bundle: dont sign manifest when empty #4730

friedrichsenm · 2022-06-02T14:54:37Z

Previously, when creating a signed bundle and either no .manifest
file is present or when the contents are the defaults, no .manifest
file would get written to the .tar.gz output but there would be an
entry for the manifest in the .signatures.json file when trying to
verify the bundle. I modified the signature process to skip hashing
the manifest when it is empty for whatever reason.

Fixes #4712

Signed-off-by: Matt F 15720856+friedrichsenm@users.noreply.github.com

Previously, when creating a signed bundle and either no `.manifest` file is present or when the contents are the defaults, no `.manifest` file would get written to the `.tar.gz` output but there would be an entry for the manifest in the `.signatures.json` file when trying to verify the bundle. Now, hashing/signing the manifest file is skipped when it is empty or not present. Fixes #4712 Signed-off-by: Matt F <15720856+friedrichsenm@users.noreply.github.com>

ashutosh-narkar

lgtm

ashutosh-narkar approved these changes Jun 2, 2022

View reviewed changes

ashutosh-narkar merged commit e971a8f into open-policy-agent:main Jun 2, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bundle: dont sign manifest when empty #4730

bundle: dont sign manifest when empty #4730

friedrichsenm commented Jun 2, 2022

ashutosh-narkar left a comment

bundle: dont sign manifest when empty #4730

bundle: dont sign manifest when empty #4730

Conversation

friedrichsenm commented Jun 2, 2022

ashutosh-narkar left a comment

Choose a reason for hiding this comment