Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor the tuf client code. #1252

Merged
merged 1 commit into from
Dec 28, 2021
Merged

Refactor the tuf client code. #1252

merged 1 commit into from
Dec 28, 2021

Conversation

dlorenc
Copy link
Member

@dlorenc dlorenc commented Dec 24, 2021
edited
Loading

Refactor the tuf client code.

This is my attempt at refactoring the TUF client code to better
support the configuration modes we've recently added.

This also adds support for SIGSTORE_NO_CACHE, and eliminates most
writes to disk from cosign outside of cosign initialize.

I think these tests are about equivalent to what we had before, if not
a bit better. The coverage is at 72% and hits most non-sporadic errors.

Signed-off-by: Dan Lorenc lorenc.d@gmail.com

Summary

Ticket Link

Fixes

Release Note

@dlorenc dlorenc force-pushed the wiptuf branch 3 times, most recently from 6868353 to 41e66f7 Compare December 24, 2021 20:40
@dlorenc
Copy link
Member Author

dlorenc commented Dec 24, 2021

Test failure looks like it's because the distroless image builds failed:
https://github.com/GoogleContainerTools/distroless/runs/4628396723

This works:

$ COSIGN_EXPERIMENTAL=1 ./cosign verify  gcr.io/distroless/base:0a3c30a19ffb51f79c34955fdb9b77b8aa3b4309

This one doesn't:

$ COSIGN_EXPERIMENTAL=1 ./cosign verify  gcr.io/distroless/base:latest

We should probably just pin to a known good signed image here.

@dlorenc dlorenc force-pushed the wiptuf branch 2 times, most recently from 45b7ebe to 192c31e Compare December 25, 2021 01:26
@dlorenc dlorenc changed the title WIP: Refactor the tuf client code. Refactor the tuf client code. Dec 25, 2021
@dlorenc dlorenc force-pushed the wiptuf branch 4 times, most recently from 2fadb56 to 6f9ed4c Compare December 25, 2021 01:46
@dlorenc dlorenc force-pushed the wiptuf branch 11 times, most recently from 3abe1ba to 187a7c0 Compare December 26, 2021 03:11
@dlorenc
Refactor the tuf client code.
6b55196 
This is my attempt at refactoring the TUF client code to better
support the configuration modes we've recently added.

This also adds support for SIGSTORE_NO_CACHE, and eliminates most
writes to disk from cosign outside of cosign initialize.

I think these tests are about equivalent to what we had before, if not
a bit better. The coverage is at 72% and hits most non-sporadic errors.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
hectorj2f
hectorj2f approved these changes Dec 28, 2021
View reviewed changes
Copy link
Contributor

@hectorj2f hectorj2f left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, although I am not an expert on the tuf client.

@dlorenc dlorenc merged commit 2e99320 into sigstore:main Dec 28, 2021
@dlorenc dlorenc deleted the wiptuf branch December 28, 2021 13:09
@github-actions github-actions bot added this to the v1.5.0 milestone Dec 28, 2021
znewman01 added a commit to znewman01/cosign that referenced this pull request Jan 19, 2022
@znewman01
Bump recommended Go development version in README
7be4fc0 
[sigstore#568](sigstore#568) bumps the Go version
for tests to 1.17. Now they break for 1.16:

```sh
TMPDIR=$(mktemp -d)
cd $TMPDIR
git clone https://github.com/sigstore/cosign 2> /dev/null
cd cosign

for go in go_1_16 go_1_17; do
  nix-shell \
    -p ${go} \
    -p gnumake \
    --command 'make test' \
    > /dev/null 2>&1
  if [ $? -eq 0 ]; then
    echo ${go} good
  else
    echo ${go} bad
  fi
done
```

[sigstore#1252](sigstore#1252) adds a call to
`testing.T.Setenv`, added in
[1.17](https://go-review.googlesource.com/c/go/+/326790/3/api/go1.17.txt),
which caused this breakage.

(We're still testing *builds* on 1.16, so that's fine.)
znewman01 added a commit to znewman01/cosign that referenced this pull request Jan 19, 2022
@znewman01
Bump recommended Go development version in README
84b3602 
[sigstore#568](sigstore#568) bumps the Go version
for tests to 1.17. Now they break for 1.16:

```sh
TMPDIR=$(mktemp -d)
cd $TMPDIR
git clone https://github.com/sigstore/cosign 2> /dev/null
cd cosign

for go in go_1_16 go_1_17; do
  nix-shell \
    -p ${go} \
    -p gnumake \
    --command 'make test' \
    > /dev/null 2>&1
  if [ $? -eq 0 ]; then
    echo ${go} good
  else
    echo ${go} bad
  fi
done
```

[sigstore#1252](sigstore#1252) adds a call to
`testing.T.Setenv`, added in
[1.17](https://go-review.googlesource.com/c/go/+/326790/3/api/go1.17.txt),
which caused this breakage.

(We're still testing *builds* on 1.16, so that's fine.)

Signed-off-by: Zachary Newman <z@znewman.net>
@znewman01 znewman01 mentioned this pull request Jan 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@loosebazooka loosebazooka loosebazooka left review comments

@hectorj2f hectorj2f hectorj2f approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@dlorenc @loosebazooka @hectorj2f