Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign bundles published from archives and during copy #3202

Merged
merged 11 commits into from
Sep 30, 2024
Merged

Sign bundles published from archives and during copy #3202

merged 11 commits into from
Sep 30, 2024

Conversation

kichristensen
Copy link
Contributor

@kichristensen kichristensen commented Aug 11, 2024
edited
Loading

What does this change

Support signing and verifying bundles published from archives.
Also adds support for signing bundles during copy

This is handle by creating a new signature, NOT by copying the potential existing signature. This is done for two reasons:

  1. A signature might not be present on the source bundle
  2. Repositories might use different digest algorithms or calculate the digest differently

What issue does it fix

Closes #3201
Closes #3203

Notes for the reviewer

Put any questions or notes for the reviewer here.

Checklist

  • Did you write tests?
  • Did you write documentation?
  • Did you change porter.yaml or a storage document record? Update the corresponding schema file.
  • If this is your first pull request, please add your name to the bottom of our Contributors list. Thank you for making Porter better! 🙇‍♀️

@kichristensen
fix: Sign bundles when publishing from archives
277cd62 
The code flow for publishing from archives is different from publishing
from a porter bundle definition. This resulted in signing never happened
when publishing from an archive.
This change introduces the signing when publishing from archives too.

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen
fix: Supporter verifying relocated images
c85af3b 
When a bundles is published from an archive the invocation image is
relocated and we cannot expect the invocation image to be called the
same as defined directly by the bundle.

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen
test: Add test for signing for archived bundles
4754ced 
Update the integration test to also verify signing of bundles published
from archives

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen
refactor: Refactor signing tests into one for archives and one for bu…
5335398 
…ndles

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen
refactor: Clean up the signing tests
c0feb36 
Signed-off-by: Kim Christensen <[email protected]>
@kichristensen kichristensen force-pushed the signBundlesPublishedFromArchives branch from e2ea497 to c0feb36 Compare August 12, 2024 07:50
@kichristensen kichristensen marked this pull request as ready for review August 12, 2024 08:16
@kichristensen
feat: Support signing bundles during copy
1852741 
Make it possible to sign bundles during copy between repositories.
This is handle by creating a new signature, NOT by copying the potential
existing signature. This is done for two reasons:

1. A signature might not be present on the source bundle
1. Repositories might use different digest algorithms or calculate the digest differently

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen kichristensen changed the title Sign bundles published from archives Sign bundles published from archives and during copy Aug 13, 2024
@kichristensen kichristensen enabled auto-merge (squash) August 17, 2024 20:04
@kichristensen
chore: Stop using invocation image
9d5af30 
Instead bundle image should be used

Signed-off-by: Kim Christensen <[email protected]>
@kichristensen kichristensen force-pushed the signBundlesPublishedFromArchives branch from 84205f4 to 9d5af30 Compare August 23, 2024 21:55
@schristoff schristoff merged commit 25c11c7 into getporter:main Sep 30, 2024
38 of 39 checks passed
@kichristensen kichristensen deleted the signBundlesPublishedFromArchives branch September 30, 2024 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sgettys sgettys Awaiting requested review from sgettys sgettys is a code owner

@bdegeeter bdegeeter Awaiting requested review from bdegeeter bdegeeter is a code owner

@troy0820 troy0820 Awaiting requested review from troy0820 troy0820 is a code owner

@schristoff schristoff Awaiting requested review from schristoff schristoff is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Copying bundles doesn't support signing Bundle is not signed when pushed from an archive
2 participants
@kichristensen @schristoff