Skip to content

Check the existence and version of Sigstore CLI #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hugovk merged 3 commits into from
Nov 25, 2024
Merged

Check the existence and version of Sigstore CLI #194

hugovk merged 3 commits into from
Nov 25, 2024

Conversation

@sethmlarson
Copy link
Collaborator

@sethmlarson sethmlarson commented Nov 19, 2024

Closes #179, long-term solution is to do all the signing on the RM machine. This will do for now to catch fixable mistakes.

@sethmlarson sethmlarson requested a review from hugovk November 19, 2024 22:46
@hugovk
Copy link
Member

hugovk commented Nov 20, 2024

Looks good, thanks.

Testing, first I uninstalled sigstore CLI from the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1333, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1329, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 327, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.x:

Then installed sigstore<3 (2.1.5) on the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1333, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1329, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 327, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.x: sigstore 2.1.5

Then installed sigstore==3.4.0 on the server:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
✅  Checking Sigstore CLI

Re: #177 (comment): now #193 has been merged (to send Sigstore CLI verification to stdout, not stderr), is sigstore 3.x enough? And we don't need 3.5+?

@sethmlarson
Copy link
Collaborator Author

sethmlarson commented Nov 20, 2024

And we don't need 3.5+?

You're right, we should make sure it's up-to-date to avoid last-second issues. Let me make the version check handle that.

hugovk
hugovk reviewed Nov 20, 2024
View reviewed changes
@sethmlarson sethmlarson requested a review from hugovk November 20, 2024 16:35
hugovk
hugovk approved these changes Nov 20, 2024
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Testing again, not installed:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later:

sigstore-2.1.5:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later: sigstore 2.1.5

sigstore-3.4.0:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
💥  Checking Sigstore CLI
Traceback (most recent call last):
  File "/Users/hugo/github/release-tools/run_release.py", line 1336, in <module>
    main()
  File "/Users/hugo/github/release-tools/run_release.py", line 1332, in main
    automata.run()
  File "/Users/hugo/github/release-tools/run_release.py", line 245, in run
    raise e from None
  File "/Users/hugo/github/release-tools/run_release.py", line 242, in run
    self.current_task(self.db)
  File "/Users/hugo/github/release-tools/release.py", line 126, in __call__
    return getattr(self, "function")(db)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/hugo/github/release-tools/run_release.py", line 330, in check_sigstore_client
    raise ReleaseException(
ReleaseException: Sigstore version not detected or not valid. Expecting 3.5.x or later: sigstore 3.4.0

sigstore-3.5.1:

✅  Checking autoconf is available
✅  Validating ssh connection to downloads.nyc1.psf.io and docs.nyc1.psf.io
✅  Checking Sigstore CLI

@hugovk hugovk merged commit 24c1a0d into python:master Nov 25, 2024
9 checks passed
@hugovk hugovk mentioned this pull request Oct 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hugovk hugovk hugovk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Downloads server: "No module named sigstore"

2 participants

@sethmlarson @hugovk