Closed kommendorkapten closed 3 months ago
kommendorkapten@m1m14:~/git/root-signing % git status
On branch add-npm
nothing to commit, working tree clean
kommendorkapten@m1m14:~/git/root-signing % ./verify repository --repository ./repository --staged
STAGED METADATA
Outputting metadata verification at ./repository...
Verifying root.json...
Contains 0/3 valid signatures from the current staged metadata
Contains 0/3 valid signatures from the previous root
root version 9, expires 2024/09/12
Verifying targets.json...
Contains 0/3 valid signatures from the current staged metadata
targets version 9, expires 2024/09/12
Verifying registry.npmjs.org.json...
Success! Signatures valid and threshold achieved
registry.npmjs.org version 3, expires 2024/09/12
Summary
Added the npm delegation, versioned bumped and signed, no other changes.
Look for: Version: 3
1.registry.npmjs.json
keys.json
should not have changed since previous version.ecdsa
intargets.json
Note the signature of
registry.npm.json
contains signatures with both new and old key id (key id changed as the key type was updated), I added that because during test last week, theverify
command did behave strange when only the new key id was there, it only verified correctly ~1/3 so it seems that the key ids are confused internally in the tool as they refer to the same key.Release Note
N/A
Documentation
N/A