-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sign-root-targets for mnm678 #685
sign-root-targets for mnm678 #685
Conversation
Signed-off-by: Marina Moore <mnm678@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
STAGED METADATA
Outputting metadata verification at /home/asraa/git/root-signing/repository...
Verifying targets.json...
Success! Signatures valid and threshold achieved
targets version 6, expires 2023/08/28
Verifying root.json...
Success! Signatures valid and threshold achieved
Success! Signatures valid and threshold achieved from the previous root
root version 6, expires 2023/08/28
LGTM! Just to ensure that the sig wasn't skipped and hidden behind the 3 merged sigs, I re-ran the staged verification deleting the other sigs and verified that there was a valid sig
|
Signing done with expected key $ GITHUB_USER=kommendorkapten BRANCH=ceremony/2023-02-28 ./scripts/verify.sh 685
...
+ ./verify repository --repository /Users/kommendorkapten/git/root-signing/repository --staged
STAGED METADATA
Outputting metadata verification at /Users/kommendorkapten/git/root-signing/repository...
Verifying root.json...
Success! Signatures valid and threshold achieved
Success! Signatures valid and threshold achieved from the previous root
root version 6, expires 2023/08/28
Verifying targets.json...
Success! Signatures valid and threshold achieved
targets version 6, expires 2023/08/28
... Manually drop other signatures: $ git diff --text repository/staged/root.json
diff --git a/repository/staged/root.json b/repository/staged/root.json
index 676edfa..9e76cc9 100644
--- a/repository/staged/root.json
+++ b/repository/staged/root.json
@@ -122,7 +122,7 @@
"signatures": [
{
"keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c",
- "sig": "3044022079941eab7035ffd603354ee9a072ad87ad24e084f2aa52a718f76b21545d90190220368a65bb4ac83a9938885f5bba6a0b9a25c9979c85d85840497a95e47466eafb"
+ "sig": ""
},
{
"keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
@@ -134,11 +134,11 @@
},
{
"keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
- "sig": "304502205c7b76ad222ffe16fed152f5bbf1c18b3df4814bf93703fea4605ae335914953022100a9d187ee02a4babe12b1646b572171bac60b23b0846ff3f067ded075194b549c"
+ "sig": ""
},
{
"keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de",
- "sig": "30440220724e672fd7a2dbd338dfea683712a77bc1579ae5061dbc501d498ade02ea3aeb022012758bd3f1d4d245d92a692d26f743ad7a1f9af0982d1983a8619186c1fbcdd4"
+ "sig": ""
}
]
-}
\ No newline at end of file
+}
$ ./verify repository --repository $(pwd)/repository --staged
STAGED METADATA
Outputting metadata verification at /Users/kommendorkapten/git/root-signing/repository...
Verifying root.json...
Contains 1/3 valid signatures from the current staged metadata
Contains 1/3 valid signatures from the previous root
root version 6, expires 2023/08/28
Verifying targets.json...
Success! Signatures valid and threshold achieved
targets version 6, expires 2023/08/28 |
Signed-off-by: Marina Moore <mnm678@gmail.com>
Signed-off-by: Marina Moore <mnm678@gmail.com>
Signed-off-by: Marina Moore <mnm678@gmail.com>
* Add staged repository metadata (#673) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: GitHub <noreply@github.com> * sign-root-targets for bobcallaway (#674) Signed-off-by: Bob Callaway <bcallaway@google.com> * sign-root-targets for joshuagl (#675) Signed-off-by: Joshua Lock <jlock@vmware.com> * sign-root-targets for dlorenc (#677) Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> * sign-root-targets for SantiagoTorres (#683) Signed-off-by: Santiago Torres Arias <santiago@archlinux.org> * sign-root-targets for mnm678 (#685) Signed-off-by: Marina Moore <mnm678@gmail.com> * Update Snapshot and Timestamp (#687) Signed-off-by: sigstore-review-bot <sigstore-review-bot@users.noreply.github.com> * publish for kommendorkapten (#688) Signed-off-by: Fredrik Skogman <kommendorkapten@github.com> * update snapshot and timestamp (#698) Signed-off-by: GitHub <noreply@github.com> Co-authored-by: kommendorkapten <kommendorkapten@users.noreply.github.com> * publish for kommendorkapten (#699) Signed-off-by: Fredrik Skogman <kommendorkapten@github.com> --------- Signed-off-by: GitHub <noreply@github.com> Signed-off-by: Bob Callaway <bcallaway@google.com> Signed-off-by: Joshua Lock <jlock@vmware.com> Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Santiago Torres Arias <santiago@archlinux.org> Signed-off-by: Marina Moore <mnm678@gmail.com> Signed-off-by: sigstore-review-bot <sigstore-review-bot@users.noreply.github.com> Signed-off-by: Fredrik Skogman <kommendorkapten@github.com> Co-authored-by: GitHub <noreply@github.com> Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com> Co-authored-by: Joshua Lock <jlock@vmware.com> Co-authored-by: dlorenc <lorenc.d@gmail.com> Co-authored-by: Santiago Torres <santiago@archlinux.org> Co-authored-by: Marina Moore <mnm678@users.noreply.github.com> Co-authored-by: Fredrik Skogman <kommendorkapten@github.com> Co-authored-by: kommendorkapten <kommendorkapten@users.noreply.github.com>
Summary
Release Note
Documentation