Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI (Buildkite): for the signed pipeline test, use signature_file instead of signature #41706

Merged
merged 2 commits into from
Jul 26, 2021

Conversation

DilumAluthge
Copy link
Member

No description provided.

@DilumAluthge DilumAluthge added ci Continuous integration backport 1.6 Change should be backported to release-1.6 backport 1.7 labels Jul 26, 2021
@DilumAluthge
Copy link
Member Author

DilumAluthge commented Jul 26, 2021

@staticfloat Any idea what's going wrong here? The signature is exactly the same; I've just moved it from signature to a signature_file.

Running plugin cryptic post-command hook

$ /etc/buildkite-agent/plugins/github-com-staticfloat-cryptic-buildkite-plugin/hooks/post-command

2021-07-26 01:43:51 INFO Reading pipeline config from ".buildkite/pipelines/main/launch_unsigned_builders.yml"

2021-07-26 01:43:51 INFO Updating BUILDKITE_COMMIT to "7136cecec04cc53b6cbd371d4bec51bbfb599a45"

2021-07-26 01:43:52 INFO Successfully uploaded and parsed pipeline config

bad magic number

ERROR: Refusing to continue execution; pipeline '.buildkite/pipelines/main/misc/signed_pipeline_test.yml' fails treehash signature check! You may need to re-run cryptic/bin/sign_treehashes!

🚨 Error: The plugin cryptic post-command hook exited with status 1

@DilumAluthge
Copy link
Member Author

DilumAluthge commented Jul 26, 2021

Ah, looks like the signature is Base64-encoded, so I need to Base64-decode it before I write it to the file at signature_file.

Here's the code I used:

import Base64

function base64_decode_signature_file(filename::AbstractString)
    str = read(filename, String)
    b = Base64.base64decode(str)
    rm(filename; force = true)
    open(filename, "w") do io 
        write(io, b)
    end
    return nothing
end

And then you can run it with:

base64_decode_signature_file(".buildkite/pipelines/main/misc/signed_pipeline_test.yml.signature")

@DilumAluthge DilumAluthge marked this pull request as ready for review July 26, 2021 02:13
@DilumAluthge DilumAluthge requested a review from a team as a code owner July 26, 2021 02:13
@DilumAluthge DilumAluthge removed the request for review from a team July 26, 2021 02:19
@DilumAluthge DilumAluthge merged commit f7f46af into master Jul 26, 2021
@DilumAluthge DilumAluthge deleted the dpa/signature_file branch July 26, 2021 02:20
KristofferC pushed a commit that referenced this pull request Jul 26, 2021
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
KristofferC pushed a commit that referenced this pull request Jul 26, 2021
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
@KristofferC KristofferC mentioned this pull request Jul 26, 2021
75 tasks
KristofferC pushed a commit that referenced this pull request Aug 31, 2021
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
KristofferC pushed a commit that referenced this pull request Sep 3, 2021
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
@KristofferC KristofferC removed the backport 1.6 Change should be backported to release-1.6 label Sep 7, 2021
staticfloat pushed a commit that referenced this pull request Dec 23, 2022
…stead of `signature` (#41706)

* CI (Buildkite): for the signed pipeline test, use `signature_file` instead of `signature`

* Base64-decode the signature before writing it to the signature file

(cherry picked from commit f7f46af)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci Continuous integration
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants