Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] error updating to TUF remote mirror: invalid key #688

Closed
ianlewis opened this issue May 15, 2024 · 0 comments · Fixed by #689
Closed

[bug] error updating to TUF remote mirror: invalid key #688

ianlewis opened this issue May 15, 2024 · 0 comments · Fixed by #689
Assignees
@ianlewis
Labels
bug Something isn't working

Comments

@ianlewis
Copy link
Owner

The action fails to verify the todos release because of a slsa-verifier error.

failed to verify binary provenance: slsa-verifier exited 1: Verifying artifact /home/runner/work/_temp/c636ba64-6059-4a02-8b79-c73795340ffb: FAILED: error retrieving Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
	"mirror": "https://tuf-repo-cdn.sigstore.dev",
	"metadata": {
		"root.json": {
			"version": 9,
			"len": 6766,
			"expiration": "12 Sep 24 06:53 UTC",
			"error": ""
		},
		"snapshot.json": {
			"version": 140,
			"len": 2300,
			"expiration": "04 Jun 24 16:07 UTC",
			"error": ""
		},
		"targets.json": {
			"version": 9,
			"len": 5478,
			"expiration": "12 Sep 24 06:13 UTC",
			"error": ""
		},
		"timestamp.json": {
			"version": 185,
			"len": 723,
			"expiration": "21 May 24 16:07 UTC",
			"error": ""
		}
	}
}

FAILED: SLSA verification failed: error retrieving Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
	"mirror": "https://tuf-repo-cdn.sigstore.dev",
	"metadata": {
		"root.json": {
			"version": 9,
			"len": 6766,
			"expiration": "12 Sep 24 06:53 UTC",
			"error": ""
		},
		"snapshot.json": {
			"version": 140,
			"len": 2300,
			"expiration": "04 Jun 24 16:07 UTC",
			"error": ""
		},
		"targets.json": {
			"version": 9,
			"len": 5478,
			"expiration": "12 Sep 24 06:13 UTC",
			"error": ""
		},
		"timestamp.json": {
			"version": 185,
			"len": 723,
			"expiration": "21 May 24 16:07 UTC",
			"error": ""
		}
	}
}
@ianlewis ianlewis added the bug Something isn't working label May 15, 2024
@ianlewis ianlewis self-assigned this May 15, 2024
@ianlewis ianlewis changed the title [bug] [bug] error updating to TUF remote mirror: invalid key May 15, 2024
@ianlewis ianlewis transferred this issue from ianlewis/todos May 15, 2024
@ianlewis ianlewis mentioned this issue May 15, 2024
Merged
7 tasks
@ianlewis ianlewis linked a pull request May 15, 2024 that will close this issue
fix: Update slsa-verifier version #689
Merged
7 tasks
ianlewis added a commit that referenced this issue May 15, 2024
@ianlewis
fix: Update slsa-verifier version (#689)
613c53d 
<!-- markdownlint-disable first-line-h1 -->

**Description:**

Updates the `slsa-verifier` version used to verify the `todos` release.


**Related Issues:**

Fixes #688 

**Checklist:**

- [x] Review the [CONTRIBUTING.md](../blob/main/CONTRIBUTING.md)
documentation.
- [x] Add a reference to a related issue in the repository.
- [x] Add a description of the changes proposed in the pull request.
- [x] Add unit tests if applicable.
- [x] Update documentation if applicable.
- [x] Add a note in the [CHANGELOG.md](../blob/main/CHANGELOG.md) if
applicable.
- [x] Sign the [Google
CLA](https://cla.developers.google.com/about/google-corporate).

---------

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ianlewis ianlewis

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Update slsa-verifier version ianlewis/todo-issue-reopener
1 participant
@ianlewis