You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Verification of some present signatures (for any signing events). This is "verifying staged metadata" in here.
Verification of a full entire-ty of metadata. This is the verify metadata without the staged sub-command.
Idea:
Separate verification commands ./scripts/verify-signing.sh or ./scripts/verify-snapshot-timestamp.sh or ./scripts/verify-metadata.sh, ./scripts/verify-keys.sh, or give a select prompt if we want to maintain the single ./scripts/verify.sh` entrypoint. Document what users are expected to do in the different PR scenarios.
Separate the VerifyCmd to VerifyStagedCmd and VerifyRepositoryCmd to make it clear/subcommands.
Version
The text was updated successfully, but these errors were encountered:
@kommendorkapten also brings the point of when verifying newly initialized metadata and we don't expect any sigs, we are also looking to identify other properties than keys: is the data well-formed? what are the expiries? This isn't handled by any of the commands right now.
Also: that probably makes sense under verifyStagedMetadata. Verifying signatures probably should be called verifySignatures at a top-level
cc @kommendorkapten
Description
Currently, verifiers run something like:
This script runs an entire suite of verification commands that can apply to any type of PR run or repository (incomplete, complete).
root-signing/scripts/verify.sh
Lines 55 to 66 in 4c151b3
Instead, there are really only a few types of events verifiers need to look for:
root-signing/cmd/verify/app/keys.go
Line 182 in 4c151b3
Idea:
./scripts/verify-signing.sh
or./scripts/verify-snapshot-timestamp.sh
or./scripts/verify-metadata.sh
, ./scripts/verify-keys.sh, or give a select prompt if we want to maintain the single
./scripts/verify.sh` entrypoint. Document what users are expected to do in the different PR scenarios.VerifyCmd
toVerifyStagedCmd
andVerifyRepositoryCmd
to make it clear/subcommands.Version
The text was updated successfully, but these errors were encountered: