[arch-commits] Commit in rekor/trunk (PKGBUILD fix-expired-tuf-root.patch)

Christian Rebischke shibumi at gemini.archlinux.org
Sat Jan 1 01:59:40 UTC 2022 

    Date: Saturday, January 1, 2022 @ 01:59:39
  Author: shibumi
Revision: 1091390

upgpkg: rekor 0.4.0-1 fix: tuf root expiration

Added:
  rekor/trunk/fix-expired-tuf-root.patch
Modified:
  rekor/trunk/PKGBUILD

----------------------------+
 PKGBUILD                   |   15 ++---
 fix-expired-tuf-root.patch |  118 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+), 8 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2022-01-01 01:59:19 UTC (rev 1091389)
+++ PKGBUILD	2022-01-01 01:59:39 UTC (rev 1091390)
@@ -2,8 +2,8 @@
 # Maintainer: Christian Rebischke <chris.rebischke at archlinux.org>
 
 pkgname=rekor
-pkgver=0.3.0
-pkgrel=2
+pkgver=0.4.0
+pkgrel=1
 pkgdesc="Signature Transparency Log -- Sigstore client and server tools"
 arch=('x86_64')
 url="https://github.com/sigstore/rekor"
@@ -11,14 +11,13 @@
 makedepends=('go' 'git')
 checkdepends=('openssh')
 source=("${pkgname}-${pkgver}.tar.gz::https://github.com/sigstore/rekor/archive/v${pkgver}.tar.gz"
-        # fix for shell completions
-        https://github.com/sigstore/rekor/pull/417/commits/45e972db2f16873f39d56ce10076c09a01d2f807.patch)
-sha256sums=('13a320256b2dffb21dd97c95d7284c71e98d3f4f5a582f9e35cfe40852242ea8'
-            '06ba3e91f4262fd556c2d722aee15f91b97057878cdf59479a02be54477b2f62')
+        "fix-expired-tuf-root.patch")
+sha256sums=('19c369f88d846098fb3895948af493f73c97f7211fd1714f9f77ab4395beef4d'
+            '1a39711c28f904409ed7e9027a0e2d7a41e1ddc3395703126df7c17f97f3b162')
 
 prepare() {
-  cd "${pkgname}-${pkgver}"
-  patch -Np1 -i ../45e972db2f16873f39d56ce10076c09a01d2f807.patch
+    cd "${pkgname}-${pkgver}"
+    patch -Np1 -i ../fix-expired-tuf-root.patch
 }
 
 build() {

Added: fix-expired-tuf-root.patch
===================================================================
--- fix-expired-tuf-root.patch	                        (rev 0)
+++ fix-expired-tuf-root.patch	2022-01-01 01:59:39 UTC (rev 1091390)
@@ -0,0 +1,118 @@
+diff --git a/pkg/pki/tuf/tuf_test.go b/pkg/pki/tuf/tuf_test.go
+index c244dc1..0668333 100644
+--- a/pkg/pki/tuf/tuf_test.go
++++ b/pkg/pki/tuf/tuf_test.go
+@@ -20,8 +20,22 @@ import (
+ 	"io"
+ 	"os"
+ 	"testing"
++	"time"
++
++	"github.com/theupdateframework/go-tuf/verify"
+ )
+ 
++func patchIsExpired() func() {
++	// Patch out the IsExpired to make the tests stable :)
++	old := verify.IsExpired
++	verify.IsExpired = func(t time.Time) bool {
++		return false
++	}
++	return func() {
++		verify.IsExpired = old
++	}
++}
++
+ func TestReadPublicKey(t *testing.T) {
+ 	// Tests reading a valid public key (root.json)
+ 	type test struct {
+@@ -37,6 +51,9 @@ func TestReadPublicKey(t *testing.T) {
+ 		{caseDesc: "Valid TUF root.json", inputFile: "testdata/1.root.json", errorFound: false, specVersion: "1.0"},
+ 	}
+ 
++	// Patch out the expired function to make tests stable :)
++	defer patchIsExpired()()
++
+ 	for _, tc := range tests {
+ 		file, err := os.Open(tc.inputFile)
+ 		if err != nil {
+@@ -101,6 +118,9 @@ func TestCanonicalValue(t *testing.T) {
+ 		t.Errorf("CanonicalValue did not error out for uninitialized key")
+ 	}
+ 
++	// Patch out the expired function to make tests stable :)
++	defer patchIsExpired()()
++
+ 	tests := []test{
+ 		{caseDesc: "root", input: "testdata/1.root.json", output: "testdata/reformat.1.root.json", match: true},
+ 	}
+@@ -115,7 +135,7 @@ func TestCanonicalValue(t *testing.T) {
+ 
+ 		inputKey, err := NewPublicKey(inputFile)
+ 		if err != nil {
+-			t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
++			t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err)
+ 		}
+ 
+ 		cvInput, err := inputKey.CanonicalValue()
+@@ -130,7 +150,7 @@ func TestCanonicalValue(t *testing.T) {
+ 
+ 		outputKey, err := NewPublicKey(outputFile)
+ 		if err != nil {
+-			t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
++			t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err)
+ 		}
+ 
+ 		cvOutput, err := outputKey.CanonicalValue()
+@@ -159,6 +179,8 @@ func TestVerifySignature(t *testing.T) {
+ 		{caseDesc: "Valid root.json, unsigned root.json", keyFile: "testdata/1.root.json", sigFile: "testdata/unsigned_root.json", verified: false},
+ 	}
+ 
++	defer patchIsExpired()()
++
+ 	for _, tc := range tests {
+ 		keyFile, err := os.Open(tc.keyFile)
+ 		if err != nil {
+diff --git a/pkg/types/tuf/v0.0.1/entry_test.go b/pkg/types/tuf/v0.0.1/entry_test.go
+index dd1b899..ffb8843 100644
+--- a/pkg/types/tuf/v0.0.1/entry_test.go
++++ b/pkg/types/tuf/v0.0.1/entry_test.go
+@@ -26,6 +26,7 @@ import (
+ 	"net/http/httptest"
+ 	"reflect"
+ 	"testing"
++	"time"
+ 
+ 	"github.com/go-openapi/runtime"
+ 	"github.com/go-openapi/strfmt"
+@@ -33,10 +34,22 @@ import (
+ 	"github.com/sigstore/rekor/pkg/generated/models"
+ 	"github.com/sigstore/rekor/pkg/types"
+ 	"github.com/theupdateframework/go-tuf/data"
++	"github.com/theupdateframework/go-tuf/verify"
+ 
+ 	"go.uber.org/goleak"
+ )
+ 
++func patchIsExpired() func() {
++	// Patch out the IsExpired to make the tests stable :)
++	old := verify.IsExpired
++	verify.IsExpired = func(t time.Time) bool {
++		return false
++	}
++	return func() {
++		verify.IsExpired = old
++	}
++}
++
+ func TestMain(m *testing.M) {
+ 	goleak.VerifyTestMain(m)
+ }
+@@ -49,6 +62,8 @@ func TestNewEntryReturnType(t *testing.T) {
+ }
+ 
+ func TestCrossFieldValidation(t *testing.T) {
++	defer patchIsExpired()()
++
+ 	type TestCase struct {
+ 		caseDesc                  string
+ 		entry                     V001Entry

More information about the arch-commits mailing list