Make GPGSigner.sign return Signature #486
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Adds two private conversion helpers to translate from the old signature format to Signature and vice-versa, i.e. - change "signature" field name to "sig", - list additional gpg signature field "other_headers" under Signature's "unrecognized_fields" The helpers are used in GPGSigner.sign and (in a follow-up PR) in GPGKey.verify_signature. Also removes the no longer needed GPGSignature class. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
force-pushed
the
fix-GPGSigner
branch
from
7c7ad2c
to
2a22f9f
Compare
6 tasks
|
Although: the serialized signature format contains some extra fields when created with GPGSigner, right? It would be nice if these were obvious in the tests (this is fine to leave for future IMO) |
|
@jku, let me know if the last commit roughly aligns with what you had in mind. |
Assert that GPG Signature instances have the correct extra field, and test conversion to and from legacy format. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
lukpueh
force-pushed
the
fix-GPGSigner
branch
from
2920d8b
to
863ebeb
Compare
|
Yeah LGTM. It's not clear from the test what is actually in the custom data but it's now visible to reader that there's something there: I'm happy with that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #448
Closes #471
Description of the changes being introduced by the pull request:
GPGSigner.sign now returns Signature, which maps to a in-toto and tuf spec compliant signature object. The lower level gpg signing and verifying API stays as is, to allow existing gpg users (in-toto) to create and verify signature using the old format.
This is an acceptable API break, because GPGSigner is not yet used by in-toto or python-tuf.
To make
GPGSigneruseable for tuf and DSSE (#370) a spec compatible GPGKey implementation will be added in a follow-up PR.Please verify and check that the pull request fulfils the following requirements: