Date: Saturday, January 1, 2022 @ 01:59:39 Author: shibumi Revision: 1091390
upgpkg: rekor 0.4.0-1 fix: tuf root expiration Added: rekor/trunk/fix-expired-tuf-root.patch Modified: rekor/trunk/PKGBUILD ----------------------------+ PKGBUILD | 15 ++--- fix-expired-tuf-root.patch | 118 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 8 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-01-01 01:59:19 UTC (rev 1091389) +++ PKGBUILD 2022-01-01 01:59:39 UTC (rev 1091390) @@ -2,8 +2,8 @@ # Maintainer: Christian Rebischke <chris.rebisc...@archlinux.org> pkgname=rekor -pkgver=0.3.0 -pkgrel=2 +pkgver=0.4.0 +pkgrel=1 pkgdesc="Signature Transparency Log -- Sigstore client and server tools" arch=('x86_64') url="https://github.com/sigstore/rekor" @@ -11,14 +11,13 @@ makedepends=('go' 'git') checkdepends=('openssh') source=("${pkgname}-${pkgver}.tar.gz::https://github.com/sigstore/rekor/archive/v${pkgver}.tar.gz" - # fix for shell completions - https://github.com/sigstore/rekor/pull/417/commits/45e972db2f16873f39d56ce10076c09a01d2f807.patch) -sha256sums=('13a320256b2dffb21dd97c95d7284c71e98d3f4f5a582f9e35cfe40852242ea8' - '06ba3e91f4262fd556c2d722aee15f91b97057878cdf59479a02be54477b2f62') + "fix-expired-tuf-root.patch") +sha256sums=('19c369f88d846098fb3895948af493f73c97f7211fd1714f9f77ab4395beef4d' + '1a39711c28f904409ed7e9027a0e2d7a41e1ddc3395703126df7c17f97f3b162') prepare() { - cd "${pkgname}-${pkgver}" - patch -Np1 -i ../45e972db2f16873f39d56ce10076c09a01d2f807.patch + cd "${pkgname}-${pkgver}" + patch -Np1 -i ../fix-expired-tuf-root.patch } build() { Added: fix-expired-tuf-root.patch =================================================================== --- fix-expired-tuf-root.patch (rev 0) +++ fix-expired-tuf-root.patch 2022-01-01 01:59:39 UTC (rev 1091390) @@ -0,0 +1,118 @@ +diff --git a/pkg/pki/tuf/tuf_test.go b/pkg/pki/tuf/tuf_test.go +index c244dc1..0668333 100644 +--- a/pkg/pki/tuf/tuf_test.go ++++ b/pkg/pki/tuf/tuf_test.go +@@ -20,8 +20,22 @@ import ( + "io" + "os" + "testing" ++ "time" ++ ++ "github.com/theupdateframework/go-tuf/verify" + ) + ++func patchIsExpired() func() { ++ // Patch out the IsExpired to make the tests stable :) ++ old := verify.IsExpired ++ verify.IsExpired = func(t time.Time) bool { ++ return false ++ } ++ return func() { ++ verify.IsExpired = old ++ } ++} ++ + func TestReadPublicKey(t *testing.T) { + // Tests reading a valid public key (root.json) + type test struct { +@@ -37,6 +51,9 @@ func TestReadPublicKey(t *testing.T) { + {caseDesc: "Valid TUF root.json", inputFile: "testdata/1.root.json", errorFound: false, specVersion: "1.0"}, + } + ++ // Patch out the expired function to make tests stable :) ++ defer patchIsExpired()() ++ + for _, tc := range tests { + file, err := os.Open(tc.inputFile) + if err != nil { +@@ -101,6 +118,9 @@ func TestCanonicalValue(t *testing.T) { + t.Errorf("CanonicalValue did not error out for uninitialized key") + } + ++ // Patch out the expired function to make tests stable :) ++ defer patchIsExpired()() ++ + tests := []test{ + {caseDesc: "root", input: "testdata/1.root.json", output: "testdata/reformat.1.root.json", match: true}, + } +@@ -115,7 +135,7 @@ func TestCanonicalValue(t *testing.T) { + + inputKey, err := NewPublicKey(inputFile) + if err != nil { +- t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err) ++ t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err) + } + + cvInput, err := inputKey.CanonicalValue() +@@ -130,7 +150,7 @@ func TestCanonicalValue(t *testing.T) { + + outputKey, err := NewPublicKey(outputFile) + if err != nil { +- t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err) ++ t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err) + } + + cvOutput, err := outputKey.CanonicalValue() +@@ -159,6 +179,8 @@ func TestVerifySignature(t *testing.T) { + {caseDesc: "Valid root.json, unsigned root.json", keyFile: "testdata/1.root.json", sigFile: "testdata/unsigned_root.json", verified: false}, + } + ++ defer patchIsExpired()() ++ + for _, tc := range tests { + keyFile, err := os.Open(tc.keyFile) + if err != nil { +diff --git a/pkg/types/tuf/v0.0.1/entry_test.go b/pkg/types/tuf/v0.0.1/entry_test.go +index dd1b899..ffb8843 100644 +--- a/pkg/types/tuf/v0.0.1/entry_test.go ++++ b/pkg/types/tuf/v0.0.1/entry_test.go +@@ -26,6 +26,7 @@ import ( + "net/http/httptest" + "reflect" + "testing" ++ "time" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" +@@ -33,10 +34,22 @@ import ( + "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/types" + "github.com/theupdateframework/go-tuf/data" ++ "github.com/theupdateframework/go-tuf/verify" + + "go.uber.org/goleak" + ) + ++func patchIsExpired() func() { ++ // Patch out the IsExpired to make the tests stable :) ++ old := verify.IsExpired ++ verify.IsExpired = func(t time.Time) bool { ++ return false ++ } ++ return func() { ++ verify.IsExpired = old ++ } ++} ++ + func TestMain(m *testing.M) { + goleak.VerifyTestMain(m) + } +@@ -49,6 +62,8 @@ func TestNewEntryReturnType(t *testing.T) { + } + + func TestCrossFieldValidation(t *testing.T) { ++ defer patchIsExpired()() ++ + type TestCase struct { + caseDesc string + entry V001Entry