Skip to content

docs: spec updates for arbitrary blob signing #811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rgnote merged 88 commits into from
Mar 8, 2024
Merged

docs: spec updates for arbitrary blob signing #811

rgnote merged 88 commits into from
Mar 8, 2024

Conversation

@rgnote
Copy link
Contributor

@rgnote rgnote commented Oct 28, 2023
edited
Loading

CLI Spec updated for Arbitrary blob signing. Proposal https://hackmd.io/ewbJr2ZnT4a8U1ObDVXcSw?view#CLI-Spec and https://hackmd.io/@-KPyDkW6QfGA-pldFa13pA/ByuHffALa

Signing Scheme and trust policy updates : notaryproject/specifications#283

Signed-off-by: rgnote 5878554+rgnote@users.noreply.github.com

@rgnote rgnote requested a review from a user October 28, 2023 00:23
@codecov-commenter
Copy link

codecov-commenter commented Oct 28, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.35%. Comparing base (eaa5fb4) to head (2750c4b).
Report is 9 commits behind head on main.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #811      +/-   ##
==========================================
+ Coverage   64.93%   67.35%   +2.42%     
==========================================
  Files          45       45              
  Lines        2729     2166     -563     
==========================================
- Hits         1772     1459     -313     
+ Misses        795      545     -250     
  Partials      162      162

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@shizhMSFT shizhMSFT changed the title Spec updates for arbitrary blob signing doc: spec updates for arbitrary blob signing Oct 30, 2023
@shizhMSFT shizhMSFT changed the title doc: spec updates for arbitrary blob signing docs: spec updates for arbitrary blob signing Oct 30, 2023
JeyJeyGao
JeyJeyGao reviewed Oct 30, 2023
View reviewed changes
@ghost
Copy link

ghost commented Oct 30, 2023

Before diving into the detailed UX design, shall we have a PR in the https://github.com/notaryproject/specifications repo to add the new specs related to blob? For example, signature payload, trust policy, ect.

shizhMSFT
shizhMSFT reviewed Oct 30, 2023
View reviewed changes
ghost
ghost reviewed Oct 30, 2023
View reviewed changes
ghost
ghost reviewed Nov 2, 2023
View reviewed changes
yizha1
yizha1 reviewed Nov 2, 2023
View reviewed changes
Copy link
Contributor

@yizha1 yizha1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @rgnote I left some comments

yizha1
yizha1 reviewed Nov 6, 2023
View reviewed changes
Copy link
Contributor

@yizha1 yizha1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @rgnote. I left additional comments.

shizhMSFT
shizhMSFT reviewed Nov 6, 2023
View reviewed changes
ghost
ghost reviewed Nov 14, 2023
View reviewed changes
yizha1
yizha1 reviewed Nov 15, 2023
View reviewed changes
Copy link
Contributor

@yizha1 yizha1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a nit, but I am not a maintainer of notation repo

priteshbandi
priteshbandi reviewed Nov 15, 2023
View reviewed changes
priteshbandi
priteshbandi reviewed Nov 15, 2023
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add some note, for help of top level sign, verify, inspect and list that they only applies to oci.

@rgnote
Copy link
Contributor Author

rgnote commented Nov 17, 2023

Should we add some note, for help of top level sign, verify, inspect and list that they only applies to oci.

They were already updated to note that they work with OCI artifacts.

priteshbandi
priteshbandi previously approved these changes Nov 18, 2023
View reviewed changes
Copy link
Contributor

@priteshbandi priteshbandi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving this pull request, and we can address the following comments in the next PR:

  1. Support 'blob sign' and 'verify' commands to function with standard input and output?
  2. In my opinion, merely mentioning 'oci' in the command description (or in help) isn't sufficient; it should be more prominent

yizha1
yizha1 reviewed Nov 22, 2023
View reviewed changes
Copy link
Contributor

@yizha1 yizha1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with some minor comments.

yizha1
yizha1 reviewed Nov 22, 2023
View reviewed changes
ghost
ghost reviewed Nov 27, 2023
View reviewed changes
shizhMSFT
shizhMSFT reviewed Dec 7, 2023
View reviewed changes
JeyJeyGao and others added 23 commits March 8, 2024 11:46
@JeyJeyGao @rgnote
fix: improve error message for plugin (notaryproject#870)
17d7e1e 
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/upload-artifact from 4.1.0 to 4.2.0 (notary…
8e53eb0 
…project#872)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/cache from 3.3.3 to 4.0.0 (notaryproject#873)
b04cb09 
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump github/codeql-action from 3.23.0 to 3.23.1 (notaryp…
6d49323 
…roject#874)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote
bump: bump up notation-go and notation-core-go including e2e tests (n…
a538660 
…otaryproject#875)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote
vote for version v1.1.0
4baf935 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/upload-artifact from 4.2.0 to 4.3.0 (notary…
a442153 
…project#878)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump codecov/codecov-action from 3.1.4 to 3.1.5 (notaryp…
ddf2c5e 
…roject#879)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump github/codeql-action from 3.23.1 to 3.23.2 (notaryp…
f238f4f 
…roject#877)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote
bump: bump up oras-go and image-spec (notaryproject#881)
3a0562b 
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump github/codeql-action from 3.23.2 to 3.24.0 (notaryp…
bbb4087 
…roject#883)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump codecov/codecov-action from 3.1.5 to 4.0.1 (notaryp…
f8e613d 
…roject#884)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump golang.org/x/term from 0.16.0 to 0.17.0 (notaryproj…
ecbea19 
…ect#886)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/upload-artifact from 4.3.0 to 4.3.1 (notary…
b1ab330 
…project#887)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump codecov/codecov-action from 4.0.1 to 4.0.2 (notaryp…
194cab7 
…roject#896)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump github/codeql-action from 3.24.0 to 3.24.5 (notaryp…
eae0fe3 
…roject#895)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump github.com/opencontainers/image-spec from 1.1.0-rc6…
a22d8fd 
… to 1.1.0 (notaryproject#891)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote
remove overwrite option in sign command
8e0ce16 
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote @shizhMSFT
Update specs/commandline/blob.md
1b9e88b 
Co-authored-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Rakesh Gariganti <5878554+rgnote@users.noreply.github.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote @shizhMSFT
Update specs/commandline/blob.md
a2ebf5c 
Co-authored-by: Shiwei Zhang <shizh@microsoft.com>
Signed-off-by: Rakesh Gariganti <5878554+rgnote@users.noreply.github.com>
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump codecov/codecov-action from 4.0.2 to 4.1.0 (notaryp…
7815b82 
…roject#898)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/cache from 4.0.0 to 4.0.1 (notaryproject#900)
58dd756 
Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@dependabot @rgnote
build(deps): Bump actions/add-to-project from 0.5.0 to 0.6.0 (notaryp…
778245a 
…roject#901)

