Skip to content

Add more tests #537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mihaimaruseac merged 3 commits into from
Oct 9, 2025
Merged

Add more tests #537

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
07ed5ed
tests: Add test cases for signatures created by v1.0.1
stefanberger Oct 7, 2025
fe79da5
tests: Add testing of signatures across many different library versions
stefanberger Oct 7, 2025
cd61a6a
tests: Add suffix .sh to all bash scripted tests
stefanberger Oct 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
290 changes: 290 additions & 0 deletions scripts/tests/test-sign-verify-allversions.sh
View file
Open in desktop
Comment thread
mihaimaruseac marked this conversation as resolved.
Original file line number Diff line number Diff line change
@@ -0,0 +1,290 @@
#!/usr/bin/env bash

TMPDIR=$(mktemp -d) || exit 1
MODELDIR="${TMPDIR}/model"

signfile1="${MODELDIR}/signme-1"
signfile2="${MODELDIR}/signme-2"
ignorefile="${MODELDIR}/ignore"

cleanup()
{
rm -rf "${TMPDIR}"
}
trap cleanup EXIT QUIT

mkdir "${MODELDIR}" || exit 1
echo "signme-1" > "${signfile1}"
echo "signme-2" > "${signfile2}"
echo "ignore" > "${ignorefile}"

sigfile_key="${TMPDIR}/model.sig-key"
sigfile_certificate="${TMPDIR}/model.sig-certificate"
sigfile_sigstore="${TMPDIR}/model.sig-sigstore"

TOKENPROJ="${TMPDIR}/tokenproj"
mkdir -p "${TOKENPROJ}" || exit 1
token_file="${TOKENPROJ}/oidc-token.txt"

VENV="${TMPDIR}/venv"


# Create a signature with the currently active library

echo -n "Using model_signing tool: "
type -P model_signing

echo -n "Use version of model_signing tool for signing: "
model_signing --version

echo

echo "Signing with 'key' method"

if ! python -m model_signing \
sign key \
--signature "${sigfile_key}" \
--private_key ./keys/certificate/signing-key.pem \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" || \
test ! -f "${sigfile_key}"; then
echo "Error: 'sign key' failed"
exit 1
fi

echo "Signing with 'certificate' method"

if ! python -m model_signing \
sign certificate \
--signature "${sigfile_certificate}" \
--private_key ./keys/certificate/signing-key.pem \
--signing_certificate ./keys/certificate/signing-key-cert.pem \
--certificate_chain ./keys/certificate/int-ca-cert.pem \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" || \
test ! -f "${sigfile_certificate}"; then
echo "Error: 'sign certificate' failed"
exit 1
fi

echo "Getting OIDC test-token for sigstore signing"
if ! out=$(git clone \
--single-branch \
--branch current-token \
--depth 1 \
https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon \
"${TOKENPROJ}" 2>&1);
then
echo "git clone failed"
echo "${out}"
exit 1
fi

echo "Signing with 'sigstore' method"
if ! python -m model_signing \
sign sigstore \
--signature "${sigfile_sigstore}" \
--identity_token "$(cat "${token_file}")" \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" || \
test ! -f ${sigfile_sigstore}; then
echo "Error: 'sign sigstore' failed"
exit 1
fi

# Setup and activate a venv
echo -e "\nSetting up $(python --version) venv"

python -m venv "${VENV}" || exit 1
source "${VENV}/bin/activate"

echo -e "Done\n"

# Install the following versions from pypi
for version in v1.0.1 v1.0.0 v0.3.1 v0.3.0; do

if ! out=$(pip install "model-signing==${version}" 2>&1); then
echo "pip install failed"
echo "${out}"
exit 1
fi

