-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signing event: sign/update-targets-1 #156
Conversation
Added `signing_config.json` (see sigstore/protobuf-specs#277 for details on the name of the file). Signed-off-by: Fredrik Skogman <[email protected]>
Signed-off-by: TUF-on-CI <41898282+github-actions[bot]@users.noreply.github.com>
Artifacts have been modifiedEvent sign/update-targets-1 (commit 6533dfb) |
Current signing event stateEvent sign/update-targets-1 (commit 43ffc30) ❌ targetsRole
Role |
Wait, something is strange here. All targets are listed as modified? But they are not changed in the pr... |
Ah, I see why now. The |
Signed-off-by: Fredrik Skogman <[email protected]>
Current signing event stateEvent sign/update-targets-1 (commit ae61a64) ✅ targetsRole
Role Signing event is successfulThreshold of signatures has been reached: this signing event can be reviewed and merged. |
and we're seeing this now since
is this correct? |
Yes, I believe your assessment is correct @jku Did a quick look at the PRs and there seem to be nothing that modified targets since the import. |
Can you document the changes here? maybe create an issue with the changes listed? |
The changes to the target files are tacked by issue #157 |
Signed-off-by: Jussi Kukkonen <[email protected]>
Current signing event stateEvent sign/update-targets-1 (commit 439f803) ✅ targetsRole
Role Signing event is successfulThreshold of signatures has been reached: this signing event can be reviewed and merged. |
Signed-off-by: Joshua Lock <[email protected]>
Signature from @joshuagl
Current signing event stateEvent sign/update-targets-1 (commit cd2e276) ✅ targetsRole
Role Signing event is successfulThreshold of signatures has been reached: this signing event can be reviewed and merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my signature commit includes a timestamp.json.gz (?) file that should not be there.
I assume this is a side effect of running in a unclean git checkout but not sure yet (theupdateframework/tuf-on-ci#43)
This was a result of running signer in a unclean git checkout (tuf-on-ci issue #43). Signed-off-by: Jussi Kukkonen <[email protected]>
Remove accidentally included file
Current signing event stateEvent sign/update-targets-1 (commit efae879) ✅ targetsRole
Role Signing event is successfulThreshold of signatures has been reached: this signing event can be reviewed and merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me.
This is a good test to make for the hash type tweak as well: I really thought this already happened, very good to see if clients are all ok with it
Processing signing event sign/update-targets-1, please wait.