Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New 0.4.0 release #99

Closed
kpcyrd opened this issue Dec 11, 2024 · 10 comments · Fixed by #100
Closed

New 0.4.0 release #99

kpcyrd opened this issue Dec 11, 2024 · 10 comments · Fixed by #100

Comments

@kpcyrd
Copy link
Contributor

kpcyrd commented Dec 11, 2024

Hello!

I'm trying to upload the in-toto crate to Debian, there's some working around I need to do in regards to #77, but cutting a new release of the current git master would already simplify things for me. :)

Thank you very much!
@adityasaky adityasaky mentioned this issue Dec 11, 2024
Merged
@adityasaky
Copy link
Member

Working on it in #100!

@adityasaky
Copy link
Member

https://crates.io/crates/in-toto/0.4.0 is live :)

@kpcyrd
Copy link
Contributor Author

kpcyrd commented Dec 11, 2024

wow, that was fast! :D

@kpcyrd
Copy link
Contributor Author

kpcyrd commented Dec 11, 2024

I noticed LICENSE credits heartsucker in 8a119cb, the author of the derp crate. I couldn't find any related commits, is this intentional or a copy&paste mixup? :) Thank you! (I need to annotate this kind of stuff to make the Debian people happy)

@adityasaky
Copy link
Member

I think it might have been an accidental carry over from using the license off tuf-rs or so? cc @SantiagoTorres

@adityasaky
Copy link
Member

On that subject, should we relicense to apache 2.0 to match other in-toto repos?

@SantiagoTorres
Copy link
Member

This codebase was heavily inspired by heartsucker. I did a subtree split of rs-tuf, and i wasn't sure what was the fair acknowledgement to have here (I'd rather err on acknowledging more).

I think we could relicense, yes. Is this blocking this issue ?

@kpcyrd
Copy link
Contributor Author

kpcyrd commented Dec 11, 2024

ok, thanks for clarifying :) nothing is blocked by this, I've included heartsucker as a copyright holder and the licensing is also fine (but changing to apache-2.0 wouldn't cause any issues either).

@SantiagoTorres
Copy link
Member

ok! will change things over as well :)

@kpcyrd
Copy link
Contributor Author

kpcyrd commented Dec 11, 2024
edited
Loading

The upload of derp is still pending, but I noticed 3 errors with the package I prepared for in-toto. It's difficult to say why this happend and may be due to the specific combination of crate versions that Debian has (note the hashes differ).

But also all of them seem to be related to .tar.gz in some kind of way, so it may be related to /usr/bin/gzip:

---- models::link::metadata::test::deserialize_linkmetadata stdout ----
thread 'models::link::metadata::test::deserialize_linkmetadata' panicked at src/models/link/metadata.rs:299:9:
assertion `left == right` failed
  left: LinkMetadata { name: "", materials: {}, products: {VirtualTargetPath("tests/test_link/foo.tar.gz"): {Sha256: HashValue("50e9b6a9c8822c0bffe69ed0e80b20f05b989ef3f8f12bd47ba17534bea51523")}}, env: None, byproducts: ByProducts { return_value: Some(0), stderr: Some("a foo.py\n"), stdout: Some(""), other_fields: {} }, command: Command(["tar", "zcvf", "foo.tar.gz", "foo.py"]) }
 right: LinkMetadata { name: "", materials: {}, products: {VirtualTargetPath("tests/test_link/foo.tar.gz"): {Sha256: HashValue("52947cb78b91ad01fe81cd6aef42d1f6817e92b9e6936c1e5aabb7c98514f355")}}, env: None, byproducts: ByProducts { return_value: Some(0), stderr: Some("a foo.py\n"), stdout: Some(""), other_fields: {} }, command: Command(["tar", "zcvf", "foo.tar.gz", "foo.py"]) }
stack backtrace:
   0: rust_begin_unwind
             at /usr/src/rustc-1.83.0/library/std/src/panicking.rs:665:5
   1: core::panicking::panic_fmt
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:74:14
   2: core::panicking::assert_failed_inner
   3: core::panicking::assert_failed
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:367:5
   4: in_toto::models::link::metadata::test::deserialize_linkmetadata
             at ./src/models/link/metadata.rs:299:9
   5: in_toto::models::link::metadata::test::deserialize_linkmetadata::{{closure}}
             at ./src/models/link/metadata.rs:262:34
   6: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
   7: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

---- models::link::metadata::test::serialize_linkmetadata stdout ----
thread 'models::link::metadata::test::serialize_linkmetadata' panicked at src/models/link/metadata.rs:258:9:
assertion `left == right` failed
  left: Object {"_type": String("link"), "byproducts": Object {"return-value": Number(0), "stderr": String("a foo.py\n"), "stdout": String("")}, "command": Array [String("tar"), String("zcvf"), String("foo.tar.gz"), String("foo.py")], "environment": Null, "materials": Object {}, "name": String(""), "products": Object {"tests/test_link/foo.tar.gz": Object {"sha256": String("52947cb78b91ad01fe81cd6aef42d1f6817e92b9e6936c1e5aabb7c98514f355")}}}
 right: Object {"_type": String("link"), "byproducts": Object {"return-value": Number(0), "stderr": String("a foo.py\n"), "stdout": String("")}, "command": Array [String("tar"), String("zcvf"), String("foo.tar.gz"), String("foo.py")], "environment": Null, "materials": Object {}, "name": String(""), "products": Object {"tests/test_link/foo.tar.gz": Object {"sha256": String("50e9b6a9c8822c0bffe69ed0e80b20f05b989ef3f8f12bd47ba17534bea51523")}}}
stack backtrace:
   0: rust_begin_unwind
             at /usr/src/rustc-1.83.0/library/std/src/panicking.rs:665:5
   1: core::panicking::panic_fmt
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:74:14
   2: core::panicking::assert_failed_inner
   3: core::panicking::assert_failed
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:367:5
   4: in_toto::models::link::metadata::test::serialize_linkmetadata
             at ./src/models/link/metadata.rs:258:9
   5: in_toto::models::link::metadata::test::serialize_linkmetadata::{{closure}}
             at ./src/models/link/metadata.rs:222:32
   6: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
   7: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

---- models::metadata::tests::serialize_link_metablock stdout ----
thread 'models::metadata::tests::serialize_link_metablock' panicked at src/models/metadata.rs:559:9:
assertion `left == right` failed
  left: Object {"signatures": Array [Object {"keyid": String("e0294a3f17cc8563c3ed5fceb3bd8d3f6bfeeaca499b5c9572729ae015566554"), "sig": String("62918f5f84fca149c15fcbc247a831e0360d33f0d9c8a89e6f623a011a8b807e2b0ef816a37356d966e9ad446ec234efb2b3bb4b04f338c0560d9cdfa1dcba0a")}], "signed": Object {"_type": String("link"), "byproducts": Object {"return-value": Number(0), "stderr": String("a foo.py\n"), "stdout": String("")}, "command": Array [String("tar"), String("zcvf"), String("foo.tar.gz"), String("foo.py")], "environment": Null, "materials": Object {}, "name": String(""), "products": Object {"tests/test_link/foo.tar.gz": Object {"sha256": String("52947cb78b91ad01fe81cd6aef42d1f6817e92b9e6936c1e5aabb7c98514f355")}}}}
 right: Object {"signatures": Array [Object {"keyid": String("e0294a3f17cc8563c3ed5fceb3bd8d3f6bfeeaca499b5c9572729ae015566554"), "sig": String("fc98b2021d1facf68a221a897934abc8efe0cced74d429a58750eb37eec5a40ed1fa2909ec9967a7696100188ab58db5f1835e28aa2a2f26f88b26a8a0e23c0d")}], "signed": Object {"_type": String("link"), "byproducts": Object {"return-value": Number(0), "stderr": String("a foo.py\n"), "stdout": String("")}, "command": Array [String("tar"), String("zcvf"), String("foo.tar.gz"), String("foo.py")], "environment": Null, "materials": Object {}, "name": String(""), "products": Object {"tests/test_link/foo.tar.gz": Object {"sha256": String("50e9b6a9c8822c0bffe69ed0e80b20f05b989ef3f8f12bd47ba17534bea51523")}}}}
stack backtrace:
   0: rust_begin_unwind
             at /usr/src/rustc-1.83.0/library/std/src/panicking.rs:665:5
   1: core::panicking::panic_fmt
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:74:14
   2: core::panicking::assert_failed_inner
   3: core::panicking::assert_failed
             at /usr/src/rustc-1.83.0/library/core/src/panicking.rs:367:5
   4: in_toto::models::metadata::tests::serialize_link_metablock
             at ./src/models/metadata.rs:559:9
   5: in_toto::models::metadata::tests::serialize_link_metablock::{{closure}}
             at ./src/models/metadata.rs:511:34
   6: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
   7: core::ops::function::FnOnce::call_once
             at /usr/src/rustc-1.83.0/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.


failures:
    models::link::metadata::test::deserialize_linkmetadata
    models::link::metadata::test::serialize_linkmetadata
    models::metadata::tests::serialize_link_metablock

test result: FAILED. 123 passed; 3 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.29s

@kpcyrd kpcyrd changed the title New release New 0.4.0 release Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to v0.4.0 adityasaky/in-toto-rs
3 participants
@SantiagoTorres @kpcyrd @adityasaky