Skip to content

trust: Fail less hard when unsupported keys are seen #1424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 5, 2025
Merged

trust: Fail less hard when unsupported keys are seen #1424

merged 1 commit into from
Jun 5, 2025

Conversation

jku
Copy link
Member

@jku jku commented Jun 5, 2025
edited
Loading

Currently verification fails immediately if trusted root contains any unsupported keys. I think it makes more sense to warn and continue as it is possible these keys are not required for verification.

Unfortunately I missed this case when I tested the multiple log support in #1350 :(

@jku
Copy link
Member Author

jku commented Jun 5, 2025

I'm thinking of backporting this fix to a 3.6.x branch:

@jku
trust: Fail less hard when unsupported keys are seen
591ede8 
Currently verification fails immediately if trusted root contains
any unsupported keys. I think it makes more sense to warn and continue
as it is possible these keys are not required for verification.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the fail-softly-on-unsupported-keys branch from 887889c to 591ede8 Compare June 5, 2025 09:56
@jku jku linked an issue Jun 5, 2025 that may be closed by this pull request
current release fails hard if trusted root contains ed25519 #1423
Closed
@jku jku requested a review from woodruffw June 5, 2025 10:14
jku added a commit to jku/sigstore-python that referenced this pull request Jun 5, 2025
@jku
Backport sigstore#1424
2230a07 
Don't fail hard if trusted root contains an unknown key type:
Verification may still succeed so warning is enough.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku mentioned this pull request Jun 5, 2025
Merged
@jku
Copy link
Member Author

jku commented Jun 5, 2025
edited
Loading

Marking this a draft while I do another test with the (future) staging trusted root

EDIT: Tested, looks good to me

woodruffw
woodruffw approved these changes Jun 5, 2025
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @jku!

@woodruffw
Copy link
Member

I'm thinking of backporting this fix to a 3.6.x branch:

Sounds good to me -- I see you opened the backport PR, give me a ping on it when it's ready for review 🙂

@woodruffw woodruffw mentioned this pull request Jun 5, 2025
Closed
@jku jku merged commit 5d9b210 into sigstore:main Jun 5, 2025
23 checks passed
jku added a commit that referenced this pull request Jun 6, 2025
@jku
Backport 1424, prepare 3.6.3 release (#1425)
0f88940 
* Backport #1424

Don't fail hard if trusted root contains an unknown key type:
Verification may still succeed so warning is enough.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

* Prep 3.6.3

This release only contains a small fix for handling of unsupported
keytypes in the trusted root.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>

---------

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

current release fails hard if trusted root contains ed25519
2 participants
@jku @woodruffw