Open fghanmi opened 1 week ago
Attention: Patch coverage is 56.00000%
with 11 lines
in your changes missing coverage. Please review.
Project coverage is 51.71%. Comparing base (
488eb97
) to head (e665262
). Report is 151 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
pkg/api/api.go | 52.17% | 9 Missing and 2 partials :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
@bobcallaway I see that the e2e tests are failing, are they all using ./docker-compose.yaml resources ? Meaning, should I enable TLS on all the /docker-compose*.yaml files ? ( since the trillian logserver in docker-compose.yaml is TLS enabled)
Regarding the build failure: CI / issue-872-e2e:
The script is using an old rekor-server image https://github.com/sigstore/rekor/blob/main/tests/issue-872-e2e-test.sh#L71
that does not have the new tag --tls_ca_cert
and thus, it fails.
@bobcallaway is it possible to use an image with the new updates ?
Regarding the build failure: CI / issue-872-e2e: The script is using an old rekor-server image https://github.com/sigstore/rekor/blob/main/tests/issue-872-e2e-test.sh#L71 that does not have the new tag
--tls_ca_cert
and thus, it fails. @bobcallaway is it possible to use an image with the new updates ?
no, that specific test is for a regression that was started at that back version.
I'll need to take a closer look at the dependency structure of those various docker-compose files to better advise you.
Regarding the build failure: CI / issue-872-e2e: The script is using an old rekor-server image https://github.com/sigstore/rekor/blob/main/tests/issue-872-e2e-test.sh#L71 that does not have the new tag
--tls_ca_cert
and thus, it fails. @bobcallaway is it possible to use an image with the new updates ?no, that specific test is for a regression that was started at that back version.
I'll need to take a closer look at the dependency structure of those various docker-compose files to better advise you.
We can create another trillian server trillian-log-server-no-tls
and use it as the trillian server for the rekor-server-issue-872-v060
that uses an older image. (I've tested it)
What do you think ?
Summary
This pull request introduces support for enabling TLS in communications with the Trillian server. By adding a new command-line flag
--tls-ca-cert
and implementing the necessary logic to handle TLS certificates, this update enhances the security of Rekor.Release Note
Resolves Issue: https://github.com/sigstore/rekor/issues/2163
Documentation