-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update staging-root.json
and test assets
#602
Update staging-root.json
and test assets
#602
Conversation
Change hardcoded root to the new root from sigstore/root-signing#756 Signed-off-by: Hayden B <hblauzvern@google.com>
Signed-off-by: Andrew Pan <a@tny.town>
These tests need to be updated for our new trusted root format. Testing for that is landing in sigstore#591. Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Chaff file here!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, one chaff file needs to be removed.
test/unit/internal/test_tuf.py
Outdated
@@ -113,10 +122,16 @@ def range_from(offset_lower=0, offset_upper=0): | |||
) # Valid: 1 ago, 1 ago | |||
|
|||
|
|||
@pytest.mark.skip |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we skipping these?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This ends up exercising the TUF codepath, which doesn't return PEM keys. It's a little tricky to handle, I have helpers to make this easier to handle in #591. If we want to port stuff over from there, I can do so, although I thought it might be easier to just fix these tests in that changeset
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh hm I guess another option is to stub out _get_trusted_root
to force the legacy non-bundled root
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh hm I guess another option is to stub out
_get_trusted_root
to force the legacy non-bundled root
Yeah, let's do that (and document that that's what we're doing, for future software archaeologists).
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
Signed-off-by: Andrew Pan <a@tny.town>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
* Update staging-root.json Change hardcoded root to the new root from sigstore/root-signing#756 Signed-off-by: Hayden B <hblauzvern@google.com> * wip: test: adjust local assets for staging update Signed-off-by: Andrew Pan <a@tny.town> * test_tuf: skip failing getter tests These tests need to be updated for our new trusted root format. Testing for that is landing in sigstore#591. Signed-off-by: Andrew Pan <a@tny.town> * fixup! test_tuf: skip failing getter tests Signed-off-by: Andrew Pan <a@tny.town> * fixup! fixup! test_tuf: skip failing getter tests Signed-off-by: Andrew Pan <a@tny.town> * fixup! fixup! fixup! test_tuf: skip failing getter tests Signed-off-by: Andrew Pan <a@tny.town> * fixup! fixup! fixup! fixup! test_tuf: skip failing getter tests Signed-off-by: Andrew Pan <a@tny.town> * test_tuf: doc Signed-off-by: Andrew Pan <a@tny.town> * test: add staging-tuf targets Signed-off-by: Andrew Pan <a@tny.town> --------- Signed-off-by: Hayden B <hblauzvern@google.com> Signed-off-by: Andrew Pan <a@tny.town> Co-authored-by: Hayden B <hblauzvern@google.com> Signed-off-by: Emile Baez <ebaezmunne@gmail.com>
See #594.