Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI (Buildkite): for the signed pipeline test, use signature_file instead of signature #41706

Merged
merged 2 commits into from
Jul 26, 2021
Merged

CI (Buildkite): for the signed pipeline test, use signature_file instead of signature #41706

merged 2 commits into from
Jul 26, 2021

Conversation

DilumAluthge
Copy link
Member

No description provided.

@DilumAluthge DilumAluthge added ci Continuous integration backport 1.6 Change should be backported to release-1.6 backport 1.7 labels Jul 26, 2021
@DilumAluthge
Copy link
Member Author

DilumAluthge commented Jul 26, 2021
edited
Loading

@staticfloat Any idea what's going wrong here? The signature is exactly the same; I've just moved it from signature to a signature_file.

Running plugin cryptic post-command hook

$ /etc/buildkite-agent/plugins/github-com-staticfloat-cryptic-buildkite-plugin/hooks/post-command

2021-07-26 01:43:51 INFO Reading pipeline config from ".buildkite/pipelines/main/launch_unsigned_builders.yml"

2021-07-26 01:43:51 INFO Updating BUILDKITE_COMMIT to "7136cecec04cc53b6cbd371d4bec51bbfb599a45"

2021-07-26 01:43:52 INFO Successfully uploaded and parsed pipeline config

bad magic number

ERROR: Refusing to continue execution; pipeline '.buildkite/pipelines/main/misc/signed_pipeline_test.yml' fails treehash signature check! You may need to re-run cryptic/bin/sign_treehashes!

🚨 Error: The plugin cryptic post-command hook exited with status 1

@DilumAluthge
Copy link
Member Author

DilumAluthge commented Jul 26, 2021
edited
Loading

Ah, looks like the signature is Base64-encoded, so I need to Base64-decode it before I write it to the file at signature_file.

Here's the code I used:

import Base64

function base64_decode_signature_file(filename::AbstractString)
    str = read(filename, String)
    b = Base64.base64decode(str)
    rm(filename; force = true)
    open(filename, "w") do io 
        write(io, b)
    end
    return nothing
end

And then you can run it with:

base64_decode_signature_file(".buildkite/pipelines/main/misc/signed_pipeline_test.yml.signature")

@DilumAluthge DilumAluthge marked this pull request as ready for review July 26, 2021 02:13
@DilumAluthge DilumAluthge requested a review from a team as a code owner July 26, 2021 02:13
@DilumAluthge DilumAluthge removed the request for review from a team July 26, 2021 02:19
@DilumAluthge DilumAluthge merged commit f7f46af into master Jul 26, 2021
@DilumAluthge DilumAluthge deleted the dpa/signature_file branch July 26, 2021 02:20
KristofferC pushed a commit that referenced this pull request Jul 26, 2021
@DilumAluthge @KristofferC
CI (Buildkite): for the signed pipeline test, use signature_file in…
2b70808 
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
@KristofferC KristofferC mentioned this pull request Jul 26, 2021
Merged
82 tasks
KristofferC pushed a commit that referenced this pull request Jul 26, 2021
@DilumAluthge @KristofferC
CI (Buildkite): for the signed pipeline test, use signature_file in…
383a5a8 
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
@KristofferC KristofferC mentioned this pull request Jul 26, 2021
Merged
75 tasks
@KristofferC KristofferC mentioned this pull request Aug 25, 2021
Merged
63 tasks
KristofferC pushed a commit that referenced this pull request Aug 31, 2021
@DilumAluthge @KristofferC
CI (Buildkite): for the signed pipeline test, use signature_file in…
1fcfde6 
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
KristofferC pushed a commit that referenced this pull request Sep 3, 2021
@DilumAluthge @KristofferC
CI (Buildkite): for the signed pipeline test, use signature_file in…
5a62f7b 
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
@KristofferC KristofferC removed the backport 1.6 Change should be backported to release-1.6 label Sep 7, 2021
staticfloat pushed a commit that referenced this pull request Dec 23, 2022
@DilumAluthge @staticfloat
CI (Buildkite): for the signed pipeline test, use signature_file in…
8d12c98 
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci Continuous integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DilumAluthge @KristofferC