Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing event: sign/update-targets-1 #156

Merged
merged 8 commits into from
Aug 22, 2024
Merged

Signing event: sign/update-targets-1 #156

merged 8 commits into from
Aug 22, 2024

Conversation

sigstore-bot
Copy link
Member

Processing signing event sign/update-targets-1, please wait.

kommendorkapten and others added 2 commits August 21, 2024 13:25
@kommendorkapten
Remove github tsa from the trusted root.
6533dfb 
Added `signing_config.json` (see
sigstore/protobuf-specs#277 for details on
the name of the file).

Signed-off-by: Fredrik Skogman <[email protected]>
@github-actions
Update targets metadata for role targets
43ffc30 
Signed-off-by: TUF-on-CI <41898282+github-actions[bot]@users.noreply.github.com>
@sigstore-bot
Copy link
Member Author

Artifacts have been modified

Event sign/update-targets-1 (commit 6533dfb)
Committed metadata changes for role(s) targets.
Updating signing event state, please wait.

@sigstore-bot
Copy link
Member Author

Current signing event state

Event sign/update-targets-1 (commit 43ffc30)

❌ targets

Role targets contains following artifact changes:

  • ctfe.pub: MODIFIED
  • ctfe_2022.pub: MODIFIED
  • ctfe_2022_2.pub: MODIFIED
  • fulcio.crt.pem: MODIFIED
  • fulcio_intermediate.crt.pem: MODIFIED
  • rekor.pub: MODIFIED
  • signing_config.json: ADDED
  • trusted_root.json: MODIFIED

Role targets is unsigned and not yet verified
Still missing signatures from @kommendorkapten, @mnm678, @joshuagl, @jku
Signers can sign these changes by running tuf-on-ci-sign sign/update-targets-1

@kommendorkapten
Copy link
Member

Wait, something is strange here. All targets are listed as modified? But they are not changed in the pr...

@kommendorkapten
Copy link
Member

Ah, I see why now. The sha512 hash is gone, so that's probably what's triggering this output.

@kommendorkapten
Signature from @kommendorkapten
ae61a64 
Signed-off-by: Fredrik Skogman <[email protected]>
@sigstore-bot
Copy link
Member Author

Current signing event state

Event sign/update-targets-1 (commit ae61a64)

✅ targets

Role targets contains following artifact changes:

  • ctfe.pub: MODIFIED
  • ctfe_2022.pub: MODIFIED
  • ctfe_2022_2.pub: MODIFIED
  • fulcio.crt.pem: MODIFIED
  • fulcio_intermediate.crt.pem: MODIFIED
  • rekor.pub: MODIFIED
  • signing_config.json: ADDED
  • trusted_root.json: MODIFIED

Role targets is verified and signed by 1/1 signers (@kommendorkapten).
Still missing signatures from @joshuagl, @jku, @mnm678
Signers can sign these changes by running tuf-on-ci-sign sign/update-targets-1

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

@sigstore-bot sigstore-bot marked this pull request as ready for review August 21, 2024 11:32
@jku
Copy link
Member

jku commented Aug 21, 2024

Ah, I see why now. The sha512 hash is gone, so that's probably what's triggering this output.

and we're seeing this now since

  • artifacts have not been modified with tuf-on-ci before this
  • the import signing event did not update the hashes to what tuf-on-ci uses by default

is this correct?

@kommendorkapten
Copy link
Member

Yes, I believe your assessment is correct @jku

Did a quick look at the PRs and there seem to be nothing that modified targets since the import.

@jku
Copy link
Member

jku commented Aug 21, 2024

Can you document the changes here? maybe create an issue with the changes listed?

@kommendorkapten
Copy link
Member

The changes to the target files are tacked by issue #157

@jku
Signature from @jku
439f803 
Signed-off-by: Jussi Kukkonen <[email protected]>
@sigstore-bot
Copy link
Member Author

Current signing event state

Event sign/update-targets-1 (commit 439f803)

✅ targets

Role targets contains following artifact changes:

  • ctfe.pub: MODIFIED
  • ctfe_2022.pub: MODIFIED
  • ctfe_2022_2.pub: MODIFIED
  • fulcio.crt.pem: MODIFIED
  • fulcio_intermediate.crt.pem: MODIFIED
  • rekor.pub: MODIFIED
  • signing_config.json: ADDED
  • trusted_root.json: MODIFIED

Role targets is verified and signed by 2/1 signers (@jku, @kommendorkapten).
Still missing signatures from @joshuagl, @mnm678
Signers can sign these changes by running tuf-on-ci-sign sign/update-targets-1

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

@jku jku linked an issue Aug 21, 2024 that may be closed by this pull request
Update to targets #157
Closed
@sigstore-bot
Copy link
Member Author

Current signing event state

Event sign/update-targets-1 (commit cd2e276)

✅ targets

Role targets contains following artifact changes:

  • ctfe.pub: MODIFIED
  • ctfe_2022.pub: MODIFIED
  • ctfe_2022_2.pub: MODIFIED
  • fulcio.crt.pem: MODIFIED
  • fulcio_intermediate.crt.pem: MODIFIED
  • rekor.pub: MODIFIED
  • signing_config.json: ADDED
  • trusted_root.json: MODIFIED

Role targets is verified and signed by 3/1 signers (@kommendorkapten, @jku, @joshuagl).
Still missing signatures from @mnm678
Signers can sign these changes by running tuf-on-ci-sign sign/update-targets-1

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

jku
jku requested changes Aug 21, 2024
View reviewed changes
Copy link
Member

@jku jku left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my signature commit includes a timestamp.json.gz (?) file that should not be there.

I assume this is a side effect of running in a unclean git checkout but not sure yet (theupdateframework/tuf-on-ci#43)

@jku
Remove accidentally included file
7ebefca 
This was a result of running signer in a unclean git checkout
(tuf-on-ci issue #43).

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku jku mentioned this pull request Aug 21, 2024
Merged
@jku
Merge pull request #160 from jku/sign/update-targets-1
efae879 
Remove accidentally included file
@sigstore-bot
Copy link
Member Author

Current signing event state

Event sign/update-targets-1 (commit efae879)

✅ targets

Role targets contains following artifact changes:

  • ctfe.pub: MODIFIED
  • ctfe_2022.pub: MODIFIED
  • ctfe_2022_2.pub: MODIFIED
  • fulcio.crt.pem: MODIFIED
  • fulcio_intermediate.crt.pem: MODIFIED
  • rekor.pub: MODIFIED
  • signing_config.json: ADDED
  • trusted_root.json: MODIFIED

Role targets is verified and signed by 3/1 signers (@kommendorkapten, @joshuagl, @jku).
Still missing signatures from @mnm678
Signers can sign these changes by running tuf-on-ci-sign sign/update-targets-1

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

jku
jku approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@jku jku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

This is a good test to make for the hash type tweak as well: I really thought this already happened, very good to see if clients are all ok with it

@jku jku merged commit 78539ea into main Aug 22, 2024
2 checks passed
@jku jku deleted the sign/update-targets-1 branch August 22, 2024 06:56
@jku jku mentioned this pull request Aug 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku approved these changes

@kommendorkapten kommendorkapten kommendorkapten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update to targets
4 participants
@sigstore-bot @kommendorkapten @jku @joshuagl