Skip to content

v0.10.0
Compare
Choose a tag to compare
@jordandcarter jordandcarter released this 26 Jun 22:26
· 36 commits to main since this release
v0.10.0
5e62e6c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.10.0 (2024-06-25)

Full Changelog

⚠️ This release has some breaking changes to the signature subpackage.

All the following functions now take as their first param a context.Context, as well as the following changes.

The signature of signature.Sign function has changed to no longer take env map[string]string but instead use signature.WithEnv(env) as an option.

-func Sign(key jwk.Key, env map[string]string, sf SignedFielder) (*pipeline.Signature, error)
+func Sign(_ context.Context, key jwk.Key, sf SignedFielder, opts ...Option) (*pipeline.Signature, error)

The signature of signature.Verify function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func Verify(s *pipeline.Signature, keySet jwk.Set, env map[string]string, sf SignedFielder)
+func Verify(ctx context.Context, s *pipeline.Signature, keySet jwk.Set, sf SignedFielder, opts ...Option) error

The signature of signature.SignSteps function has also changed to take signature.WithEnv(env) as an option instead of env map[string]string.

-func SignSteps(s pipeline.Steps, key jwk.Key, env map[string]string, repoURL string)
+func SignSteps(ctx context.Context, s pipeline.Steps, key jwk.Key, repoURL string, opts ...Option) error

Added

The following were added to the signature subpackage.

func WithEnv(env map[string]string) Option
func WithLogger(logger Logger) Option
func WithDebugSigning(debugSigning bool) Option
  • WithLogger enables logging public key thumbprints when signing and verifying steps
  • WithDebugSigning will enable debugging for signing steps. When this is enabled, along with WithLogger, will log step payloads before they are signed to assist in debugging verification failures
    • This is intended for development purposes
    • During step upload using signing this will log step payloads to the jobs log which could leak secrets to those with access to your Buildkite build page ⚠️
    • During step verification at the start of all signed jobs this will log the step payloads to the agent log

Removed

-func SignPipeline(p *pipeline.Pipeline, key jwk.Key, repo string) error

Call SignSteps instead.

Changed

  • (Described above) Log public key fingerprint in debug, log step payload in signing-debug #39 (@patrobinson)
  • Bump github.com/lestrrat-go/jwx/v2 from 2.0.21 to 2.1.0 #40 (@dependabot[bot])
  • Bump github.com/buildkite/interpolate from 0.0.0-20200526001904-07f35b4ae251 to 0.1.2 #38 (@dependabot[bot])

Contributors

patrobinson and dependabot
Assets 2
Loading