-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add digest to targets metadata directly #170
Add digest to targets metadata directly #170
Conversation
hmm, the Ubuntu build is failing to install snappy. I don't think that relates to this pr, but I'm not sure what's causing it. |
The build is failing in go-tuf/.github/workflows/build.yml Line 24 in fc0190d
If I run diff --git a/repo_test.go b/repo_test.go
index bc55210..c764162 100644
--- a/repo_test.go
+++ b/repo_test.go
@@ -1684,7 +1684,7 @@ func (rs *RepoSuite) TestBadAddOrUpdateSignatures(c *C) {
checkSigIDs("root.json")
}
-func (rs *RepoSuite) TestSignDigest(c *C){
+func (rs *RepoSuite) TestSignDigest(c *C) {
files := map[string][]byte{"foo.txt": []byte("foo")}
local := MemoryStore(make(map[string]json.RawMessage), files)
r, err := NewRepo(local)
@@ -1708,7 +1708,7 @@ func (rs *RepoSuite) TestSignDigest(c *C){
c.Assert(err, IsNil)
targets, err := r.targets()
- c.Assert(err, IsNil)
+ c.Assert(err, IsNil)
c.Assert(targets.Targets["sha256:bc11b176a293bb341a0f2d0d226f52e7fcebd186a7c4dfca5fc64f305f06b94c"].FileMeta.Length, Equals, size)
c.Assert(targets.Targets["sha256:bc11b176a293bb341a0f2d0d226f52e7fcebd186a7c4dfca5fc64f305f06b94c"].FileMeta.Hashes["sha256"], DeepEquals, hex_digest_bytes) |
Thank for the review @ethan-lowman-dd! |
Pull Request Test Coverage Report for Build 1719253116
💛 - Coveralls |
I added the client verification and fixed the test failures, so I think this is ready for another review @ethan-lowman-dd or @trishankatdatadog |
Awesome! Ethan, would you please help? 🙂 |
ping @trishankatdatadog you're marked as requesting changes. Do the latest commits address those? |
Will review today during our meeting. Thanks! |
This commit allows users of go-tuf to sign oci images or other non-local targets by directly providing the hash and length of these artifacts. Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Co-authored-by: Ethan Lowman <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Signed-off-by: Marina Moore <[email protected]>
Thanks @asraa. I addressed your comments and rebased for some of the delegations pr changes. |
Signed-off-by: Marina Moore <[email protected]>
Allows users of go-tuf to sign oci images or other non-local targets by directly providing the hash and length of these artifacts. Solves #165
cc @ethan-lowman-dd @trishankatdatadog @sudo-bmitch