From 869cab376e5e8ee67b26b0a3b6d166644a400eb3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 15:10:50 +0000 Subject: [PATCH 1/2] build(deps): bump github.com/ProtonMail/go-crypto from 1.0.0 to 1.1.2 Bumps [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) from 1.0.0 to 1.1.2. - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](https://github.com/ProtonMail/go-crypto/compare/v1.0.0...v1.1.2) --- updated-dependencies: - dependency-name: github.com/ProtonMail/go-crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 47 ++--------------------------------------------- 2 files changed, 3 insertions(+), 46 deletions(-) diff --git a/go.mod b/go.mod index efc43aeb..4462cb34 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/sylabs/sif/v2 go 1.22.8 require ( - github.com/ProtonMail/go-crypto v1.0.0 + github.com/ProtonMail/go-crypto v1.1.2 github.com/google/go-containerregistry v0.20.2 github.com/google/uuid v1.6.0 github.com/sebdah/goldie/v2 v2.5.5 diff --git a/go.sum b/go.sum index c29635cb..13740b74 100644 --- a/go.sum +++ b/go.sum @@ -1,11 +1,9 @@ -github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= -github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= +github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= @@ -74,53 +72,12 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240520151616-dc85e6b867a5 h1:Q2RxlXqh1cgzzUgV261vBO2jI5R/3DD1J2pM0nI4NhU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= From 071c3a8f21e3f331c0d5b608959302b529f45438 Mon Sep 17 00:00:00 2001 From: Adam Hughes <9903835+tri-adam@users.noreply.github.com> Date: Fri, 8 Nov 2024 17:29:09 +0000 Subject: [PATCH 2/2] fix: corpus image generation Add OptSignWithoutPGPSignatureSalt, which disables randomization of signature generation, and use that in the corpus to generate images deterministically. Update corpus images and related golden files to reflect the signatures generated by the new version of go-crypto. --- .../TestApp_Info/DataSignature.golden | 2 +- .../TestApp_List/OneGroupSignedPGP.golden | 2 +- .../TestApp_List/TwoGroupsSignedPGP.golden | 4 +- pkg/integrity/clearsign.go | 15 +++----- pkg/integrity/clearsign_test.go | 4 +- pkg/integrity/sign.go | 35 ++++++++++++------ pkg/integrity/sign_test.go | 24 ++++++++++-- .../Test_command_getInfo/Three/out.golden | 2 +- .../OneGroupSignedPGP/out.golden | 2 +- .../TwoGroupsSignedPGP/out.golden | 4 +- test/images/gen_sifs.go | 3 +- test/images/one-group-signed-pgp.sif | Bin 42014 -> 42008 bytes test/images/two-groups-signed-pgp.sif | Bin 305013 -> 305001 bytes 13 files changed, 62 insertions(+), 35 deletions(-) diff --git a/internal/app/siftool/testdata/TestApp_Info/DataSignature.golden b/internal/app/siftool/testdata/TestApp_Info/DataSignature.golden index cb2859f7..6aa68e5b 100644 --- a/internal/app/siftool/testdata/TestApp_Info/DataSignature.golden +++ b/internal/app/siftool/testdata/TestApp_Info/DataSignature.golden @@ -3,6 +3,6 @@ Group ID: NONE Linked ID: 1 (G) Offset: 303104 - Size: 1054 + Size: 1048 Hash Type: SHA-256 Entity: 12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84 diff --git a/internal/app/siftool/testdata/TestApp_List/OneGroupSignedPGP.golden b/internal/app/siftool/testdata/TestApp_List/OneGroupSignedPGP.golden index 5b663d3e..b03df369 100644 --- a/internal/app/siftool/testdata/TestApp_List/OneGroupSignedPGP.golden +++ b/internal/app/siftool/testdata/TestApp_List/OneGroupSignedPGP.golden @@ -3,4 +3,4 @@ ID |GROUP |LINK |SIF POSITION (start-end) |TYPE ------------------------------------------------------------------------------ 1 |1 |NONE |32768-32772 |FS (Raw/System/386) 2 |1 |NONE |36864-40960 |FS (Squashfs/*System/386) -3 |NONE |1 (G) |40960-42014 |Signature (SHA-256) +3 |NONE |1 (G) |40960-42008 |Signature (SHA-256) diff --git a/internal/app/siftool/testdata/TestApp_List/TwoGroupsSignedPGP.golden b/internal/app/siftool/testdata/TestApp_List/TwoGroupsSignedPGP.golden index 17240ba5..31875e98 100644 --- a/internal/app/siftool/testdata/TestApp_List/TwoGroupsSignedPGP.golden +++ b/internal/app/siftool/testdata/TestApp_List/TwoGroupsSignedPGP.golden @@ -4,5 +4,5 @@ ID |GROUP |LINK |SIF POSITION (start-end) |TYPE 1 |1 |NONE |32768-32772 |FS (Raw/System/386) 2 |1 |NONE |36864-40960 |FS (Squashfs/*System/386) 3 |2 |NONE |40960-303104 |FS (Ext3/System/amd64) -4 |NONE |1 (G) |303104-304158 |Signature (SHA-256) -5 |NONE |2 (G) |304158-305013 |Signature (SHA-256) +4 |NONE |1 (G) |303104-304152 |Signature (SHA-256) +5 |NONE |2 (G) |304152-305001 |Signature (SHA-256) diff --git a/pkg/integrity/clearsign.go b/pkg/integrity/clearsign.go index 4c60c440..a8aa7aa8 100644 --- a/pkg/integrity/clearsign.go +++ b/pkg/integrity/clearsign.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -11,7 +11,6 @@ import ( "crypto" "errors" "io" - "time" "github.com/ProtonMail/go-crypto/openpgp" "github.com/ProtonMail/go-crypto/openpgp/clearsign" @@ -25,14 +24,12 @@ type clearsignEncoder struct { config *packet.Config } -// newClearsignEncoder returns an encoder that signs messages in clear-sign format using entity e. -// If timeFunc is not nil, it is used to generate signature timestamps. -func newClearsignEncoder(e *openpgp.Entity, timeFunc func() time.Time) *clearsignEncoder { +// newClearsignEncoder returns an encoder that signs messages in clear-sign format using entity e, +// according to config. +func newClearsignEncoder(e *openpgp.Entity, config *packet.Config) *clearsignEncoder { return &clearsignEncoder{ - e: e, - config: &packet.Config{ - Time: timeFunc, - }, + e: e, + config: config, } } diff --git a/pkg/integrity/clearsign_test.go b/pkg/integrity/clearsign_test.go index 0de5e321..e164f49a 100644 --- a/pkg/integrity/clearsign_test.go +++ b/pkg/integrity/clearsign_test.go @@ -39,12 +39,12 @@ func Test_clearsignEncoder_signMessage(t *testing.T) { }{ { name: "EncryptedKey", - en: newClearsignEncoder(encrypted, fixedTime), + en: newClearsignEncoder(encrypted, &packet.Config{Time: fixedTime}), wantErr: true, }, { name: "OK", - en: newClearsignEncoder(e, fixedTime), + en: newClearsignEncoder(e, &packet.Config{Time: fixedTime}), de: newClearsignDecoder(openpgp.EntityList{e}), wantHash: crypto.SHA256, }, diff --git a/pkg/integrity/sign.go b/pkg/integrity/sign.go index 002810a8..d6ed339f 100644 --- a/pkg/integrity/sign.go +++ b/pkg/integrity/sign.go @@ -17,6 +17,7 @@ import ( "time" "github.com/ProtonMail/go-crypto/openpgp" + "github.com/ProtonMail/go-crypto/openpgp/packet" "github.com/sigstore/sigstore/pkg/signature" "github.com/sylabs/sif/v2/pkg/sif" ) @@ -179,13 +180,14 @@ func (gs *groupSigner) sign(ctx context.Context) (sif.DescriptorInput, error) { } type signOpts struct { - ss []signature.Signer - e *openpgp.Entity - groupIDs []uint32 - objectIDs [][]uint32 - timeFunc func() time.Time - deterministic bool - ctx context.Context //nolint:containedctx + ss []signature.Signer + e *openpgp.Entity + groupIDs []uint32 + objectIDs [][]uint32 + timeFunc func() time.Time + deterministic bool + ctx context.Context //nolint:containedctx + withoutPGPSignatureSalt bool } // SignerOpt