#Force usage of sigstore v3.6.5 on older model-signing versions
case "${version}" in
v1.0.1|v1.0.0|v0.3.1|v0.3.0)
if ! out=$(pip install sigstore==v3.6.5 2>&1); then
echo "pip install of sigstore v3.6.5 failed"
echo "${out}"
exit 1
fi
;;
*)
esac

echo -n "Testing signature verification with version from pypi: "
model_signing --version

echo "Testing 'verify key' method"
if ! out=$(python -m model_signing \
verify key \
--signature "${sigfile_key}" \
--public_key ./keys/certificate/signing-key-pub.pem \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" 2>&1); then
echo "Error: 'verify key' failed with ${version}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed:"
echo "${out}"
exit 1
fi

case "${version}" in
v0.3.1 | v0.3.0)
# cannot verify
echo "Skipping 'verify certificate' method"
;;
*)
echo "Testing 'verify certificate' method"
if ! out=$(python -m model_signing \
verify certificate \
--signature "${sigfile_certificate}" \
--certificate_chain ./keys/certificate/ca-cert.pem \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" 2>&1); then
echo "Error: 'verify certificate' failed with ${version}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed:"
echo "${out}"
exit 1
fi
esac

echo "Testing 'verify sigstore' method"
if ! out=$(python -m model_signing \
verify sigstore \
--signature "${sigfile_sigstore}" \
--identity https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main \
--identity_provider https://token.actions.githubusercontent.com \
--ignore-paths "${ignorefile}" \
"${MODELDIR}" 2>&1); then
echo "Error: 'verify sigstore' failed with ${version}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed:"
echo "${out}"
exit 1
fi

# Check against pre-created signatures
# v represents version of the library that created a signature in the past
for v in v1.0.1 v1.0.0 v0.3.1 v0.2.0; do

# key method
modeldir=${v}-elliptic-key
modeldir_sign=${modeldir}

case "${version}-${v}" in
v0.3.1-v1.0.1)
# v0.3.1 cannot verify signatures created by v1.0.1
;;
*-v0.3.1|*-v1.0.0)
# These versions signed only a single file
modeldir_sign="${modeldir}/signme-1"
;& # fallthrough
*)
if [ -d "${modeldir}" ]; then
echo "Testing 'verify key' method with signature created by ${v}"
if ! out=$(python -m model_signing \
verify key \
--signature "${modeldir}/model.sig" \
--public_key ./keys/certificate/signing-key-pub.pem \
--ignore-paths "${modeldir}/ignore-me" \
"${modeldir_sign}" 2>&1); then
echo "Error: 'verify key' failed with ${version} on ${modeldir}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed on ${modeldir}:"
echo "${out}"
exit 1
fi
fi
;;
esac

# certificate method
modeldir=${v}-certificate

case "${version}-${v}" in
v0.3.0-*|v0.3.1-*|v1.0.0-v0.2.0)
# cannot verify
;;
*)
if [ -d "${modeldir}" ]; then
echo "Testing 'verify certificate' method with signature created by ${v}"
if ! out=$(python -m model_signing \
verify certificate \
--signature "${modeldir}/model.sig" \
--certificate_chain ./keys/certificate/ca-cert.pem \
--ignore-paths "${modeldir}/ignore-me" \
"${modeldir}" 2>&1); then
echo "Error: 'verify certificate' failed with ${version} on ${modeldir}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed on ${modeldir}:"
echo "${out}"
exit 1
fi
fi
;;
esac

# sigstore method
modeldir=${v}-sigstore

case "${version}-${v}" in
v0.3.1-v1.0.1|v0.3.1-v0.3.1|v0.3.1-v1.0.0)
# cannot verify
;;
*)
if [ -d "${modeldir}" ]; then
echo "Testing 'verify sigstore' method with signature created by ${v}"
if ! out=$(python -m model_signing \
verify sigstore \
--signature "${modeldir}/model.sig" \
--identity_provider https://sigstore.verify.ibm.com/oauth2 \
--identity stefanb@us.ibm.com \
--ignore-paths "${modeldir}/ignore-me" \
"${modeldir}" 2>&1); then
echo "Error: 'verify sigstore' failed with ${version} on ${modeldir}"
echo "${out}"
exit 1
fi
if ! grep -q "succeeded" <<< "${out}"; then
echo "verification failed on ${modeldir}:"
echo "${out}"
exit 1
fi
fi
;;
esac
done

