Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sigstore for maintainers #78

Merged
merged 4 commits into from
May 4, 2023
Merged

Sigstore for maintainers #78

merged 4 commits into from
May 4, 2023

Conversation

jku
Copy link
Owner

@jku jku commented Apr 24, 2023
edited
Loading

This is mostly to test the securesystemslib implementation:

  • Allow using sigstore identity as maintainer key
  • Add UI to ask for email and issuer if using sigstore identity
  • Fix tests (but note that sigstore maintainer keys are not actually tested -- I think that is not easy)

TODO:

  • should not ask for email and identity: should instead do the the token acquisition and read the token... Could do this as POC even before sigstore-python provides this (which I think they should)
  • should verify when signing that the identity is the one we expect

cc @lukpueh

jku added 4 commits April 21, 2023 11:46
@jku
Initial offline key sigstore UI support
57e17db
@jku
signer: Cache Signers
ec98288 
This is especially helpful for Sigstore as token initialization (which
includes the web authentication flow) now happens only once per signer.
@jku
signer: Use bold to indicate required user action
8537d59
@jku
tests: update user input
f59a2b2 
Add selection for signing key type.

Note that sigstore maintainer keys are currently not tested.
@jku jku requested a review from lukpueh April 24, 2023 12:54
lukpueh
lukpueh reviewed Apr 28, 2023
View reviewed changes
Copy link
Collaborator

@lukpueh lukpueh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks super cool. I still need to understand the individual tools and how they play together a bit better to make any qualified comments on diffs. Will try to familiarise myself more soon.

playground/signer/playground_sign/_common.py Show resolved Hide resolved
playground/signer/playground_sign/_common.py Show resolved Hide resolved
playground/signer/playground_sign/_common.py Show resolved Hide resolved
@jku
Copy link
Owner Author

jku commented May 2, 2023

I still need to understand the individual tools and how they play together

Happy to do a video chat session to get you up to speed

@jku jku merged commit 059d3f4 into main May 4, 2023
@jku
Copy link
Owner Author

jku commented May 4, 2023

This could clearly be better (see TODOs in the pr message) but I'm merging now, let's handle those in other issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukpueh lukpueh lukpueh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jku @lukpueh