Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fulcio, _sign: Request certificates via CSR #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 3, 2022
Merged

fulcio, _sign: Request certificates via CSR #80

merged 4 commits into from
Jun 3, 2022

Conversation

tetsuo-cpp
Copy link
Contributor

Closes #29

@tetsuo-cpp tetsuo-cpp marked this pull request as draft May 11, 2022 00:41
@tetsuo-cpp
Copy link
Contributor Author

Marking as a draft so we don't merge it. This is ready to go as soon as support gets rolled out to prod Fulcio.

@woodruffw
Copy link
Member

Thanks, and sorry for the churn!

di
di previously approved these changes May 11, 2022
View reviewed changes
@di
Copy link
Member

di commented Jun 1, 2022

FYI the GCB failure is due to the prod environment not supporting CSRs yet:

Step #1: Traceback (most recent call last):
Step #1:   File "/workspace/sigstore/_internal/fulcio/client.py", line 214, in post
Step #1:     resp.raise_for_status()
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/requests/models.py", line 960, in raise_for_status
Step #1:     raise HTTPError(http_error_msg, response=self)
Step #1: requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://fulcio.sigstore.dev/api/v1/signingCert

di
di previously approved these changes Jun 1, 2022
View reviewed changes
@di
Copy link
Member

di commented Jun 1, 2022

GCB is now failing because this needs #84:

Step #1: Traceback (most recent call last):
Step #1:   File "/usr/local/lib/python3.10/runpy.py", line 196, in _run_module_as_main
Step #1:     return _run_code(code, main_globals, None,
Step #1:   File "/usr/local/lib/python3.10/runpy.py", line 86, in _run_code
Step #1:     exec(code, run_globals)
Step #1:   File "/workspace/sigstore/__main__.py", line 22, in <module>
Step #1:     main()
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/click/core.py", line 1130, in __call__
Step #1:     return self.main(*args, **kwargs)
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/click/core.py", line 1055, in main
Step #1:     rv = self.invoke(ctx)
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
Step #1:     return _process_result(sub_ctx.command.invoke(sub_ctx))
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
Step #1:     return ctx.invoke(self.callback, **ctx.params)
Step #1:   File "/builder/home/.local/lib/python3.10/site-packages/click/core.py", line 760, in invoke
Step #1:     return __callback(*args, **kwargs)
Step #1:   File "/workspace/sigstore/_cli.py", line 209, in _sign
Step #1:     result = sign(
Step #1:   File "/workspace/sigstore/_sign.py", line 94, in sign
Step #1:     certificate_response = fulcio.signing_cert.post(certificate_request, identity_token)
Step #1:   File "/workspace/sigstore/_internal/fulcio/client.py", line 227, in post
Step #1:     raise FulcioClientError("Fulcio response did not include a SCT header")
Step #1: sigstore._internal.fulcio.client.FulcioClientError: Fulcio response did not include a SCT header

@woodruffw
Copy link
Member

I guess in that case we could merge this, given that it's now "working" in the sense that it's not the thing that's missing anymore 🙂

@woodruffw woodruffw marked this pull request as ready for review June 1, 2022 18:09
@woodruffw woodruffw mentioned this pull request Jun 3, 2022
Closed
@woodruffw woodruffw added the component:signing Core signing functionality label Jun 3, 2022
@woodruffw woodruffw merged commit 6f5620e into main Jun 3, 2022
@woodruffw woodruffw deleted the alex/csr-support branch June 3, 2022 04:13
javanlacerda pushed a commit to javanlacerda/sigstore-python that referenced this pull request Feb 23, 2024
@tetsuo-cpp
conftest: Add --identity-token option back (sigstore#80)
3c8881f 
* conftest: Add `--identity-token` option back

Signed-off-by: Alex Cameron <[email protected]>

* workflows: Remove unnecessary `pull_request_target` trigger and token permission

Signed-off-by: Alex Cameron <[email protected]>

---------

Signed-off-by: Alex Cameron <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

@di di di left review comments

Assignees
No one assigned
Labels
component:signing Core signing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Request certificates via CSR
3 participants
@tetsuo-cpp @woodruffw @di