Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix intoto index keys #889

Merged
merged 4 commits into from
Jun 29, 2022
Merged

Fix intoto index keys #889

merged 4 commits into from
Jun 29, 2022

Conversation

bobcallaway
Copy link
Member

@bobcallaway bobcallaway commented Jun 28, 2022

Ensure we include all appropriate index keys including:

  • entire DSSE envelope SHA256 digest
  • envelope (base64 decoded) SHA256 digest
  • entire X509 signing certificate
  • any relevant keys extracted from X509 signing certificate

Fixes: #890
Fixes: #876

Signed-off-by: Bob Callaway [email protected]

Ensure we include all appropriate index keys including:
- entire DSSE envelope SHA256 digest
- envelope (base64 decoded) SHA256 digest
- entire X509 signing certificate
- any relevant keys extracted from X509 signing certificate

Fixes: sigstore#872

Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway bobcallaway requested a review from asraa June 28, 2022 17:02
@codecov-commenter
Copy link

codecov-commenter commented Jun 28, 2022

Codecov Report

Merging #889 (22e8f7a) into main (89363a5) will increase coverage by 0.60%.
The diff coverage is 78.78%.

@@            Coverage Diff             @@
##             main     #889      +/-   ##
==========================================
+ Coverage   46.99%   47.60%   +0.60%     
==========================================
  Files          62       62              
  Lines        5413     5432      +19     
==========================================
+ Hits         2544     2586      +42     
+ Misses       2587     2558      -29     
- Partials      282      288       +6     
Impacted Files Coverage Δ
pkg/types/intoto/v0.0.1/entry.go 52.99% <78.78%> (+16.24%) ⬆️
pkg/types/alpine/v0.0.1/entry.go 53.30% <0.00%> (-1.24%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 89363a5...22e8f7a. Read the comment docs.

dlorenc
dlorenc previously approved these changes Jun 28, 2022
asraa
asraa previously approved these changes Jun 28, 2022
pkg/types/intoto/v0.0.1/entry_test.go Show resolved Hide resolved
pkg/types/intoto/v0.0.1/entry.go Outdated Show resolved Hide resolved
Signed-off-by: Bob Callaway <[email protected]>
@bobcallaway bobcallaway dismissed stale reviews from asraa and dlorenc via 1f2a61f June 28, 2022 19:16
asraa
asraa previously approved these changes Jun 28, 2022
pkg/types/intoto/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/intoto/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/intoto/v0.0.1/entry.go Outdated Show resolved Hide resolved
@dlorenc
Copy link
Member

dlorenc commented Jun 29, 2022

cc @cpanato we should cut a release after this goes in I think

@dlorenc dlorenc merged commit fb545de into sigstore:main Jun 29, 2022
@github-actions github-actions bot added this to the v1.0.0 milestone Jun 29, 2022
@cpanato
Copy link
Member

cpanato commented Jun 29, 2022

Ok @dlorenc will prepare the changelog and check if need other updates

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Index intoto attestations by email Intoto Indexing Bug: cannot find entry by payloadHash
5 participants