Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing event: sign/keyid-fix #107

Merged
merged 10 commits into from
May 20, 2024
Merged

Signing event: sign/keyid-fix #107

merged 10 commits into from
May 20, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Processing signing event sign/keyid-fix, please wait.

jku added 2 commits May 20, 2024 13:59
@jku
'root' role/delegation change
c5e987f 
Signed-off-by: Jussi Kukkonen <[email protected]>
@jku
Signed by @jku
3ced57e 
Signed-off-by: Jussi Kukkonen <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor Author

Current signing event state

Event sign/keyid-fix (commit 3ced57e)

✅ root

Role root is verified and signed by 1/1 (1/1) signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

❌ targets

Role targets is not yet verified. It is signed by 1/2 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

@jku
Copy link
Owner

jku commented May 20, 2024

I'm testing theupdateframework/tuf-on-ci#338 here -- will take a few more commits before it's ready

jku added 2 commits May 20, 2024 14:03
@jku
'targets' role/delegation change
2c18f7f 
Signed-off-by: Jussi Kukkonen <[email protected]>
@jku
Signed by @jku
2e40788 
Signed-off-by: Jussi Kukkonen <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor Author

Current signing event state

Event sign/keyid-fix (commit 2e40788)

✅ root

Role root is verified and signed by 1/1 (1/1) signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

❌ targets

Role targets is not yet verified. It is signed by 1/2 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

❌ rdimitrov

Role rdimitrov is unsigned and not yet verified
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ jku

Role jku is verified and signed by 1/1 signers (@jku).

❌ kommendorkapten

Role kommendorkapten is unsigned and not yet verified
Still missing signatures from @kommendorkapten
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

jku added 2 commits May 20, 2024 14:15
@jku
'targets' role/delegation change
b875fb1 
Signed-off-by: Jussi Kukkonen <[email protected]>
@jku
Signed by @jku
8458fc1 
Signed-off-by: Jussi Kukkonen <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor Author

Current signing event state

Event sign/keyid-fix (commit 8458fc1)

✅ root

Role root is verified and signed by 1/1 (1/1) signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ targets

Role targets is verified and signed by 1/1 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

❌ rdimitrov

Role rdimitrov is unsigned and not yet verified
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ jku

Role jku is verified and signed by 1/1 signers (@jku).

❌ kommendorkapten

Role kommendorkapten is unsigned and not yet verified
Still missing signatures from @kommendorkapten
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

jku added 2 commits May 20, 2024 14:16
@jku
'rdimitrov' role/delegation change
e31f630 
Signed-off-by: Jussi Kukkonen <[email protected]>
@jku
Signed by @jku
e7a54cf 
Signed-off-by: Jussi Kukkonen <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor Author

Current signing event state

Event sign/keyid-fix (commit e7a54cf)

✅ root

Role root is verified and signed by 1/1 (1/1) signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ targets

Role targets is verified and signed by 1/1 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ jku

Role jku is verified and signed by 1/1 signers (@jku).

❌ kommendorkapten

Role kommendorkapten is unsigned and not yet verified
Still missing signatures from @kommendorkapten
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ rdimitrov

Role rdimitrov is verified and signed by 1/1 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

@jku
Copy link
Owner

jku commented May 20, 2024
edited
Loading

Documenting for myself and others. Commands I've run:

# fix keyids defined in root and targets
tuf-on-ci-delegate --force-compliant-keyids sign/keyid-fix root
tuf-on-ci-delegate --force-compliant-keyids sign/keyid-fix targets

# drop targets threshold to 1 since rado is not available for signing today 
tuf-on-ci-delegate sign/keyid-fix targets

# add myself as signer for role "rdimitrov" for same reason 
tuf-on-ci-delegate sign/keyid-fix rdimitrov

I think it looks correct. Wince rado isn't available we end up with empty sigs ("sig": "", theupdateframework/tuf-on-ci#157) which isn't ideal since the specs not crystal clear on it but

  • I consider that valid metadata
  • We could even do a cleanup commit that removes the empty sigs, it's just manual json editing...

@github-actions GitHub Actions
Copy link
Contributor Author

Current signing event state

Event sign/keyid-fix (commit 297c4d0)

✅ root

Role root is verified and signed by 1/1 (1/1) signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ targets

Role targets is verified and signed by 1/1 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ jku

Role jku is verified and signed by 1/1 signers (@jku).

✅ rdimitrov

Role rdimitrov is verified and signed by 1/1 signers (@jku).
Still missing signatures from @rdimitrov
Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

✅ kommendorkapten

Role kommendorkapten is verified and signed by 1/1 signers (@kommendorkapten).

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

@github-actions github-actions bot marked this pull request as ready for review May 20, 2024 12:07
@jku
Copy link
Owner

jku commented May 20, 2024

This looks fine to me. I will merge to see if the online signing is ok with this keyid fix: if not I will likely revert the whole thing and start again another day

@jku jku merged commit fa7290b into main May 20, 2024
1 check passed
@jku jku mentioned this pull request May 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jku @kommendorkapten