Skip to content

support verify by digest in conformance suite #1326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bdehamer merged 2 commits into from
Dec 4, 2024
Merged

support verify by digest in conformance suite #1326

bdehamer merged 2 commits into from
Dec 4, 2024

Conversation

@bdehamer
Copy link
Collaborator

@bdehamer bdehamer commented Dec 2, 2024
edited
Loading

Updates the CLI for the Sigstore conformance test suite to allow verification of bundles by artifact OR artifact digest.

The most recent release of the Sigstore conformance test suite (v0.0.12) includes verification tests which supply only the digest of the signed artifact instead of supplying the artifact itself. The native nodejs crypto library does NOT support signature verification by digest (you must supply the original artifact and the digest is calculated internally).

To work-around this, I've added a custom implementation of the SignatureContent type which uses a third-party library (elliptic) to perform the signature verification by digest. This new library is integrated ONLY with the conformance CLI and is not part of the @sigstore/verify library.

@changeset-bot
Copy link

changeset-bot bot commented Dec 2, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 02e3919

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sigstore/conformance Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@bdehamer bdehamer force-pushed the bdehamer/conformance-verify-by-digest branch 3 times, most recently from 425e8b8 to 0e2cc17 Compare December 4, 2024 03:20
@bdehamer bdehamer force-pushed the bdehamer/conformance-verify-by-digest branch from 17b54ac to 02e3919 Compare December 4, 2024 18:02
@bdehamer bdehamer marked this pull request as ready for review December 4, 2024 18:08
@bdehamer bdehamer requested a review from a team as a code owner December 4, 2024 18:08
ejahnGithub
ejahnGithub approved these changes Dec 4, 2024
View reviewed changes
Copy link
Contributor

@ejahnGithub ejahnGithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! glad that we have wrapper for SignedEntit.signature!

@bdehamer bdehamer merged commit cd51310 into main Dec 4, 2024
25 checks passed
@bdehamer bdehamer deleted the bdehamer/conformance-verify-by-digest branch December 4, 2024 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ejahnGithub ejahnGithub ejahnGithub approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bdehamer @ejahnGithub