Add opt-in support for tests that include providing a custom trust root #101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
steiza
added a commit
to sigstore/sigstore-go
that referenced
this pull request
Sep 27, 2023
This allows us to have additional test cases that weren't previously possible when assuming the public-good trust root. See also sigstore/sigstore-conformance#101.
tnytown
reviewed
Sep 27, 2023
sigstore-python doesn't yet, not sure about the others. |
steiza
added a commit
to sigstore/sigstore-go
that referenced
this pull request
Sep 27, 2023
This allows us to have additional test cases that weren't previously possible when assuming the public-good trust root. See also sigstore/sigstore-conformance#101.
The just-released https://github.com/github/sigstore-go does! As of https://github.com/github/sigstore-go/pull/4. |
|
Awesome! That gives us the design impetus to copy |
|
I think we can plumb this into Java relatively painlessly. |
steiza
force-pushed
the
optional_trust_root
branch
from
5c46013 to
efdaf92
Compare
Signed-off-by: Zach Steindler <[email protected]>
Previously the tests assumed the public-good trust root, but supplying a custom trust root lets us exercise additional failure paths, without having to compromise the public-good service. Signed-off-by: Zach Steindler <[email protected]>
I initially thought it was needed, but it didn't end up getting used! Signed-off-by: Zach Steindler <[email protected]>
Signed-off-by: Zach Steindler <[email protected]>
As requested in the sigstore-clients meetings. Users should be pinning to release, and we will put in the release notes how to disable this new test. Signed-off-by: Zach Steindler <[email protected]>
…d-root Also rebase onto main Signed-off-by: Zach Steindler <[email protected]>
steiza
force-pushed
the
optional_trust_root
branch
from
efdaf92 to
6757257
Compare
Signed-off-by: Zach Steindler <[email protected]>
Signed-off-by: Zach Steindler <[email protected]>
woodruffw
approved these changes
Dec 5, 2023
woodruffw
added
enhancement
|
Thanks @steiza! |
|
xref sigstore/sigstore-python#821 for changes needed to sigstore-python's conformance runner. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will help us address #30
Summary
Previously the tests assumed the public-good trust root, but supplying a custom trust root lets us exercise additional failure paths, without having to compromise the public-good service.
Release Note
--trusted-root FILEto support additional test cases--trusted-root, in your Action workflow you can specifyxfail: "test_verify_with_trust_root"to skip this test for nowDocumentation
N/A