Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a temporary hack to always generate sha512 prefixed artifacts #409

Closed
wants to merge 2 commits into from

Conversation

jku
Copy link
Member

@jku jku commented Aug 22, 2024

This is done even if sha512 is not used in the metadata:

  • sigstore-java assumes this prefix is used
  • this temporary fix means sigstore root-signing does not need to break a client without warning

Leaving this a draft until I've tested

This is done even if sha512 is not used in the metadata:
* sigstore-java assumes this prefix is used
* this temporary fix means sigstore root-signing does not need
  to break a client without warning
@jku
Copy link
Member Author

jku commented Aug 22, 2024

I've tested, seems to work. I think we could consider:

  • merging this, release a 0.12.1
  • deploying that in root-signing-staging, re-running online-sign: this should make the test during publish pass

@jku jku marked this pull request as ready for review August 22, 2024 08:07
@jku jku force-pushed the add-hack-for-sigstore-java branch from 06c0715 to ddbd7aa Compare August 22, 2024 08:19
@jku
Copy link
Member Author

jku commented Aug 22, 2024

making draft in light of current discussion in sigstore/root-signing-staging#161: maybe we don't need this

@jku jku marked this pull request as draft August 22, 2024 08:24
@jku jku closed this Aug 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant