Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move the ssh signing/verification utilities to sigstore from rekor. #141

Merged
merged 1 commit into from
Nov 23, 2021
Merged

Move the ssh signing/verification utilities to sigstore from rekor. #141

merged 1 commit into from
Nov 23, 2021

Conversation

dlorenc
Copy link
Member

@dlorenc dlorenc commented Nov 14, 2021

SSH signing has started to gain momentum with support in git! We have an implementation
in rekor that works, but it probably doesn't belong there. Let's move it here and realign
it with our sigstore signing APIs.

Signed-off-by: Dan Lorenc lorenc.d@gmail.com

Summary

Ticket Link

Fixes

Release Note

@bobcallaway
Copy link
Member

I like this (and am supportive of moving over the rest of rekor/pki where it makes sense). I think we would still need a way to generate a canonicalized version of a public key and signature to persist in the log (which is what is missing in sigstore/sigstore right now.

@dlorenc
Copy link
Member Author

dlorenc commented Nov 17, 2021

I like this (and am supportive of moving over the rest of rekor/pki where it makes sense). I think we would still need a way to generate a canonicalized version of a public key and signature to persist in the log (which is what is missing in sigstore/sigstore right now.

Yeah I don't think we need to move allllll of it over. This one was particularly ripe for a move though because we don't even use the Sign function other than for tests of Verify.

dekkagaijin
dekkagaijin previously approved these changes Nov 18, 2021
View reviewed changes
Copy link
Member

@dekkagaijin dekkagaijin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM FWIW

@lukehinds
Copy link
Member

also lgtm, do we need to coordinate a removal PR from rekor?

lukehinds
lukehinds previously approved these changes Nov 23, 2021
View reviewed changes
@dlorenc dlorenc dismissed stale reviews from lukehinds and dekkagaijin via e373fcf November 23, 2021 15:38
@dlorenc dlorenc changed the title WIP: Move the ssh signing/verification utilities to sigstore from rekor. Move the ssh signing/verification utilities to sigstore from rekor. Nov 23, 2021
@dlorenc
Copy link
Member Author

dlorenc commented Nov 23, 2021

Thanks for the reminders - cleaned up the last TODOs.

@dlorenc
Move the ssh signing/verification utilities to sigstore from rekor.
40ab265 
SSH signing has started to gain momentum with support in git! We have an implementation
in rekor that works, but it probably doesn't belong there. Let's move it here and realign
it with our sigstore signing APIs.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
@dlorenc
Copy link
Member Author

dlorenc commented Nov 23, 2021

PTAL, should be good now!

@lukehinds lukehinds merged commit 57d6d2c into sigstore:main Nov 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukehinds lukehinds lukehinds approved these changes

@dekkagaijin dekkagaijin dekkagaijin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dlorenc @bobcallaway @lukehinds @dekkagaijin