echo
done

# deactivate the venv
deactivate

exit 0
0 scripts/tests/test-sign-verify → scripts/tests/test-sign-verify.sh
View file
Open in desktop
File renamed without changes.
0 scripts/tests/test-verify-v0.2.0-certificate → ...s/tests/test-verify-v0.2.0-certificate.sh
View file
Open in desktop
File renamed without changes.
0 scripts/tests/test-verify-v0.3.1-certificate → ...s/tests/test-verify-v0.3.1-certificate.sh
View file
Open in desktop
File renamed without changes.
0 ...pts/tests/test-verify-v0.3.1-elliptic-key → .../tests/test-verify-v0.3.1-elliptic-key.sh
View file
Open in desktop
File renamed without changes.
0 scripts/tests/test-verify-v0.3.1-sigstore → scripts/tests/test-verify-v0.3.1-sigstore.sh
View file
Open in desktop
File renamed without changes.
0 scripts/tests/test-verify-v1.0.0-certificate → ...s/tests/test-verify-v1.0.0-certificate.sh
View file
Open in desktop
File renamed without changes.
0 ...pts/tests/test-verify-v1.0.0-elliptic-key → .../tests/test-verify-v1.0.0-elliptic-key.sh
View file
Open in desktop
File renamed without changes.
0 scripts/tests/test-verify-v1.0.0-sigstore → scripts/tests/test-verify-v1.0.0-sigstore.sh
View file
Open in desktop
File renamed without changes.
14 changes: 14 additions & 0 deletions scripts/tests/test-verify-v1.0.1-certificate.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env bash

echo "Testing 'verify certificate'"
if ! python -m model_signing \
verify certificate \
--ignore-paths ./v1.0.1-certificate/ignore-me \
--signature ./v1.0.1-certificate/model.sig \
--certificate_chain ./keys/certificate/ca-cert.pem \
./v1.0.1-certificate/; then
echo "Error: 'verify certificate' failed on v1.0.1"
exit 1
fi

exit 0
14 changes: 14 additions & 0 deletions scripts/tests/test-verify-v1.0.1-elliptic-key.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env bash

echo "Testing 'verify key'"
if ! python -m model_signing \
verify key \
--ignore-paths ./v1.0.1-elliptic-key/ignore-me \
--signature ./v1.0.1-elliptic-key/model.sig \
--public_key ./keys/certificate/signing-key-pub.pem \
./v1.0.1-elliptic-key ; then
echo "Error: 'verify key' failed on v1.0.1"
exit 1
fi

exit 0
32 changes: 32 additions & 0 deletions scripts/tests/test-verify-v1.0.1-sigstore.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/usr/bin/env bash

echo "Testing 'verify sigstore'"
if ! python -m model_signing \
verify sigstore \
--identity stefanb@us.ibm.com \
--identity_provider https://sigstore.verify.ibm.com/oauth2 \
--ignore-paths ./v1.0.1-sigstore/ignore-me \
--signature ./v1.0.1-sigstore/model.sig \
./v1.0.1-sigstore/; then
echo "Error: 'verify sigstore' failed on v1.0.1"
exit 1
fi

pushd v1.0.1-sigstore 1>/dev/null || exit 1

echo
echo "Testing 'verify sigstore' while in model directory"
if ! python -m model_signing \
verify sigstore \
--identity stefanb@us.ibm.com \
--identity_provider https://sigstore.verify.ibm.com/oauth2 \
--ignore-paths ignore-me \
--signature model.sig \
. ; then
echo "Error: 'verify sigstore' failed on v1.0.1"
exit 1
fi

