Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configurable client signing algorithms #1938

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Allow configurable client signing algorithms #1938

wants to merge 4 commits into from
+460 −24

Conversation

ret2libc
Copy link

@ret2libc ret2libc commented Feb 5, 2025

Summary

This PR adds a --client-signing-algorithms flag to Fulcio to restrict what key/hash combinations are allowed.

Closes #1388
This is based on #1517, but I could not mark it as Ready because done by @tetsuo-cpp .

Release Note

Documentation

ret2libc and others added 3 commits January 30, 2025 11:49
@ret2libc @tetsuo-cpp
Allow configurable client signing algorithms
117abc4 
Co-authored-by: Alex Cameron <[email protected]>
Co-authored-by: Riccardo Schirone <[email protected]>
Signed-off-by: Alex Cameron <[email protected]>
Signed-off-by: Riccardo Schirone <[email protected]>
@ret2libc
update go.mod
7c64410 
Signed-off-by: Riccardo Schirone <[email protected]>
@ret2libc
grpc_server_test.go: remove duplicated comment
e65897c 
Signed-off-by: Riccardo Schirone <[email protected]>
@ret2libc ret2libc requested review from a team as code owners February 5, 2025 17:30
@ret2libc ret2libc mentioned this pull request Feb 5, 2025
Draft
@ret2libc
Copy link
Author

ret2libc commented Feb 5, 2025

cc @haydentherapper

@ret2libc ret2libc marked this pull request as draft February 5, 2025 18:02
@ret2libc ret2libc force-pushed the configurable-crypto branch from f046e70 to 5d81096 Compare February 6, 2025 09:33
@ret2libc ret2libc marked this pull request as ready for review February 6, 2025 09:35
@ret2libc
fix tests
277af89 
Signed-off-by: Riccardo Schirone <[email protected]>
@ret2libc ret2libc force-pushed the configurable-crypto branch from 5d81096 to 277af89 Compare February 6, 2025 10:15
@codecov Codecov
Copy link

codecov bot commented Feb 7, 2025

Codecov Report

Attention: Patch coverage is 50.70423% with 35 lines in your changes missing coverage. Please review.

Project coverage is 51.77%. Comparing base (cf238ac) to head (277af89).
Report is 296 commits behind head on main.

Files with missing lines Patch % Lines
pkg/server/grpc_server.go 52.63% 15 Missing and 3 partials ⚠️
cmd/app/serve.go 45.16% 16 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1938      +/-   ##
==========================================
- Coverage   57.93%   51.77%   -6.16%     
==========================================
  Files          50       73      +23     
  Lines        3119     5680    +2561     
==========================================
+ Hits         1807     2941    +1134     
- Misses       1154     2463    +1309     
- Partials      158      276     +118

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow configurable client signing algorithms
1 participant
@ret2libc