search

jku / tuf-demo

An automated TUF repository demo
https://jku.github.io/tuf-demo/metadata/
6 stars 3 forks source link

Signing event: sign/keyid-fix #107

Closed github-actions[bot] closed 5 months ago

github-actions[bot] commented 5 months ago

Processing signing event sign/keyid-fix, please wait.

github-actions[bot] commented 5 months ago

Current signing event state

Event sign/keyid-fix (commit 3ced57e)

:white_check_mark: root

Role root is verified and signed by 1/1 (1/1) signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:x: targets

Role targets is not yet verified. It is signed by 1/2 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

jku commented 5 months ago

I'm testing https://github.com/theupdateframework/tuf-on-ci/pull/338 here -- will take a few more commits before it's ready

github-actions[bot] commented 5 months ago

Current signing event state

Event sign/keyid-fix (commit 2e40788)

:white_check_mark: root

Role root is verified and signed by 1/1 (1/1) signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:x: targets

Role targets is not yet verified. It is signed by 1/2 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:x: rdimitrov

Role rdimitrov is unsigned and not yet verified Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: jku

Role jku is verified and signed by 1/1 signers (@jku).

:x: kommendorkapten

Role kommendorkapten is unsigned and not yet verified Still missing signatures from @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

github-actions[bot] commented 5 months ago

Current signing event state

Event sign/keyid-fix (commit 8458fc1)

:white_check_mark: root

Role root is verified and signed by 1/1 (1/1) signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: targets

Role targets is verified and signed by 1/1 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:x: rdimitrov

Role rdimitrov is unsigned and not yet verified Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: jku

Role jku is verified and signed by 1/1 signers (@jku).

:x: kommendorkapten

Role kommendorkapten is unsigned and not yet verified Still missing signatures from @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

github-actions[bot] commented 5 months ago

Current signing event state

Event sign/keyid-fix (commit e7a54cf)

:white_check_mark: root

Role root is verified and signed by 1/1 (1/1) signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: targets

Role targets is verified and signed by 1/1 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: jku

Role jku is verified and signed by 1/1 signers (@jku).

:x: kommendorkapten

Role kommendorkapten is unsigned and not yet verified Still missing signatures from @kommendorkapten Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: rdimitrov

Role rdimitrov is verified and signed by 1/1 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

jku commented 5 months ago

Documenting for myself and others. Commands I've run: 

# fix keyids defined in root and targets
tuf-on-ci-delegate --force-compliant-keyids sign/keyid-fix root
tuf-on-ci-delegate --force-compliant-keyids sign/keyid-fix targets

# drop targets threshold to 1 since rado is not available for signing today 
tuf-on-ci-delegate sign/keyid-fix targets

# add myself as signer for role "rdimitrov" for same reason 
tuf-on-ci-delegate sign/keyid-fix rdimitrov

I think it looks correct. Wince rado isn't available we end up with empty sigs ("sig": "", theupdateframework/tuf-on-ci#157) which isn't ideal since the specs not crystal clear on it but

github-actions[bot] commented 5 months ago

Current signing event state

Event sign/keyid-fix (commit 297c4d0)

:white_check_mark: root

Role root is verified and signed by 1/1 (1/1) signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: targets

Role targets is verified and signed by 1/1 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: jku

Role jku is verified and signed by 1/1 signers (@jku).

:white_check_mark: rdimitrov

Role rdimitrov is verified and signed by 1/1 signers (@jku). Still missing signatures from @rdimitrov Signers can sign these changes by running tuf-on-ci-sign sign/keyid-fix

:white_check_mark: kommendorkapten

Role kommendorkapten is verified and signed by 1/1 signers (@kommendorkapten).

Signing event is successful

Threshold of signatures has been reached: this signing event can be reviewed and merged.

jku commented 5 months ago

This looks fine to me. I will merge to see if the online signing is ok with this keyid fix: if not I will likely revert the whole thing and start again another day