popd 1>/dev/null || exit 1

exit 0
Empty file added scripts/tests/v1.0.1-certificate/ignore-me
View file
Open in desktop
Empty file.
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-certificate/model.sig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"x509CertificateChain": {"certificates": [{"rawBytes": "MIIDDDCCAXSgAwIBAgIUblNG5LBtNM+Xg4avMF8lrv8LZ1UwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAxMPaW50ZXJtZWRpYXRlLWNhMB4XDTI1MDUwMjIzMzYyOFoXDTM1MDQzMDIzMzYyOFowGjEYMBYGA1UEAxMPaW50ZXJtZWRpYXRlLWNhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsu6rZGBTjxtvRWPMixT+3HyndV0J0YbtaHZUcO4DEK+OJHO/4e32bb/fbJKSpRgcBsIpKLcVijUomyFOERbd7u+BTPSUjGZDQq6J7lTvp/EAXQGOKxW9RP0MGX3qAkvio3gwdjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUGV7tAU7upBa+IVpuvDtUidPhKs8wHwYDVR0jBBgwFoAU8Y+MvYW26MAbiuYGhdsWnumU0zIwDQYJKoZIhvcNAQELBQADggGBAGXV0hCrcexX7mtcyP85ACBNSUVH7lNcUenan4DJevw4KbK22c/taf+VG/QLZ7/08AbsoHfhlpBSgTidg/62e6Cu8PISDFT67Kw1AnOCBynKYabWopCvNey++yu7sXg6IDHMb5ePKPFLOY4WhI5febcFeTxBKjMo/Il1gTzVwVK45QoWliTIqxBlFS2DUe4NODNwysLpFr6oeQsP2oRMow1BG1UbCzmn+NGCKOXpQOCdFd0epASoMxZrk8ZEtLPRctcMeb7prfVX6QK5YFZMNMCU0FFci/f8RT11VFdfj8nNXi/6t/aOSZo45Q4TVMi2FijA/jAnykGiNgn1IaCNSQ5Z5xXSwCJp8KjsqVZgv6yjPO62Oj2pR1OxdhYE06YqwwD3dVkQ/+6O/ygqeWACqHXBnMVnPawhxbzBkovWg3lMfbShq9IktAGa7LM0tBvSs3R02zGFD6OaD93hJXEIRJf97/NWpCl7FXspLyfpJVnAtBd1g6DOyBHVkaNxoSWzAw=="}, {"rawBytes": "MIIEHTCCAoWgAwIBAgIUSd+dJ4nS63JskKys4/XmTtBri4UwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEAxMHcm9vdC1jYTAeFw0yNTA1MDIyMzM2MjhaFw0zNTA0MzAyMzM2MjhaMBoxGDAWBgNVBAMTD2ludGVybWVkaWF0ZS1jYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK7LNuadUjxuZH0rAim9ev3TvR4uSix9mKtHHqwzz3zPXuQXzwJ5Wy7GfXNds+aVD4Bwv5NQQHWdTAlZT+7K0CiMIPozRDTVWQKYZZwyCM4km6eZKDHxzLkm3fLDd56a1ISV4+ERZsS+DWV3Y9ukZPx9doa1XGLd3oq8o4/TwmNAL+rM0npxgegEYYX2DGnqHYiFkS+FdjKIRycFh+dyR6qW5IZ5FW4FMt4WynrMp7jWaiLnphyRs+6Xs+zTo3c+dLS82qlLCBkrI1AREx87y4nAnFMPtVi9+2f76YZ9ABykovUY6ddFKCFplD4lkvc+klhFi6DSq3sDZb06gTDV/cl9p2hc8jCF9SYVPhkRSHSBO/XhojOjQ4ZuNFCyCfaz1KPqK8/hK0OvMh43ZNcyiKy4GYaLQsRl2diOS8O04Ak0+twoKfo7fw5hTYuQ8sc3/8B54W3aOael/730Jko8YeQfl1E2Y10Iyhf6ZbBDwWjs9JcOAXZVMTw+1RCW8mwSfwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQU8Y+MvYW26MAbiuYGhdsWnumU0zIwHwYDVR0jBBgwFoAUEELDx1e2M0ueamhpxKFPLWXvjaUwDQYJKoZIhvcNAQELBQADggGBAIUEX+jqSQu1gu6OUWegIBt3g//DkazkR76tQKf+BYb9QixNbHA9DvmK9r76tfedq4fFnVKeFbhAqWy+waIDVLZsKWiOj3cIeOon/oZCK3hGtK4q36h0yMsy6AQkfNXjIAFgGhIGEQcDq0kgDmdHutHPxjPu77DmMdT0DIczJYKQJpfrs8Al0xiDmdVEsmbRnd9RyI+bcPc9bfkRkOuRIAwt6IIWgA1gEFSTtRaTxjXfRIdmz2A0MTpYLNTEvPdsDdxzhTVZelNI582rhWc/MaXcX5xULbsGJyWobtXcBZfb/9IJi9MBtWWp/t5+/PCuIWVHgG8MtnI0EdBXIiTcLH/XJMrRGrvjZW20nyD2nZl5L+qeDGkpSfGJ6dBVaDuVliSAj0emondZobXI/ypntpxqtWquZCkbBMQ69dUWE3vIh1aQpleSrAvbukZBzvk5FXfVF2T6/TY7HQjUcuURpoAnMtwM8FwrBixFhKGlRpFJjdIVUerT1RrZkvHO5qlgHg=="}]}}, "dsseEnvelope": {"payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YxIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAidjEuMC4xLWNlcnRpZmljYXRlIiwKICAgICAgImRpZ2VzdCI6IHsKICAgICAgICAic2hhMjU2IjogIjYxZDQ4NDlkOWQ5MDA3NmQ2MjE1ZjRkNTI1ZjEzZDY1NzRhZjhlM2Y2N2FlZjNlNmYzNmZjNDBhMTRmZGQyMjYiCiAgICAgIH0KICAgIH0KICBdLAogICJwcmVkaWNhdGVUeXBlIjogImh0dHBzOi8vbW9kZWxfc2lnbmluZy9zaWduYXR1cmUvdjEuMCIsCiAgInByZWRpY2F0ZSI6IHsKICAgICJzZXJpYWxpemF0aW9uIjogewogICAgICAibWV0aG9kIjogImZpbGVzIiwKICAgICAgImhhc2hfdHlwZSI6ICJzaGEyNTYiLAogICAgICAiYWxsb3dfc3ltbGlua3MiOiBmYWxzZQogICAgfSwKICAgICJyZXNvdXJjZXMiOiBbCiAgICAgIHsKICAgICAgICAiYWxnb3JpdGhtIjogInNoYTI1NiIsCiAgICAgICAgImRpZ2VzdCI6ICJmNjMxMDA2NmM3MzIwNDk3ZWE1NTQyNjBjMzJjNDM2NjBiZmY2NDhjYjJhNjExOTQ4MzJjYzA4NjA3NzA4NWUxIiwKICAgICAgICAibmFtZSI6ICJzaWdubWUtMSIKICAgICAgfSwKICAgICAgewogICAgICAgICJhbGdvcml0aG0iOiAic2hhMjU2IiwKICAgICAgICAiZGlnZXN0IjogIjMyZGNiMWY4ZTFhZTUyZDU5NjNlNTZhNmJhMDZhYjU4YjQyNGMxNWVkMmE2YjcwZDJmZWNhMWQwODkzNzAwMjgiLAogICAgICAgICJuYW1lIjogInNpZ25tZS0yIgogICAgICB9CiAgICBdCiAgfQp9", "payloadType": "application/vnd.in-toto+json", "signatures": [{"sig": "MGUCMQCNFlyjcZCmKu6SPnmKb2+dAf0FVVdCkfEpRVl/RVzMiVNtaZOlkbpCph11fNv+6GICMFWkKGUvBO/cyK0M96ECzixB3lLWVcbtqabK4PMb9ls2HCTPweM4mYwGvPJSAeCjRg==", "keyid": null}]}}
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-certificate/signme-1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
signme-1
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-certificate/signme-2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
signme-2
Empty file added scripts/tests/v1.0.1-elliptic-key/ignore-me
View file
Open in desktop
Empty file.
