ianhundere
commented
1 week ago @Meeki1l as @haydentherapper mentioned above, thanks for catching this / much appreciated. 🙇🏼
Closed Meeki1l closed 1 week ago
ianhundere
commented
1 week ago @Meeki1l as @haydentherapper mentioned above, thanks for catching this / much appreciated. 🙇🏼
haydentherapper
commented
1 week ago PTAL at the failing test. You can look at https://github.com/sigstore/sigstore/blob/main/pkg/tuf/client_test.go for some examples, or stub out calls to TUF.
Meeki1l
commented
1 week ago @haydentherapper disable the falling autotests. I could not find a public TUF mirror with TSA certificates, so it is not possible to write normal autotests.
codecov[bot]
commented
1 week ago Attention: Patch coverage is 5.88235% with 16 lines in your changes missing coverage. Please review.
Project coverage is 36.55%. Comparing base (
2ef6022) to head (98bb588). Report is 138 commits behind head on main.
| Files | Patch % | Lines |
|---|---|---|
| pkg/cosign/tsa.go | 5.88% | 15 Missing and 1 partial :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Summary
Fixes #3743.
When retrieving TSA Certs from the local TUF, an infinite loop occurs, since the GetTargetsByMeta function (used in the GetTufTargets function) returns all certificates of the TSA type.
Also if "tsa_leaf.crt.pem" is missing, panic occurs. This is due to the lack of checking for len(leaves) > 0 in the GetTSACerts function.
Release Note
Documentation