-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tests are failing #88
Comments
I need to root-cause further, but the underlying error here is "correct" in the sense that checkpoints are required in the inclusion proof format, as specified in the bundle: Current SWAG is that these bundles are old, and don't include that checkpoint for whatever reason (which makes them technically invalid, although most clients probably didn't bother to check for it/enforce it if non-present). |
@steiza How did you generate |
That's correct, at the time I was running sigstore-python 1.1.2. |
Gotcha, then this is our mess -- sorry for the confusion! I think things should work if you re-generate that bundle using the current release candidate -- I'll also look into a more permanent resolution here, but that should unstick things on the PR itself. |
I'll do that, but do note there are other non-bundle tests that failed when self-test was most recently run on
|
Thanks -- it looks like something else is off about the ambient credential detection; I'll look into that as well. |
sigstore/sigstore-python#705 should improve the bundle handling on the |
Some of the failures here are also potentially observed regressions from sigstore/sigstore-python@04f8fc1; the next RC I do will include that fix. (This would also explain why the conformance suite is failing here, but not on sigstore-python's own repo.) |
#89 should have all of the fixes that the conformance suite needs; it's blocked on the aforementioned |
I'm using the 2.0.0rc1 of sigstore-python:
I ran just the bundle verification (with signing skipped - so we don't need a valid
identity-token
) to get the full command that was failing:I ran just that command locally:
It looks like that functionality landed in https://github.com/sigstore/sigstore-python/pull/634/files, which was between the sigstore-python 1.1.2 and 2.0.0rc1 releases.
... but again, I'm not sure what the right next step is. Where should the checkpoint information be coming from? Or maybe sigstore-python expecting something that really should be optional?
Originally posted by @steiza in #82 (comment)
The text was updated successfully, but these errors were encountered: