Date: Saturday, January 1, 2022 @ 01:59:39
Author: shibumi
Revision: 1091390
upgpkg: rekor 0.4.0-1 fix: tuf root expiration
Added:
rekor/trunk/fix-expired-tuf-root.patch
Modified:
rekor/trunk/PKGBUILD
----------------------------+
PKGBUILD | 15 ++---
fix-expired-tuf-root.patch | 118 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 125 insertions(+), 8 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-01-01 01:59:19 UTC (rev 1091389)
+++ PKGBUILD 2022-01-01 01:59:39 UTC (rev 1091390)
@@ -2,8 +2,8 @@
# Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org>
pkgname=rekor
-pkgver=0.3.0
-pkgrel=2
+pkgver=0.4.0
+pkgrel=1
pkgdesc="Signature Transparency Log -- Sigstore client and server tools"
arch=('x86_64')
url="https://github.com/sigstore/rekor";
@@ -11,14 +11,13 @@
makedepends=('go' 'git')
checkdepends=('openssh')
source=("${pkgname}-${pkgver}.tar.gz::https://github.com/sigstore/rekor/archive/v${pkgver}.tar.gz";
- # fix for shell completions
-
https://github.com/sigstore/rekor/pull/417/commits/45e972db2f16873f39d56ce10076c09a01d2f807.patch)
-sha256sums=('13a320256b2dffb21dd97c95d7284c71e98d3f4f5a582f9e35cfe40852242ea8'
- '06ba3e91f4262fd556c2d722aee15f91b97057878cdf59479a02be54477b2f62')
+ "fix-expired-tuf-root.patch")
+sha256sums=('19c369f88d846098fb3895948af493f73c97f7211fd1714f9f77ab4395beef4d'
+ '1a39711c28f904409ed7e9027a0e2d7a41e1ddc3395703126df7c17f97f3b162')
prepare() {
- cd "${pkgname}-${pkgver}"
- patch -Np1 -i ../45e972db2f16873f39d56ce10076c09a01d2f807.patch
+ cd "${pkgname}-${pkgver}"
+ patch -Np1 -i ../fix-expired-tuf-root.patch
}
build() {
Added: fix-expired-tuf-root.patch
===================================================================
--- fix-expired-tuf-root.patch (rev 0)
+++ fix-expired-tuf-root.patch 2022-01-01 01:59:39 UTC (rev 1091390)
@@ -0,0 +1,118 @@
+diff --git a/pkg/pki/tuf/tuf_test.go b/pkg/pki/tuf/tuf_test.go
+index c244dc1..0668333 100644
+--- a/pkg/pki/tuf/tuf_test.go
++++ b/pkg/pki/tuf/tuf_test.go
+@@ -20,8 +20,22 @@ import (
+ "io"
+ "os"
+ "testing"
++ "time"
++
++ "github.com/theupdateframework/go-tuf/verify"
+ )
+
++func patchIsExpired() func() {
++ // Patch out the IsExpired to make the tests stable :)
++ old := verify.IsExpired
++ verify.IsExpired = func(t time.Time) bool {
++ return false
++ }
++ return func() {
++ verify.IsExpired = old
++ }
++}
++
+ func TestReadPublicKey(t *testing.T) {
+ // Tests reading a valid public key (root.json)
+ type test struct {
+@@ -37,6 +51,9 @@ func TestReadPublicKey(t *testing.T) {
+ {caseDesc: "Valid TUF root.json", inputFile:
"testdata/1.root.json", errorFound: false, specVersion: "1.0"},
+ }
+
++ // Patch out the expired function to make tests stable :)
++ defer patchIsExpired()()
++
+ for _, tc := range tests {
+ file, err := os.Open(tc.inputFile)
+ if err != nil {
+@@ -101,6 +118,9 @@ func TestCanonicalValue(t *testing.T) {
+ t.Errorf("CanonicalValue did not error out for uninitialized
key")
+ }
+
++ // Patch out the expired function to make tests stable :)
++ defer patchIsExpired()()
++
+ tests := []test{
+ {caseDesc: "root", input: "testdata/1.root.json", output:
"testdata/reformat.1.root.json", match: true},
+ }
+@@ -115,7 +135,7 @@ func TestCanonicalValue(t *testing.T) {
+
+ inputKey, err := NewPublicKey(inputFile)
+ if err != nil {
+- t.Errorf("%v: Error reading input for
TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
++ t.Errorf("%v: Error reading input for
TestCanonicalValue: %v", tc.caseDesc, err)
+ }
+
+ cvInput, err := inputKey.CanonicalValue()
+@@ -130,7 +150,7 @@ func TestCanonicalValue(t *testing.T) {
+
+ outputKey, err := NewPublicKey(outputFile)
+ if err != nil {
+- t.Errorf("%v: Error reading input for
TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
++ t.Errorf("%v: Error reading input for
TestCanonicalValue: %v", tc.caseDesc, err)
+ }
+
+ cvOutput, err := outputKey.CanonicalValue()
+@@ -159,6 +179,8 @@ func TestVerifySignature(t *testing.T) {
+ {caseDesc: "Valid root.json, unsigned root.json", keyFile:
"testdata/1.root.json", sigFile: "testdata/unsigned_root.json", verified:
false},
+ }
+
++ defer patchIsExpired()()
++
+ for _, tc := range tests {
+ keyFile, err := os.Open(tc.keyFile)
+ if err != nil {
+diff --git a/pkg/types/tuf/v0.0.1/entry_test.go
b/pkg/types/tuf/v0.0.1/entry_test.go
+index dd1b899..ffb8843 100644
+--- a/pkg/types/tuf/v0.0.1/entry_test.go
++++ b/pkg/types/tuf/v0.0.1/entry_test.go
+@@ -26,6 +26,7 @@ import (
+ "net/http/httptest"
+ "reflect"
+ "testing"
++ "time"
+
+ "github.com/go-openapi/runtime"
+ "github.com/go-openapi/strfmt"
+@@ -33,10 +34,22 @@ import (
+ "github.com/sigstore/rekor/pkg/generated/models"
+ "github.com/sigstore/rekor/pkg/types"
+ "github.com/theupdateframework/go-tuf/data"
++ "github.com/theupdateframework/go-tuf/verify"
+
+ "go.uber.org/goleak"
+ )
+
++func patchIsExpired() func() {
++ // Patch out the IsExpired to make the tests stable :)
++ old := verify.IsExpired
++ verify.IsExpired = func(t time.Time) bool {
++ return false
++ }
++ return func() {
++ verify.IsExpired = old
++ }
++}
++
+ func TestMain(m *testing.M) {
+ goleak.VerifyTestMain(m)
+ }
+@@ -49,6 +62,8 @@ func TestNewEntryReturnType(t *testing.T) {
+ }
+
+ func TestCrossFieldValidation(t *testing.T) {
++ defer patchIsExpired()()
++
+ type TestCase struct {
+ caseDesc string
+ entry V001Entry
