Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove newline from download sbom output #1732

Merged
merged 1 commit into from
Apr 10, 2022
Merged

Remove newline from download sbom output #1732

merged 1 commit into from
Apr 10, 2022

Conversation

ribbybibby
Copy link
Contributor

Summary

I had reason to compare the downloaded SBOM to the original payload I uploaded and noticed that the sha256 sum is different because it prints out an extra newline that isn't in the initial payload:

$ syft registry:<image> -o cyclonedx-json > bom.json

$ cosign attach sbom --sbom bom.json --type cyclonedx <image>

$ cosign download sbom <image> > download.json

$ sha256sum bom.json
ad84137b261cdb9eebd2267b598c4853be102bd5cb7d84122e6e365e55b88c96  bom.json

$ sha256sum download.json
da157b15d3aa68305874fc37ba2b7e99637a60037989b15dd7f0edd4ce315543  download.json

This PR removes the new line so what you get is exactly what was uploaded.

Release Note

Removed newline from `download sbom` output

@ribbybibby
Remove newline from download sbom output
f1b76f5 
fmt.Fprintln inserts a newline that isn't in the original payload. This
frustrates the process of comparing the sha256sum of the output to the
original.

Signed-off-by: Rob Best <robertbest89@gmail.com>
@codecov-commenter
Copy link

codecov-commenter commented Apr 10, 2022
edited
Loading

Codecov Report

Merging #1732 (f1b76f5) into main (e566828) will increase coverage by 0.27%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1732      +/-   ##
==========================================
+ Coverage   29.25%   29.52%   +0.27%     
==========================================
  Files         141      141              
  Lines        8502     8502              
==========================================
+ Hits         2487     2510      +23     
+ Misses       5742     5718      -24     
- Partials      273      274       +1
Impacted Files Coverage Δ
pkg/cosign/verifiers.go 52.27% <0.00%> (+52.27%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e566828...f1b76f5. Read the comment docs.

@dlorenc
Copy link
Member

dlorenc commented Apr 10, 2022

Nice!!!

@dlorenc dlorenc merged commit a172932 into sigstore:main Apr 10, 2022
@github-actions github-actions bot added this to the v1.8.0 milestone Apr 10, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@ribbybibby @mlieberman85
Remove newline from download sbom output (sigstore#1732)
69f4cbd 
fmt.Fprintln inserts a newline that isn't in the original payload. This
frustrates the process of comparing the sha256sum of the output to the
original.

Signed-off-by: Rob Best <robertbest89@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.7.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ribbybibby @codecov-commenter @dlorenc