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
@rgnote rgnote merged commit ba28208 into notaryproject:main Mar 8, 2024
This was referenced Jun 11, 2024
Merged
Merged
@priteshbandi priteshbandi mentioned this pull request Oct 15, 2024
Closed
7h3-3mp7y-m4n pushed a commit to 7h3-3mp7y-m4n/notation that referenced this pull request Mar 29, 2025
@rgnote @dependabot
@FeynmanZhou @rcrozean @yizha1 @shizhMSFT @gokarnm @JeyJeyGao @toddysm @priteshbandi @7h3-3mp7y-m4n
docs: spec updates for arbitrary blob signing (notaryproject#811)
ee8f2d4 
CLI Spec updated for Arbitrary blob signing. Proposal
https://hackmd.io/ewbJr2ZnT4a8U1ObDVXcSw?view#CLI-Spec and
https://hackmd.io/@-KPyDkW6QfGA-pldFa13pA/ByuHffALa

Signing Scheme and trust policy updates :
notaryproject/specifications#283

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>

---------

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Feynman Zhou <feynmanzhou@microsoft.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Cameron Rozean <rcrozean@gmail.com>
Signed-off-by: Yi Zha <yizha1@microsoft.com>
Signed-off-by: Rakesh Gariganti <5878554+rgnote@users.noreply.github.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Toddy Mladenov <toddysm@gmail.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Feynman Zhou <feynmanzhou@microsoft.com>
Co-authored-by: Cameron Rozean <rcrozean@gmail.com>
Co-authored-by: Yi Zha <yizha1@microsoft.com>
Co-authored-by: Shiwei Zhang <shizh@microsoft.com>
Co-authored-by: Milind Gokarn <milind81@gmail.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Toddy Mladenov <me@toddysm.com>
Co-authored-by: Pritesh Bandi <priteshbandi@gmail.com>
FeynmanZhou added a commit to FeynmanZhou/notation that referenced this pull request May 15, 2025
@rgnote @dependabot
@FeynmanZhou @rcrozean @yizha1 @shizhMSFT @gokarnm @JeyJeyGao @toddysm @priteshbandi
docs: spec updates for arbitrary blob signing (notaryproject#811)
7219e5d 
CLI Spec updated for Arbitrary blob signing. Proposal
https://hackmd.io/ewbJr2ZnT4a8U1ObDVXcSw?view#CLI-Spec and
https://hackmd.io/@-KPyDkW6QfGA-pldFa13pA/ByuHffALa

Signing Scheme and trust policy updates :
notaryproject/specifications#283

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>

---------

Signed-off-by: rgnote <5878554+rgnote@users.noreply.github.com>
Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Signed-off-by: Feynman Zhou <feynmanzhou@microsoft.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Cameron Rozean <rcrozean@gmail.com>
Signed-off-by: Yi Zha <yizha1@microsoft.com>
Signed-off-by: Rakesh Gariganti <5878554+rgnote@users.noreply.github.com>
Signed-off-by: Junjie Gao <junjiegao@microsoft.com>
Signed-off-by: Toddy Mladenov <toddysm@gmail.com>
Co-authored-by: Patrick Zheng <patrickzheng@microsoft.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Feynman Zhou <feynmanzhou@microsoft.com>
Co-authored-by: Cameron Rozean <rcrozean@gmail.com>
Co-authored-by: Yi Zha <yizha1@microsoft.com>
Co-authored-by: Shiwei Zhang <shizh@microsoft.com>
Co-authored-by: Milind Gokarn <milind81@gmail.com>
Co-authored-by: Junjie Gao <junjiegao@microsoft.com>
Co-authored-by: Toddy Mladenov <me@toddysm.com>
Co-authored-by: Pritesh Bandi <priteshbandi@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FeynmanZhou FeynmanZhou FeynmanZhou left review comments

@priteshbandi priteshbandi priteshbandi approved these changes

@shizhMSFT shizhMSFT shizhMSFT approved these changes

@yizha1 yizha1 yizha1 left review comments

@vaninrao10 vaninrao10 vaninrao10 left review comments

@justincormack justincormack Awaiting requested review from justincormack

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@SteveLasker SteveLasker Awaiting requested review from SteveLasker

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

+3 more reviewers

@JeyJeyGao JeyJeyGao JeyJeyGao left review comments

@whalelines whalelines whalelines left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.