are used to configure so. @@ -257,6 +259,16 @@ func OptSignWithContext(ctx context.Context) SignerOpt { } } +// OptSignWithoutPGPSignatureSalt disables the addition of a salt notation for v4 and v5 PGP keys. +// While this increases determinism, it should be used with caution as the salt notation increases +// protection for certain kinds of attacks. +func OptSignWithoutPGPSignatureSalt() SignerOpt { + return func(so *signOpts) error { + so.withoutPGPSignatureSalt = true + return nil + } +} + // withGroupedObjects splits the objects represented by ids into object groups, and calls fn once // per object group. func withGroupedObjects(f *sif.FileImage, ids []uint32, fn func(uint32, []uint32) error) error { @@ -339,11 +351,10 @@ func NewSigner(f *sif.FileImage, opts ...SignerOpt) (*Signer, error) { case so.ss != nil: en = newDSSEEncoder(so.ss) case so.e != nil: - timeFunc := time.Now - if so.timeFunc != nil { - timeFunc = so.timeFunc - } - en = newClearsignEncoder(so.e, timeFunc) + en = newClearsignEncoder(so.e, &packet.Config{ + Time: so.timeFunc, + NonDeterministicSignaturesViaNotation: packet.BoolPointer(!so.withoutPGPSignatureSalt), + }) commonOpts = append(commonOpts, optSignGroupFingerprint(so.e.PrimaryKey.Fingerprint)) default: return nil, fmt.Errorf("integrity: %w", ErrNoKeyMaterial) diff --git a/pkg/integrity/sign_test.go b/pkg/integrity/sign_test.go index cb878aee..56f02098 100644 --- a/pkg/integrity/sign_test.go +++ b/pkg/integrity/sign_test.go @@ -16,6 +16,7 @@ import ( "testing" "github.com/ProtonMail/go-crypto/openpgp" + "github.com/ProtonMail/go-crypto/openpgp/packet" "github.com/sylabs/sif/v2/pkg/sif" ) @@ -195,7 +196,7 @@ func TestNewGroupSigner(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - en := newClearsignEncoder(getTestEntity(t), fixedTime) + en := newClearsignEncoder(getTestEntity(t), &packet.Config{Time: fixedTime}) s, err := newGroupSigner(en, tt.fi, tt.groupID, tt.opts...) if got, want := err, tt.wantErr; !errors.Is(got, want) { @@ -254,12 +255,12 @@ func TestGroupSigner_Sign(t *testing.T) { } e := getTestEntity(t) - clearsign := newClearsignEncoder(e, fixedTime) + clearsign := newClearsignEncoder(e, &packet.Config{Time: fixedTime}) encrypted := getTestEntity(t) encrypted.PrivateKey.Encrypted = true - clearsignEncrypted := newClearsignEncoder(encrypted, fixedTime) + clearsignEncrypted := newClearsignEncoder(encrypted, &packet.Config{Time: fixedTime}) tests := []struct { name string @@ -449,6 +450,11 @@ func TestNewSigner(t *testing.T) { }, wantErr: sif.ErrNoObjects, }, + { + name: "NoKeyMaterial", + fi: oneGroupImage, + wantErr: ErrNoKeyMaterial, + }, { name: "InvalidObjectID", fi: oneGroupImage, @@ -820,6 +826,18 @@ func TestSigner_Sign(t *testing.T) { OptVerifyWithKeyRing(openpgp.EntityList{e}), }, }, + { + name: "OptSignWithoutPGPSignatureSalt", + inputFile: "one-group.sif", + signOpts: []SignerOpt{ + OptSignWithEntity(e), + OptSignWithTime(fixedTime), + OptSignWithoutPGPSignatureSalt(), + }, + verifyOpts: []VerifierOpt{ + OptVerifyWithKeyRing(openpgp.EntityList{e}), + }, + }, } for _, tt := range tests { diff --git a/pkg/siftool/testdata/Test_command_getInfo/Three/out.golden b/pkg/siftool/testdata/Test_command_getInfo/Three/out.golden index bf5fddca..6be61ddc 100644 --- a/pkg/siftool/testdata/Test_command_getInfo/Three/out.golden +++ b/pkg/siftool/testdata/Test_command_getInfo/Three/out.golden @@ -3,6 +3,6 @@ Group ID: NONE Linked ID: 1 (G) Offset: 40960 - Size: 1054 + Size: 1048 Hash Type: SHA-256 Entity: 