Skip to content

Enable setting allow_symlinks on hashing Config and file serializers #486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 25, 2025
Merged

Enable setting allow_symlinks on hashing Config and file serializers #486

merged 3 commits into from
Jun 25, 2025

Conversation

stefanberger
Copy link
Contributor

@stefanberger stefanberger commented Jun 24, 2025
edited
Loading

Add a set_allow_symlinks method to the hashing Config so that this option can be passed onto the file serializers. This method on the Config class seems necessary since its constructor does not have it. Extend the CLI tool with a --allow-symlinks option on all signing and verifying methods and use this option in a scripted test case to test signing of files by following symlinks.

Summary

Checklist
  • All commits are signed-off, using DCO
  • All new code has docstrings and type annotations
  • All new code is covered by tests. Aim for at least 90% coverage. CI is configured to highlight lines not covered by tests.
  • Public facing changes are paired with documentation changes
  • Release note has been added to CHANGELOG.md if needed

@stefanberger
Enable setting allow_symlinks on hashing Config and file serializers
cab39d5 
Add a set_allow_symlinks method to the hashing Config so that this option
can be passed onto the file serializers. This method on the Config class
seems necessary since its constructor does not have it.

Signed-off-by: Stefan Berger <[email protected]>
@stefanberger stefanberger requested review from a team as code owners June 24, 2025 00:19
spencerschrock
spencerschrock reviewed Jun 24, 2025
View reviewed changes
src/model_signing/_cli.py Outdated
Comment on lines 118 to 120
# Decorator for the commonly used option to allow symlinks
_allow_symlinks_option = click.option(
"--allow-symlinks",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quick note that all the other flags are snake case, not kebab

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quick note that all the other flags are snake case, not kebab

Some exceptions do exist ... fixed.

--ignore-paths "../$(basename "${ignorefile}")"

mihaimaruseac
mihaimaruseac previously approved these changes Jun 24, 2025
View reviewed changes
@stefanberger
cli: Add --allow_symlinks option to all signing and verifying methods
da38772 
Add --allow_symlinks option to all signing and verifying methods.

Signed-off-by: Stefan Berger <[email protected]>
@stefanberger
tests: Extend a test script with signing and verifying a symlink'ed file
bf099b8 
Signed-off-by: Stefan Berger <[email protected]>
@mihaimaruseac mihaimaruseac merged commit 5750896 into sigstore:main Jun 25, 2025
51 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock spencerschrock left review comments

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanberger @mihaimaruseac @spencerschrock