Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verify: verify checkpoint's STH against the inclusion proof root hash #1092

Merged
merged 2 commits into from
Oct 3, 2022
Merged

verify: verify checkpoint's STH against the inclusion proof root hash #1092

merged 2 commits into from
Oct 3, 2022

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Oct 3, 2022
edited
Loading

Signed-off-by: Asra Ali asraa@google.com

Verifying the checkpoint signature of an entry should also verify that the root hash corresponds to the one in the inclusion proof.

Required for slsa-framework/slsa-verifier#281

Summary

Release Note

Documentation

@asraa
verify: verify checkpoint signature
7b37b9a 
Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa requested a review from a team as a code owner October 3, 2022 19:42
@asraa asraa changed the title verify: verify checkpoint signature verify: verify checkpoint's STH against the inclusion proof root hash Oct 3, 2022
bobcallaway
bobcallaway previously approved these changes Oct 3, 2022
View reviewed changes
cdris
cdris previously approved these changes Oct 3, 2022
View reviewed changes
Copy link

@cdris cdris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

haydentherapper
haydentherapper previously approved these changes Oct 3, 2022
View reviewed changes
@asraa
fix not
d3c134d 
Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>
@asraa asraa dismissed stale reviews from haydentherapper, cdris, and bobcallaway via d3c134d October 3, 2022 20:15
@asraa
Copy link
Contributor Author

asraa commented Oct 3, 2022

I made a not error :)

haydentherapper
haydentherapper approved these changes Oct 3, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch!

@codecov-commenter
Copy link

codecov-commenter commented Oct 3, 2022
edited
Loading

Codecov Report

Merging #1092 (d3c134d) into main (a859807) will increase coverage by 0.00%.
The diff coverage is 66.66%.

@@           Coverage Diff           @@
##             main    #1092   +/-   ##
=======================================
  Coverage   64.09%   64.10%           
=======================================
  Files          82       82           
  Lines        7498     7507    +9     
=======================================
+ Hits         4806     4812    +6     
- Misses       2068     2070    +2     
- Partials      624      625    +1
Flag Coverage Δ
e2etests 48.79% <11.11%> (-0.05%) ⬇️
unittests 41.02% <66.66%> (+0.07%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/verify/verify.go 50.00% <66.66%> (+1.14%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@asraa asraa merged commit e4a7a41 into sigstore:main Oct 3, 2022
@github-actions github-actions bot added this to the v1.0.0 milestone Oct 3, 2022
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Oct 19, 2022
@bmwiedemann
Update rekor to version 1.0.0 / rev 12 via SR 1029934
2eb31dc 
https://build.opensuse.org/request/show/1029934
by user msmeissn + dimstar_suse
- updated to rekor 1.0.0 (sc#SLE-23476):
  - add description on /api/v1/index/retrieve endpoint by @bobcallaway in sigstore/rekor#1073
  - Adding e2e test coverage by @cdris in sigstore/rekor#1071
  - export rekor build/version information by @cpanato in sigstore/rekor#1074
  - Use POST instead of GET for /api/log/entries/retrieve metrics. by @var-sdk in sigstore/rekor#1083
  - Search through all shards when searching by hash by @priyawadhwa in sigstore/rekor#1082
  - verify: verify checkpoint's STH against the inclusion proof root hash by @asraa in sigstore/rekor#1092
  - add ability to enable/disable specific rekor API endpoints by @bobcallaway in
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haydentherapper haydentherapper haydentherapper approved these changes

@priyawadhwa priyawadhwa priyawadhwa approved these changes

@cdris cdris cdris approved these changes

@bobcallaway bobcallaway bobcallaway left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.
6 participants
@asraa @codecov-commenter @bobcallaway @haydentherapper @priyawadhwa @cdris