Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(attestation): change default to NOT download cosign outside of setup flow #49

Merged
merged 7 commits into from
Oct 11, 2023
Merged

fix(attestation): change default to NOT download cosign outside of setup flow #49

merged 7 commits into from
Oct 11, 2023

Conversation

MyNameIsMeerkat
Copy link
Contributor

Issue

Addressing issue raised in #27

Description

Chalk no longer downloads cosign by default outside of the chalk setup flow. Previously plugins/system.nim's lookup of the location of the cosign binary caused cosign to be downloaded if it's path could not be determined. The default behaviour is now that lookups of cosign location will no longer initiate a download unless specifically requested. The chalk setup flow will still download cosign as part of its setup process if it cannot be found locally.

Testing

Run any chalk operation with --trace enabled and see that no cosign download takes place

Run chalk --trace setup with no local cosign and see that a download takes place

@MyNameIsMeerkat MyNameIsMeerkat added the bug Something isn't working label Oct 10, 2023
@MyNameIsMeerkat MyNameIsMeerkat self-assigned this Oct 10, 2023
viega
viega previously approved these changes Oct 10, 2023
View reviewed changes
Copy link
Contributor

@viega viega left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Worked great for me, I'd probably ask you to clean up per my first comment there, but otherwise it's good to go and I don't need to look at it again.

src/attestation.nim Outdated Show resolved Hide resolved
src/configs/attestation.c4m
@@ -54,12 +56,12 @@ func install_cosign() {
return false
}

func load_attestation_binary() {
func load_attestation_binary(download_if_not_present: bool) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The : bool there should be redundant; I'd expect it to be inferred from the body since the body is unambiguous, but let me know if it does break (it certainly is fine to be explicit about the type here, I don't
think this needs to change).

@MyNameIsMeerkat MyNameIsMeerkat marked this pull request as ready for review October 11, 2023 14:20
viega
viega approved these changes Oct 11, 2023
View reviewed changes
Copy link
Contributor

@viega viega left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per previous review.

@MyNameIsMeerkat MyNameIsMeerkat merged commit 79ed303 into main Oct 11, 2023
2 checks passed
@MyNameIsMeerkat MyNameIsMeerkat deleted the mynameismeerkat/fix_always_download_cosign branch October 11, 2023 19:17
@MyNameIsMeerkat MyNameIsMeerkat mentioned this pull request Oct 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viega viega viega approved these changes

@miki725 miki725 Awaiting requested review from miki725

@nettrino nettrino Awaiting requested review from nettrino

Assignees

@MyNameIsMeerkat MyNameIsMeerkat

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MyNameIsMeerkat @viega