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-elliptic-key/model.sig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"publicKey": {"rawBytes": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUhZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUNJRFlnQUVzdTZyWkdCVGp4dHZSV1BNaXhUKzNIeW5kVjBKMFlidAphSFpVY080REVLK09KSE8vNGUzMmJiL2ZiSktTcFJnY0JzSXBLTGNWaWpVb215Rk9FUmJkN3UrQlRQU1VqR1pEClFxNko3bFR2cC9FQVhRR09LeFc5UlAwTUdYM3FBa3ZpCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo=", "keyDetails": "PKIX_ECDSA_P384_SHA_384"}}, "dsseEnvelope": {"payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YxIiwKICAic3ViamVjdCI6IFsKICAgIHsKICAgICAgIm5hbWUiOiAidjEuMC4xLWVsbGlwdGljLWtleSIsCiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICI5Mjc0NTExMGIxYWI0MzY4NDcxY2JlMzE2NjRlMTAxNzRlOTU0YjExM2EzZGYzMzNkYjg2MDMxN2IyYzZkZWM0IgogICAgICB9CiAgICB9CiAgXSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL21vZGVsX3NpZ25pbmcvc2lnbmF0dXJlL3YxLjAiLAogICJwcmVkaWNhdGUiOiB7CiAgICAic2VyaWFsaXphdGlvbiI6IHsKICAgICAgIm1ldGhvZCI6ICJmaWxlcyIsCiAgICAgICJoYXNoX3R5cGUiOiAic2hhMjU2IiwKICAgICAgImFsbG93X3N5bWxpbmtzIjogZmFsc2UKICAgIH0sCiAgICAicmVzb3VyY2VzIjogWwogICAgICB7CiAgICAgICAgImFsZ29yaXRobSI6ICJzaGEyNTYiLAogICAgICAgICJkaWdlc3QiOiAiYmM5YTcxN2RiNjA2NGEzMmNiZTllYWU2ZmM0MDY1MWRkNmQzNmVmMTc1NzE4M2Y1OTBlZmYyYjE3NjVkN2ViYyIsCiAgICAgICAgIm5hbWUiOiAic2lnbm1lLTEiCiAgICAgIH0sCiAgICAgIHsKICAgICAgICAiYWxnb3JpdGhtIjogInNoYTI1NiIsCiAgICAgICAgImRpZ2VzdCI6ICIzMmRjYjFmOGUxYWU1MmQ1OTYzZTU2YTZiYTA2YWI1OGI0MjRjMTVlZDJhNmI3MGQyZmVjYTFkMDg5MzcwMDI4IiwKICAgICAgICAibmFtZSI6ICJzaWdubWUtMiIKICAgICAgfQogICAgXQogIH0KfQ==", "payloadType": "application/vnd.in-toto+json", "signatures": [{"sig": "MGUCMCY+xSOJ/caTdPTtCWQG+viwGMeGG4d1qXtwTRGreznTUjBoF6VLUkEj5GVD12gzMQIxAMJuAUgM4jpxys+lFerUvsUFUo4dwHenn280aUAbFSbHiK7casRq/MZw1M44l+/rYQ==", "keyid": null}]}}
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-elliptic-key/signme-1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
signme-1
1 change: 1 addition & 0 deletions scripts/tests/v1.0.1-elliptic-key/signme-2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
signme-2
Empty file added scripts/tests/v1.0.1-sigstore/ignore-me
View file
Open in desktop
Empty file.
Loading
Loading