Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow testing bundle verification without requiring a client to implement signing #81

Closed
steiza opened this issue Jun 15, 2023 · 4 comments
Closed

Allow testing bundle verification without requiring a client to implement signing #81

steiza opened this issue Jun 15, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@steiza
Copy link
Member

steiza commented Jun 15, 2023

Description

Today, https://github.com/sigstore/sigstore-conformance/blob/main/test/test_bundle.py requires a client to implement signing in order to test bundle verification. It would be nice to be able to test verification without requiring the client to implement signing.
@steiza steiza added the enhancement New feature or request label Jun 15, 2023
steiza added a commit to steiza/sigstore-conformance that referenced this issue Jun 15, 2023
@steiza
Change bundle verification test to not depend on signing
3b0d83e 
For sigstore#81

Signed-off-by: Zach Steindler <[email protected]>
@steiza steiza mentioned this issue Jun 15, 2023
Merged
steiza added a commit to steiza/sigstore-conformance that referenced this issue Jul 25, 2023
@steiza
Change bundle verification test to not depend on signing
f0d61b1 
For sigstore#81

Signed-off-by: Zach Steindler <[email protected]>
woodruffw pushed a commit that referenced this issue Jul 28, 2023
@steiza
Change bundle verification test to not depend on signing (#82)
ac0a71a 
* Change bundle verification test to not depend on signing

For #81

Signed-off-by: Zach Steindler <[email protected]>

* Add test back in; mark test with `signing`

Also plumb skipping signing through the action and test driver.

Signed-off-by: Zach Steindler <[email protected]>

* Restore original test order

Signed-off-by: Zach Steindler <[email protected]>

* Add missing pytest import

Signed-off-by: Zach Steindler <[email protected]>

* Update bundles to be produced by sigstore-python 2.0.0rc1

To include inclusion proof checkpoint

Signed-off-by: Zach Steindler <[email protected]>

* Fix imports

Signed-off-by: Zach Steindler <[email protected]>

* Move example good bundle to not conflict with path used by other tests.

Also use `ClientFail` exception instead of `CalledProcessError`.

Signed-off-by: Zach Steindler <[email protected]>

* Change test to verify material digest instead of bundle digest

Signed-off-by: Zach Steindler <[email protected]>

---------

Signed-off-by: Zach Steindler <[email protected]>
@steiza
Copy link
Member Author

steiza commented Jul 31, 2023

Now that #82 has landed, I think this is done!

@steiza steiza closed this as completed Jul 31, 2023
@woodruffw
Copy link
Member

Awesome! Would it help to have a new version tagged for #82?

@steiza
Copy link
Member Author

steiza commented Jul 31, 2023
edited
Loading

Would it help to have a new version tagged

If it's easy, sure! Eventually we'll want a version tagged for https://github.com/sigstore/sigstore-go, but we're a few other steps / weeks until that's the case.

@woodruffw
Copy link
Member

If it's easy, sure! Eventually we'll want a version tagged for https://github.com/sigstore/sigstore-go, but we're a few other steps / weeks until that's the case.

Yep, it's just a git tag. Doing now!

This was referenced Jul 31, 2023
Merged
Open
@woodruffw woodruffw mentioned this issue Aug 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@steiza @woodruffw