Add opt-in support for tests that include providing a custom trust root#101
Merged
Conversation
steiza
added a commit
to sigstore/sigstore-go
that referenced
this pull request
Sep 27, 2023
This allows us to have additional test cases that weren't previously possible when assuming the public-good trust root. See also sigstore/sigstore-conformance#101.
Member
tnytown
reviewed
Sep 27, 2023
tnytown
left a comment
Collaborator
There was a problem hiding this comment.
Looks good overall, just one minor nit. Do any clients support this yet? It would be nice to see the new tests exercised by the selftest :)
Member
sigstore-python doesn't yet, not sure about the others. |
steiza
added a commit
to sigstore/sigstore-go
that referenced
this pull request
Sep 27, 2023
This allows us to have additional test cases that weren't previously possible when assuming the public-good trust root. See also sigstore/sigstore-conformance#101.
Member
Author
The just-released https://github.com/github/sigstore-go does! As of https://github.com/github/sigstore-go/pull/4. |
Member
|
Awesome! That gives us the design impetus to copy |
Member
|
I think we can plumb this into Java relatively painlessly. |
5c46013 to
efdaf92
Compare
Signed-off-by: Zach Steindler <steiza@github.com>
Previously the tests assumed the public-good trust root, but supplying a custom trust root lets us exercise additional failure paths, without having to compromise the public-good service. Signed-off-by: Zach Steindler <steiza@github.com>
I initially thought it was needed, but it didn't end up getting used! Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
As requested in the sigstore-clients meetings. Users should be pinning to release, and we will put in the release notes how to disable this new test. Signed-off-by: Zach Steindler <steiza@github.com>
…d-root Also rebase onto main Signed-off-by: Zach Steindler <steiza@github.com>
efdaf92 to
6757257
Compare
Signed-off-by: Zach Steindler <steiza@github.com>
Signed-off-by: Zach Steindler <steiza@github.com>
woodruffw
approved these changes
Dec 5, 2023
Member
|
Thanks @steiza! |
Member
|
xref sigstore/sigstore-python#821 for changes needed to sigstore-python's conformance runner. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This will help us address #30
Summary
Previously the tests assumed the public-good trust root, but supplying a custom trust root lets us exercise additional failure paths, without having to compromise the public-good service.
Release Note
--trusted-root FILEto support additional test cases--trusted-root, in your Action workflow you can specifyxfail: "test_verify_with_trust_root"to skip this test for nowDocumentation
N/A