init by @jleightcap in sigstore#310 * cargo audit: ignore RUSTSEC-2023-0071 by @jleightcap in sigstore#321 * chore(deps): Update json-syntax requirement from 0.9.6 to 0.10.0 by @dependabot in sigstore#319 * chore(deps): Update cached requirement from 0.46.0 to 0.47.0 by @dependabot in sigstore#323 * chore(deps): Update serial_test requirement from 2.0.0 to 3.0.0 by @dependabot in sigstore#322 * dep: update rustls-webpki, fold in pki_types by @jleightcap in sigstore#324 * chore(deps): Update cached requirement from 0.47.0 to 0.48.0 by @dependabot in sigstore#325 * chore(deps): Update json-syntax requirement from 0.10.0 to 0.11.1 by @dependabot in sigstore#327 * chore(deps): Update cached requirement from 0.48.0 to 0.49.2 by @dependabot in sigstore#329 * chore(deps): Update json-syntax requirement from 0.11.1 to 0.12.2 by @dependabot in sigstore#330 * lint: fix lint error of chrono and tokio by @Xynnn007 in sigstore#334 * chore(deps): Update base64 requirement from 0.21.0 to 0.22.0 by @dependabot in sigstore#332 * The `Repository` trait and `ManualRepository` struct no longer require a feature flag by @tannaurus in sigstore#331 * chore(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in sigstore#336 * chore(deps): Update reqwest requirement from 0.11 to 0.12 by @dependabot in sigstore#341 * update tough dep by @astoycos in sigstore#340 == New Contributors * @tannaurus made their first contribution in sigstore#331 * @astoycos made their first contribution in sigstore#340 **Full Changelog**: sigstore/sigstore-rs@v0.8.0...v0.9.0 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Summary
These changes just move the
Repositorytrait andManualRespositorystruct out from behind of thetuffeature flag. I've updated all tests and examples to point to the newrepositorymodule and have re-exported both items fromtufto prevent breaking changes.Primary motivations
cosignfeature flag is no longer dependent ontuffeature flag. This addresses the issue I've linked to this MR.tuffeature flag, renamed in this PR tosigstore-trust-root, pulls in thetoughandregexdependencies. These dependencies are not needed by theManualRepositorystruct, renamed toManualTrustRootin this PR, leading to a bloated binary size. More critically,toughis not wasm compatible: it depends onpath-absolutewhich depends onpath-dedotwhich is not wasm compatible. Someone who wishes to useManualRepositoryand compile to a wasm target currently cannot do so.Closes: #318
Renamed structs, feature flag, modules, and trait
An independent issue came up while the initial commits were being reviewed: the names of the
tuffeature flag and the naming convention of "Repository" throughout the impacted modules. These changes also seek to address this feedback. The following changes were made:repo(introduced in this MR) is nowtrusttufis nowsigstoreand is a sub module oftrustRepositoryis nowTrustRootManualRepositoryis nowManualTrustRootSigstoreRepositoryis nowSigstoreTrustRoottufis nowsigstore-trust-rootRelease Note
tufis nowsigstoreand is a sub module of the newtrustmoduletufis nowsigstore-trust-rootManualRepositoryis nowManualTrustRootSigstoreRepositoryis nowSigstoreTrustRootRepositoryis nowTrustRootManualTrustRoot, previously namedManualRepository, can now be used without dependencies that made it incompatible with wasm targetsDocumentation
n/a imo. Happy to fill in gaps where you reviewers feel it necessary.