Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Honor creation timestamp for signatures again #3549

Merged
merged 4 commits into from
Mar 7, 2024
Merged

Honor creation timestamp for signatures again #3549

merged 4 commits into from
Mar 7, 2024

Conversation

Lerentis
Copy link
Contributor

closes #3298

Summary

As the timestamp is part of the OCI spec it makes no sense to omit it. signatures that are pushed to an OCI registry are not immutable by default and honoring the creation timestamp will enable people to use time based cleanup policies in their registries again (as in GCP, GitLab etc.).

Release Note

Fixes null timestamp in signatures and honor creation timestamp again

@codecov Codecov
Copy link

codecov bot commented Feb 22, 2024
edited

Codecov Report

Attention: Patch coverage is 45.71429% with 19 lines in your changes are missing coverage. Please review.

Project coverage is 40.45%. Comparing base (2ef6022) to head (39f2b63).
Report is 35 commits behind head on main.

Files Patch % Lines
pkg/oci/mutate/signatures.go 40.00% 4 Missing and 2 partials ⚠️
pkg/oci/static/file.go 33.33% 4 Missing and 2 partials ⚠️
pkg/oci/mutate/options.go 0.00% 4 Missing ⚠️
cmd/cosign/cli/options/sign.go 0.00% 2 Missing ⚠️
cmd/cosign/cli/sign/sign.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3549      +/-   ##
==========================================
+ Coverage   40.10%   40.45%   +0.35%     
==========================================
  Files         155      155              
  Lines       10044    10078      +34     
==========================================
+ Hits         4028     4077      +49     
+ Misses       5530     5508      -22     
- Partials      486      493       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

cpanato
cpanato previously approved these changes Feb 22, 2024
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@haydentherapper
Copy link
Contributor

@jonjohnsonjr can you chime in on this, as you made the change originally?

@bobcallaway
Copy link
Member

Also @imjasonh to comment

@haydentherapper
Copy link
Contributor

Bumping, @imjasonh @jonjohnsonjr did you have thoughts on this?

@bobcallaway
Copy link
Member

Can we leave the behavior currently implemented as the default, and add a feature flag to correctly set the timestamp?

@Lerentis
Copy link
Contributor Author

Lerentis commented Mar 5, 2024

Can we leave the behavior currently implemented as the default, and add a feature flag to correctly set the timestamp?

@bobcallaway I hope i got every reference where this would make sense. please double check this as the codebase is not that common to me

@Lerentis Lerentis force-pushed the bugfix/tt/timestamps-again branch 3 times, most recently from dea1727 to 21ec318 Compare March 5, 2024 22:28
@Lerentis
Copy link
Contributor Author

Lerentis commented Mar 6, 2024

/opt/hostedtoolcache/go/1.21.8/x64/pkg/tool/linux_amd64/link: mapping output file failed: no space left on device

the ci failure seems like an infra issue?

@bobcallaway
Copy link
Member

/opt/hostedtoolcache/go/1.21.8/x64/pkg/tool/linux_amd64/link: mapping output file failed: no space left on device

the ci failure seems like an infra issue?

yes, I'm working to unblock this now.

@bobcallaway
Copy link
Member

/opt/hostedtoolcache/go/1.21.8/x64/pkg/tool/linux_amd64/link: mapping output file failed: no space left on device

the ci failure seems like an infra issue?

yes, I'm working to unblock this now.

can you rebase this please? I think the infra issue is fixed now.

Lerentis and others added 3 commits March 7, 2024 22:39
@Lerentis
Honor creation timestamp for signatures again
7064f0a 
Signed-off-by: ttrabelsi <Lerentis@users.noreply.github.com>
@Lerentis
setting creation timestamp behind a feature flag to preserve current …
8b8d95c 
…behavior

Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>
@Lerentis
review feedback
5a0b029 
Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>
@Lerentis
Copy link
Contributor Author

Lerentis commented Mar 7, 2024

/opt/hostedtoolcache/go/1.21.8/x64/pkg/tool/linux_amd64/link: mapping output file failed: no space left on device

the ci failure seems like an infra issue?

yes, I'm working to unblock this now.

can you rebase this please? I think the infra issue is fixed now.

all green now. thanks for taking care of this 🎉

bobcallaway
bobcallaway reviewed Mar 7, 2024
View reviewed changes
Copy link
Member

@bobcallaway bobcallaway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a couple nits but otherwise LGTM and will merge once fixed.

cmd/cosign/cli/sign.go Outdated Show resolved Hide resolved
pkg/oci/mutate/options.go Outdated Show resolved Hide resolved
cmd/cosign/cli/sign/sign.go Outdated Show resolved Hide resolved
@Lerentis
additional review feedback
39f2b63 
Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>
@Lerentis
Copy link
Contributor Author

Lerentis commented Mar 7, 2024

a couple nits but otherwise LGTM and will merge once fixed.

changed as requested 👍

@bobcallaway bobcallaway merged commit cb01516 into sigstore:main Mar 7, 2024
29 checks passed
@github-actions github-actions bot added this to the v2.3.0 milestone Mar 7, 2024
@Lerentis Lerentis deleted the bugfix/tt/timestamps-again branch March 8, 2024 10:05
tommyd450 pushed a commit to tommyd450/cosign that referenced this pull request Jun 7, 2024
@Lerentis
Honor creation timestamp for signatures again (sigstore#3549)
3f4094a 
* Honor creation timestamp for signatures again

Signed-off-by: ttrabelsi <Lerentis@users.noreply.github.com>

* setting creation timestamp behind a feature flag to preserve current behavior

Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>

* review feedback

Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>

* additional review feedback

Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>

---------

Signed-off-by: ttrabelsi <Lerentis@users.noreply.github.com>
Signed-off-by: Tobias Trabelsi <lerentis@uploadfilter24.eu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway approved these changes

@cpanato cpanato cpanato left review comments

@hectorj2f hectorj2f Awaiting requested review from hectorj2f

@haydentherapper haydentherapper Awaiting requested review from haydentherapper

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.3.0
Development

Successfully merging this pull request may close these issues.

OCI manifest created timestamp wrong with v2.2.0
4 participants
@Lerentis @haydentherapper @bobcallaway @cpanato