Skip to content

Conformance suite feature parity #354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
tnytown wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Conformance suite feature parity #354

tnytown wants to merge 4 commits into from

Conversation

@tnytown
Copy link
Contributor

@tnytown tnytown commented Apr 24, 2024
edited
Loading

Requires #326.

  • Detached materials
  • 0.3 bundles
  • Staging instance
  • Custom trust root

Current failing tests:

FAILED test/test_bundle.py::test_verify_v_0_3 - test.client.ClientFail: 
FAILED test/test_bundle.py::test_verify_dsse_bundle_with_trust_root - test.client.ClientFail: 
FAILED test/test_bundle.py::test_verify_rejects_invalid_set - test.client.ClientUnexpectedSuccess: 
FAILED test/test_bundle.py::test_verify_rejects_bad_checkpoint - test.client.ClientUnexpectedSuccess: 
FAILED test/test_bundle.py::test_verify_rejects_checkpoint_with_no_matching_key - test.client.ClientUnexpectedSuccess: 
FAILED test/test_certificate_verify.py::test_verify_with_trust_root - test.client.ClientFail: 
FAILED test/test_signature_verify.py::test_verify_empty[SignatureCertificateMaterials] - test.client.ClientFail: 
FAILED test/test_signature_verify.py::test_verify_mismatch[SignatureCertificateMaterials] - test.client.ClientFail: 
FAILED test/test_signature_verify.py::test_verify_sigcrt - test.client.ClientFail: 
FAILED test/test_simple.py::test_simple[SignatureCertificateMaterials] - test.client.ClientFail:

@tnytown
Copy link
Contributor Author

tnytown commented Apr 24, 2024
edited
Loading

Getting the following error on staging when tough tries to fetch a root (5.root.json):

Invalid key ID 5416a7a35ef827abc651e200ac11f3d23e9db74ef890b1fedb69fb2a152ebac5: calculated c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4

@jku
Copy link
Member

jku commented Apr 26, 2024
edited
Loading

Getting the following error on staging when tough tries to fetch a root (5.root.json):

Invalid key ID 5416a7a35ef827abc651e200ac11f3d23e9db74ef890b1fedb69fb2a152ebac5: calculated c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4

This is
theupdateframework/tuf-on-ci#292 and arguably theupdateframework/specification#305

Very annoying...

  • I think this is a bug in tuf-on-ci (and so in root-signing-staging metadata) and will try to not create keyids like this in tuf-on-ci in the future
  • It looks like out of current sigstore clients only sigstore-rs triggers this but I think I will try to fix this in root-signing-staging too -- this is not entirely trivial so won't happen immediately and the already existing root versions are unlikely to get reverted
  • if the tough devs agree with the spec issue above (like I think most client devs do), we could modify the client to accept the keyids currently used

@jku jku mentioned this pull request May 31, 2024
Closed
@tnytown tnytown mentioned this pull request Sep 19, 2024
Open
@tnytown tnytown mentioned this pull request Nov 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tnytown @jku