Move fulcioroots and tuf packages from cosign #435
Conversation
|
The lint check is failing due to un-doc-commented exported methods, but I think I'd rather just leave those as-is than balloon the changes in this PR. If folks feel strongly about having these commented I think we should do that in a separate PR. |
imjasonh
changed the title
imjasonh
changed the title
imjasonh
changed the title
go.mod
Outdated
| @@ -33,6 +33,11 @@ require ( | |||
| gopkg.in/square/go-jose.v2 v2.6.0 | |||
| ) | |||
|
|
|||
| require ( | |||
| cloud.google.com/go/storage v1.10.0 | |||
There was a problem hiding this comment.
Were there concerns about pulling in this library? Was it just due to size?
There was a problem hiding this comment.
Yeah I'd like to replace it with regular HTTP calls instead of taking a dependency on this GCS package. It's not huge, it's just mostly unnecessary.
|
Any more concerns here? If not I can merge and un-WIP sigstore/cosign#1866 to start using this. |
|
This is a large pr, I want to double check nothing has changed. I don’t have a lot of confidence that a break would be detected once this is used in cosign due to the lack of tests. |
|
This LGTM - If you're able to wait a few days, it'd be nice to also get @asraa's LGTM since she's the author of the TUF changes. |
|
I'm back in office and taking a look! |
|
There's active debugging on the TUF client from a recent postmortem, so we may want to hold off on submitting this until that's resolved, as we'd like to get the bug fixed before 1.0 |
|
In particular this is probably worth waiting for the fix for: sigstore/cosign#1899 |
|
Sounds good, I've converted to a draft for now. After the issue is resolved I can pick it back up. |
|
After we do this: should probably consider sigstore/cosign#1935 |
I'd be fine cleaning it up first then moving it, too. There's no real rush to move it, especially if it causes confusion during cleanups or bug fixes. |
|
I'd like to pick this up again after the TUF changes that blocked us last time, and after sigstore/cosign#1967 -- let me know if there's anything else I should wait for, otherwise I'll update this PR. |
imjasonh
changed the title
* fix: fix fetching updated targets from TUF root Signed-off-by: Asra Ali <asraa@google.com> add comment Signed-off-by: Asra Ali <asraa@google.com> update Signed-off-by: Asra Ali <asraa@google.com> update Signed-off-by: Asra Ali <asraa@google.com> possible fix windows Signed-off-by: Asra Ali <asraa@google.com> lint Signed-off-by: Asra Ali <asraa@google.com> fix windows maybe Signed-off-by: Asra Ali <asraa@google.com> fix close Signed-off-by: Asra Ali <asraa@google.com> * update zack comments Signed-off-by: Asra Ali <asraa@google.com> update fix Signed-off-by: Asra Ali <asraa@google.com> update and add some debug Signed-off-by: Asra Ali <asraa@google.com> add debug Signed-off-by: Asra Ali <asraa@google.com> no cache Signed-off-by: Asra Ali <asraa@google.com> remove debug Signed-off-by: Asra Ali <asraa@google.com> * try haydens comments Signed-off-by: Asra Ali <asraa@google.com> * Use Rekor API for pubkeys before TUF if so specified. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Address PR feedback, bump golangci-lint from 1.46.0 to 1.46.2 Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Add comments for the env variables. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Use path instead of filepath, basically revert to what it was before. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * ho hum, really just use the path. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * When interacting with fs do not use OS specific separators. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * fix windows line endings Signed-off-by: Asra Ali <asraa@google.com> * pass embedded into initialization Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Ville Aikas <vaikas@chainguard.dev> Signed-off-by: Jason Hall <jason@chainguard.dev>
* move rekor public key fetch inside GetRekorPubs Signed-off-by: Asra Ali <asraa@google.com> * use in-memory metadata and targets, sync to disk on start and updates Signed-off-by: Asra Ali <asraa@google.com> update Signed-off-by: Asra Ali <asraa@google.com> * Use TUF singleton. Co-authored-by: Ville Aikas <vaikas@chainguard.dev> Signed-off-by: Asra Ali <asraa@google.com> * hayden comment, sync.Once used Signed-off-by: Asra Ali <asraa@google.com> * return global error Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: Ville Aikas <vaikas@chainguard.dev> Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
Signed-off-by: Jason Hall <jason@chainguard.dev>
|
Lint failures seemingly related |
Yeah, there's a lot of un-godoc'ed code in the tuf and fulcioroots packages. I suspect some of them can be addressed by more aggressively unexporting types that don't need to be exported, and godoc'ing the rest, but I don't feel confident enough to document this code well. I did a little bit of lint-hunting in a previous iteration of this work, which I've done now on this one, but I think the rest should be addressed in a separate PR. |
Signed-off-by: Jason Hall <jason@chainguard.dev>
Works for me, but is there any way to disable the linter on this code for now so we don't break HEAD? |
Signed-off-by: Jason Hall <jason@chainguard.dev>
I've updated the lint action to only complain about findings in changed lines, that will at least let other PRs get merged while these are un-godoc'd. We'll still need someone to force-merge this over the complaints of the linter in this change though. Or make the check not-required. |
|
Can you exclude whole directories/specific files instead? IMO that makes more sense, then we can remove that restriction in a follow-up PR and doesn't require any kind of override. |
Signed-off-by: Jason Hall <jason@chainguard.dev>
Good call, done! |
|
Gentle ping @haydentherapper @asraa -- I'd love to get this in before anything else touches these packages. |
|
Ooo today, will take a look tomorrow! |
|
Here we goooo! |
Summary
This moves these packages from sigstore/cosign into sigstore/sigstore.
pkg/fulciorootscomes from cosign'scmd/cosign/cli/fulcio/fulcioroots@2ccdb3, and drops that package's behavior when theSIGSTORE_ROOT_FILEenv var is set -- this will remain insigstore/cosign.pkg/tufcomes from cosign'spkg/cosign/tuf@2ccdb3and is otherwise largely unchanged. Some methods were unexported that aren't used outside of this package.Part of sigstore/cosign#1865
Release Note