Skip to content

Basic rekorv2 tests#216

Merged
jku merged 3 commits into
sigstore:mainfrom
jku:basic-rekorv2-test
Jul 15, 2025
Merged

Basic rekorv2 tests#216
jku merged 3 commits into
sigstore:mainfrom
jku:basic-rekorv2-test

Conversation

@jku

@jku jku commented Jun 13, 2025
edited
Loading

Copy link
Copy Markdown
Member

Add very basic tests for verifying rekorv2 bundles (happy path test and a few timestamp related tests).

  • This uses sigstore-python from main branch as the selftest client
  • All tests use a custom trust root (that is really just staging trusted root since it has rekor2 in it)

Clients can set XFAIL as usual if they do not support rekorv2 yet (we don't have a SKIP input so they need to do XFAIL but maybe we should have it so clients could just skip all tests they don't support -- as an example "*intoto*, *rekor2*") instead of having to XFAIL just the ones that have unexpected results

This was referenced Jun 13, 2025
Merged
Closed
@jku

This comment was marked as outdated.

Sign in to view
@jku
Add very basic rekor2 tests
f08af41 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the basic-rekorv2-test branch from 02caa78 to f08af41 Compare July 15, 2025 08:12
@jku jku marked this pull request as ready for review July 15, 2025 08:20
@jku jku requested review from Hayden-IO and loosebazooka July 15, 2025 08:21
jku added 2 commits July 15, 2025 13:25
@jku
Add test for rekor 2 bundle with timestamp payload mismatch
d6d3659 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
Add test for rekor2 bundle with too late timestamp
2d29dcf 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku

jku commented Jul 15, 2025

Copy link
Copy Markdown
Member Author

I've added a few tests more but don't plan on adding anything to this PR -- will start new PRs for next tests to keep the number per PR reasonable

@jku jku changed the title Basic rekorv2 test Basic rekorv2 tests Jul 15, 2025
@jku

jku commented Jul 15, 2025
edited
Loading

Copy link
Copy Markdown
Member Author

The size of the PR could be cut in half by having some smarter way of using the custom/staging trusted root as --trusted-root argument (the four trusted_root.json files are identical)... but I decided to keep this simple

loosebazooka
loosebazooka approved these changes Jul 15, 2025
View reviewed changes

@loosebazooka loosebazooka left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aaronlew02 do we have any other test-cases that might be interesting to add (in a followup pr)?

Comment thread test/assets/bundle-verify/rekor2-timestamp-payload-mismatch_fail/README
@loosebazooka

loosebazooka commented Jul 15, 2025

Copy link
Copy Markdown
Member

@aaronlew02 also I think we can test these against sigstore-java tomorrow or later in the week once the PRs are in

@jku jku merged commit 7df1f40 into sigstore:main Jul 15, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@loosebazooka loosebazooka loosebazooka approved these changes

@Hayden-IO Hayden-IO Awaiting requested review from Hayden-IO

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jku @loosebazooka