Closed jku closed 1 year ago
these could probably all be tested... I wish creating tests like this would be easier
Hm, this PR seems a bit broken?
I had a root with one keyolder (me), then I ran playground-delegate add-1foo
:
% playground-delegate add-1foo
Remote branch not found: branching off from main
Enter name of role to modify: root
Modifying delegation for root
Configuring role root
1. Configure signers: [@kommendorkapten], requiring 1 signatures
2. Configure expiry: Role expires in 365 days, re-signing starts 60 days before expiry
Please choose an option or press enter to continue: 1
Please enter list of root signers [@kommendorkapten]: @kommendorkapten,@1foo
Please enter root threshold [1]:
1. Configure signers: [@kommendorkapten, @1foo], requiring 1 signatures
2. Configure expiry: Role expires in 365 days, re-signing starts 60 days before expiry
Please choose an option or press enter to continue:
Configuring signing key
1. Sigstore (OpenID Connect)
2. Yubikey
Please choose the type of signing key you would like to use [1]: 2
Please insert your Yubikey and press enter:
Press enter to push changes to origin/add-1foo:
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 10 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 597 bytes | 597.00 KiB/s, done.
Total 5 (delta 2), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
remote:
remote: Create a pull request for 'add-1foo' on GitHub by visiting:
remote: https://github.com/kommendorkapten/tuf-repo-test-1/pull/new/add-1foo
remote:
To github.com:kommendorkapten/tuf-repo-test-1.git
* [new branch] HEAD -> add-1foo
After that I got a new metadata file for root, but no invite/state file. And the diff for root.json
looks wrong:
diff --git a/metadata/root.json b/metadata/root.json
index 5b0e928..bada54d 100644
--- a/metadata/root.json
+++ b/metadata/root.json
@@ -2,13 +2,13 @@
"signatures": [
{
"keyid": "d7d2d47a3f644fc3a685bac7b39c81ed9f9cee48ff861b44fbd86b91e34e7829",
- "sig": "3046022100b658e5fdca5e755c1db4cee0a8bc87bcecc7e90f13ab912f3c03458ad7d3be9e022100c6e707723c4a289637f2c9aa8ab86bdd555d34b47e2c8a0582d1587c47ceefd4"
+ "sig": ""
}
],
"signed": {
"_type": "root",
"consistent_snapshot": true,
- "expires": "2024-05-31T11:44:06Z",
+ "expires": "2024-06-07T12:36:12Z",
"keys": {
"8b4af6aec66518bc66718474aa15c8becd3286e8e2b958c497a60a828d591d04": {
"keytype": "ecdsa",
@@ -24,7 +24,7 @@
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgA
E++Wv+DcLRk+mfkmlpCwl1GUi9EMh\npBUTz8K0fH7bE4mQuViGSyWA/eyMc0HvzZi6Xr0diHw0/lUPB
vok214YQw==\n-----END PUBLIC KEY-----\n"
},
"scheme": "ecdsa-sha2-nistp256",
- "x-playground-keyowner": "@kommendorkapten"
+ "x-playground-keyowner": "@1foo"
}
},
"roles": {
@@ -58,7 +58,7 @@
}
},
"spec_version": "1.0.31",
- "version": 1,
+ "version": 2,
"x-playground-expiry-period": 365,
"x-playground-signing-period": 60
}
Instead my key was transferred to the new user (1foo
).
Also the branch becomes a bit strange locally:
% git status
On branch add-1foo
Your branch and 'origin/add-1foo' have diverged,
and have 1 and 1 different commits each, respectively.
(use "git pull" to merge the remote branch into yours)
It looks like the actual commit was the same locally and remote, but for some reason they end up having different commit SHA.
- "x-playground-keyowner": "@kommendorkapten"
+ "x-playground-keyowner": "@1foo"
are yous sure you weren't pretending to be 1foo in the config file?
btw, please use user names that don't exist on GH for testing: it's easy to accidentally start sending notifications otherwise
btw, please use user names that don't exist on GH for testing: it's easy to accidentally start sending notifications otherwise
Yes, that was my idea, I was under the impression that starting with a digit is not allowed. Sorry for this.
are yous sure you weren't pretending to be 1foo in the config file?
Yes, that probably was the case 🤦 Re-ran invite and signing today and it all worked.
Three separate fixes I found while testing: