Closed Meeki1l closed 1 week ago
@Meeki1l as @haydentherapper mentioned above, thanks for catching this / much appreciated. 🙇🏼
PTAL at the failing test. You can look at https://github.com/sigstore/sigstore/blob/main/pkg/tuf/client_test.go for some examples, or stub out calls to TUF.
@haydentherapper disable the falling autotests. I could not find a public TUF mirror with TSA certificates, so it is not possible to write normal autotests.
Attention: Patch coverage is 5.88235%
with 16 lines
in your changes missing coverage. Please review.
Project coverage is 36.55%. Comparing base (
2ef6022
) to head (98bb588
). Report is 138 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
pkg/cosign/tsa.go | 5.88% | 15 Missing and 1 partial :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Summary
Fixes #3743.
When retrieving TSA Certs from the local TUF, an infinite loop occurs, since the GetTargetsByMeta function (used in the GetTufTargets function) returns all certificates of the TSA type.
Also if "tsa_leaf.crt.pem" is missing, panic occurs. This is due to the lack of checking for len(leaves) > 0 in the GetTSACerts function.
Release Note
Documentation