Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add delegation #611

Merged
merged 10 commits into from
Feb 8, 2023
Merged

Add delegation #611

merged 10 commits into from
Feb 8, 2023

Conversation

kommendorkapten
Copy link
Member

@kommendorkapten kommendorkapten commented Feb 1, 2023
edited

Summary

Fixes: #601

Some comments:
To simplify operation I made proof of possession as separate commands, as that typically happens less frequent, and with multiple keys in the delegate, it will be a pain to manage the command line options for it.

  • Add delegate
  • Verify proof of possession
  • Create the delegate targets file
  • Sign the delegate target file
  • Updates of the delegate target file (and targets)
  • Verify all e2e

Release Note

N/A

Documentation

TBD

@kommendorkapten
Updated add-delegation command to accept public instead of private
3057ae0 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Removed options for path and terminating.
a5bb653 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Make threshold a configurable option.
13ddf35 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Added commands for sign and verify key proof of possesion.
12b8cf4 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Minor refactoring of shared functions.
3bd1f5b 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Added test for key proof of possession sign/verify
7fa9fcf 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Verify protection against canonicalization attacks.
ec9417a 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
asraa
asraa reviewed Feb 1, 2023
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

roughly looking good to me!

cmd/tuf/app/add-delegation.go Show resolved Hide resolved
cmd/tuf/app/add-delegation.go Show resolved Hide resolved
cmd/tuf/app/key-pop-sign.go
func KeyPOPSign() *ffcli.Command {
var (
flagset = flag.NewFlagSet("tuf key-pop-sign", flag.ExitOnError)
challenge = flagset.String("challenge", "", "the challenge to sign, for a delegate this is the delegate name")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this makes sense? It's the unique delegation rolename, which we want the signer to attest "posession" over.

@kommendorkapten
Make sure delegation's target files uses the fs directory structure
7807fb4 
as specified in the delegated role.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Check error when creating a directory.
9e8fde1 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
@kommendorkapten
Made it possible to configure what targets to remove.
0416b77 
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
asraa
asraa reviewed Feb 8, 2023
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would you like to move this out of draft and merge this first? I think we can split out the delegation target creation / signing to another PR

@kommendorkapten kommendorkapten marked this pull request as ready for review February 8, 2023 14:56
@kommendorkapten
Copy link
Member Author

@asraa it's done. I think It should be in a good case. And as you said, we can work on the outstanding things in a different PR.

asraa
asraa approved these changes Feb 8, 2023
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@asraa asraa merged commit 902d760 into sigstore:main Feb 8, 2023
@kommendorkapten kommendorkapten deleted the add_delegation branch February 8, 2023 14:59
@kommendorkapten kommendorkapten mentioned this pull request Feb 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[delegations] Add delegation script to append a new delegation to a staged target file
2 participants
@kommendorkapten @asraa