Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cosigned] Fix publicKey unmarshal #1719

Merged
merged 1 commit into from
Apr 7, 2022
Merged

[Cosigned] Fix publicKey unmarshal #1719

merged 1 commit into from
Apr 7, 2022

Conversation

DennyHoang
Copy link
Contributor

@DennyHoang DennyHoang commented Apr 7, 2022
edited
Loading

Signed-off-by: Denny Hoang [email protected]

Summary

Unmarshaling PublicKeys causes an error:

{"severity":"ERROR","timestamp":"2022-04-06T14:33:44.2084731Z","logger":"cosigned.config-store","caller":"configmap/store.go:148","message":"Error updating image-policies config \"config-image-policies\": \"failed to parse the entry <ENTRY> : math/big: cannot unmarshal \\\"2.7708706494268807e+76\\\" into a *big.Int\"","commit":"9008111","stacktrace":"<STACKTRACE>"}

Ticket Link

Fixes #1717

Notes

I am aware I am temporarily duplicating the function for parsing PEMs into the internal clusterimagepolicy_types file.
I have another branch that will address this alongside consolidating a lot of the clusterimagepolicy logic into the types file.

cc: @hectorj2f @vaikas @coyote240

@DennyHoang DennyHoang force-pushed the quick-fix-public-keys branch from 27e96cc to 6dac85f Compare April 7, 2022 14:00
@hectorj2f hectorj2f requested a review from vaikas April 7, 2022 14:43
@hectorj2f hectorj2f self-requested a review April 7, 2022 14:43
@hectorj2f hectorj2f added the bug Something isn't working label Apr 7, 2022
@vaikas
Copy link
Contributor

vaikas commented Apr 7, 2022

To make sure that we do not regress in the future, would you mind adding a test with public keys (existing only tests signing with Fulcio so this was not caught by the existing tests).
https://github.com/sigstore/cosign/blob/main/.github/workflows/kind-cluster-image-policy.yaml#L127

@codecov-commenter
Copy link

codecov-commenter commented Apr 7, 2022
edited
Loading

Codecov Report

Merging #1719 (d0e658f) into main (9008111) will decrease coverage by 0.04%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #1719      +/-   ##
==========================================
- Coverage   29.26%   29.21%   -0.05%     
==========================================
  Files         141      141              
  Lines        8503     8502       -1     
==========================================
- Hits         2488     2484       -4     
- Misses       5742     5744       +2     
- Partials      273      274       +1
Impacted Files Coverage Δ
...econciler/clusterimagepolicy/clusterimagepolicy.go 64.00% <ø> (-0.21%) ⬇️
pkg/cosign/tuf/client.go 62.34% <0.00%> (-0.95%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9008111...d0e658f. Read the comment docs.

@DennyHoang DennyHoang force-pushed the quick-fix-public-keys branch from d0e658f to 9b907b0 Compare April 7, 2022 17:54
@DennyHoang
Fix publicKey unmarshal
eff72ff 
- Add key sign verify for cosigned github workflow

Signed-off-by: Denny Hoang <[email protected]>
@DennyHoang DennyHoang force-pushed the quick-fix-public-keys branch from 9b907b0 to eff72ff Compare April 7, 2022 18:34
vaikas
vaikas approved these changes Apr 7, 2022
View reviewed changes
Copy link
Contributor

@vaikas vaikas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesomesauce! Thanks!

@vaikas vaikas merged commit d03404e into sigstore:main Apr 7, 2022
@github-actions github-actions bot added this to the v1.8.0 milestone Apr 7, 2022
@DennyHoang DennyHoang deleted the quick-fix-public-keys branch April 7, 2022 20:14
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@DennyHoang @mlieberman85
Fix publicKey unmarshal (sigstore#1719)
4142e36 
- Add key sign verify for cosigned github workflow

Signed-off-by: Denny Hoang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vaikas vaikas vaikas approved these changes

@hectorj2f hectorj2f hectorj2f approved these changes

Assignees

@DennyHoang DennyHoang

Labels
bug Something isn't working
Projects
None yet
Milestone
v1.7.2
Development

Successfully merging this pull request may close these issues.

cosigned: fail to parse configMap content with the policies
4 participants
@DennyHoang @vaikas @codecov-commenter @hectorj2f