Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: blob sign command #1128

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

feat: blob sign command #1128

wants to merge 21 commits into from

Conversation

Two-Hearts
Copy link
Contributor

@Two-Hearts Two-Hearts commented Dec 27, 2024
edited
Loading

This PR adds notation blob sign command with E2E tests.

It's an implementation of spec: https://github.com/notaryproject/notation/blob/main/specs/commandline/blob.md#notation-blob-sign

@Two-Hearts
blob signing
1619d18 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
blob signing
5870423 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
update
c6da7dc 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
Merge branch 'notaryproject:main' into blobsign
c13744e
@Two-Hearts
add tests
97c3fcd 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix test
f0db92f 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix test
9cf65b8 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e test
e8fe8c6 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
add e2e tests
cb997c7 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
add e2e tests
07d0ffb 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e tests
cf40ba2 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e test
1051ad4 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
add more e2e tests
cf5fecb 
Signed-off-by: Patrick Zheng <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Dec 27, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 90.95477% with 18 lines in your changes missing coverage. Please review.

Project coverage is 72.50%. Comparing base (fd00032) to head (bc8f710).

Files with missing lines Patch % Lines
cmd/notation/blob/sign.go 90.05% 14 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1128      +/-   ##
==========================================
+ Coverage   70.79%   72.50%   +1.70%     
==========================================
  Files          48       50       +2     
  Lines        2945     3139     +194     
==========================================
+ Hits         2085     2276     +191     
- Misses        668      670       +2     
- Partials      192      193       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Two-Hearts
add more e2e tests
fc4dcfc 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
fix e2e test
576a286 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts
add more tests
0c984a0 
Signed-off-by: Patrick Zheng <[email protected]>
shizhMSFT
shizhMSFT reviewed Dec 27, 2024
View reviewed changes
specs/commandline/blob.md Outdated Show resolved Hide resolved
specs/commandline/blob.md Outdated Show resolved Hide resolved
internal/cmd/signer.go Outdated Show resolved Hide resolved
@Two-Hearts Two-Hearts requested a review from shizhMSFT December 31, 2024 03:21
@Two-Hearts
fix e2e test
752afe6 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts Two-Hearts closed this Jan 6, 2025
@Two-Hearts
resolve conflicts
c30e199 
Signed-off-by: Patrick Zheng <[email protected]>
@Two-Hearts Two-Hearts reopened this Jan 6, 2025
@Two-Hearts
update
bc8f710 
Signed-off-by: Patrick Zheng <[email protected]>
JeyJeyGao
JeyJeyGao reviewed Jan 7, 2025
View reviewed changes
cmd/notation/blob/sign.go
return err
}
signaturePath := signatureFilepath(cmdOpts.signatureDirectory, cmdOpts.blobPath, cmdOpts.SignatureFormat)
fmt.Printf("Writing signature to file %s\n", signaturePath)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it better to be a debug log?

cmd/notation/blob/sign.go
}
if !isRoot {
return notation.SignBlobOptions{}, fmt.Errorf("certificate from %q is not a root certificate. Expecting single x509 root certificate in PEM or DER format from the file", opts.tsaRootCertificatePath)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

empty line.

Suggested change

cmd/notation/blob/sign.go
Comment on lines +220 to +240
rootCerts, err := corex509.ReadCertificateFile(opts.tsaRootCertificatePath)
if err != nil {
return notation.SignBlobOptions{}, err
}
if len(rootCerts) == 0 {
return notation.SignBlobOptions{}, fmt.Errorf("cannot find any certificate from %q. Expecting single x509 root certificate in PEM or DER format from the file", opts.tsaRootCertificatePath)
}
if len(rootCerts) > 1 {
return notation.SignBlobOptions{}, fmt.Errorf("found more than one certificates from %q. Expecting single x509 root certificate in PEM or DER format from the file", opts.tsaRootCertificatePath)
}
tsaRootCert := rootCerts[0]
isRoot, err := nx509.IsRootCertificate(tsaRootCert)
if err != nil {
return notation.SignBlobOptions{}, fmt.Errorf("failed to check root certificate with error: %w", err)
}
if !isRoot {
return notation.SignBlobOptions{}, fmt.Errorf("certificate from %q is not a root certificate. Expecting single x509 root certificate in PEM or DER format from the file", opts.tsaRootCertificatePath)

}
rootCAs := x509.NewCertPool()
rootCAs.AddCert(tsaRootCert)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may need to function for preparing TSA root cert and can be shared in both OCI signing and blob signing command to reduce repeated code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JeyJeyGao JeyJeyGao JeyJeyGao left review comments

@gokarnm gokarnm Awaiting requested review from gokarnm gokarnm is a code owner

@NiazFK NiazFK Awaiting requested review from NiazFK NiazFK is a code owner

@priteshbandi priteshbandi Awaiting requested review from priteshbandi priteshbandi is a code owner

@rgnote rgnote Awaiting requested review from rgnote rgnote is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

@vaninrao10 vaninrao10 Awaiting requested review from vaninrao10 vaninrao10 is a code owner

@yizha1 yizha1 Awaiting requested review from yizha1 yizha1 is a code owner

@shizhMSFT shizhMSFT Awaiting requested review from shizhMSFT shizhMSFT is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Two-Hearts @shizhMSFT @JeyJeyGao