12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84 diff --git a/pkg/siftool/testdata/Test_command_getList/OneGroupSignedPGP/out.golden b/pkg/siftool/testdata/Test_command_getList/OneGroupSignedPGP/out.golden index 5b663d3e..b03df369 100644 --- a/pkg/siftool/testdata/Test_command_getList/OneGroupSignedPGP/out.golden +++ b/pkg/siftool/testdata/Test_command_getList/OneGroupSignedPGP/out.golden @@ -3,4 +3,4 @@ ID |GROUP |LINK |SIF POSITION (start-end) |TYPE ------------------------------------------------------------------------------ 1 |1 |NONE |32768-32772 |FS (Raw/System/386) 2 |1 |NONE |36864-40960 |FS (Squashfs/*System/386) -3 |NONE |1 (G) |40960-42014 |Signature (SHA-256) +3 |NONE |1 (G) |40960-42008 |Signature (SHA-256) diff --git a/pkg/siftool/testdata/Test_command_getList/TwoGroupsSignedPGP/out.golden b/pkg/siftool/testdata/Test_command_getList/TwoGroupsSignedPGP/out.golden index 17240ba5..31875e98 100644 --- a/pkg/siftool/testdata/Test_command_getList/TwoGroupsSignedPGP/out.golden +++ b/pkg/siftool/testdata/Test_command_getList/TwoGroupsSignedPGP/out.golden @@ -4,5 +4,5 @@ ID |GROUP |LINK |SIF POSITION (start-end) |TYPE 1 |1 |NONE |32768-32772 |FS (Raw/System/386) 2 |1 |NONE |36864-40960 |FS (Squashfs/*System/386) 3 |2 |NONE |40960-303104 |FS (Ext3/System/amd64) -4 |NONE |1 (G) |303104-304158 |Signature (SHA-256) -5 |NONE |2 (G) |304158-305013 |Signature (SHA-256) +4 |NONE |1 (G) |303104-304152 |Signature (SHA-256) +5 |NONE |2 (G) |304152-305001 |Signature (SHA-256) diff --git a/test/images/gen_sifs.go b/test/images/gen_sifs.go index 61d24be8..701fc679 100755 --- a/test/images/gen_sifs.go +++ b/test/images/gen_sifs.go @@ -1,4 +1,4 @@ -// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved. +// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved. // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file // distributed with the sources of this project regarding your rights to use or distribute this // software. @@ -294,6 +294,7 @@ func generateImages() error { opts = append(opts, integrity.OptSignWithTime(func() time.Time { return time.Date(2020, 6, 30, 0, 1, 56, 0, time.UTC) }), integrity.OptSignDeterministic(), + integrity.OptSignWithoutPGPSignatureSalt(), ) s, err := integrity.NewSigner(f, opts...) diff --git a/test/images/one-group-signed-pgp.sif b/test/images/one-group-signed-pgp.sif index b10950331c00ef4f984a288d13cbf61b444f0530..9c7825828856814bf7cbe7caef8981cae7ba6848 100755 GIT binary patch delta 425 zcmW;3yKb9M007X+@=}&ots>+RN-YX1YaHo%o26U7O9e# zP8~8fTk;e6tSCL_@7v_h+vN8!Nq@ZlI(zu?^7VO&oKHXfcRoE8-~PS+Jexj#_LLai zFL1#>6;BuU+=kdDn7xnWvgl$ahZzjlYk_o9U8IV>(9B)oC)r%^RLzstB$|5hZK^8UW9ia2 zgnN%H<0iWs>|N}e;qn^A>0UpU0Ju>C`i$`A@N%dzF4rOn+E&_+tuVhJ>#^=YtaQ4~w1spNPz*2$1#_tD?bIyXgbgNW} zrBjEhQ@b^PB0sBYzwg^i@B2&dE9vF$pFdrHe*5R@cb~fHzxwZ{e@Wl{dj5Fb|MF&T z9tH(sl>1Bi^B9Q(OUi_-8EUz0=R=Tj)!Ict3Zy|BHej;} zN-80YYi)7O(EKbaG9G$j=kNCSOe38%1}K@*oj?i+DaTIjI~7N!I$!FW(2oQ49D;^& zOnN;yiWWblp^1HDOY>cIIHIC1g$JwT^X?>^wmaQ&to_g$&m4{uy;bw%g{sH99;T8g yEFxKI94FR1xg9QWzS(% diff --git a/test/images/two-groups-signed-pgp.sif b/test/images/two-groups-signed-pgp.sif index d21497185e98ab2a256bd2d8e685426fbd9d6ee4..35ba895fca26598b833f31f71f54e869c25507df 100755 GIT binary patch delta 843 zcmZXQIgjIH0EXF_2x;8_Q>;d-6+#q9$U;8iBQCbE8+xJ?#efsOg7dKCzz5LGq`ucc%_ISN{yx#tNop_%=x7Puj z^XS}p1Adr%^}rtRQ;3+kFJ@gQ?-K$hX`@lKLYcd%R|jA$OA0@iMcJwwy>MRksTZ(X??n6 z7PY~x2WT18aXOgiz|pgq@Mxd@EVztzIu%>%7Osy@KDHlWhQ| z0CJACt2^b{K;n6!kj*Tdc9N~q5>02OsIaVvF!YulB#y6yDhO2u;S_n_eq;YQdG*VuZztbB`(OW@)idn35^sEf&Kme{lBUF6kPZ%&YK8LooxeU4mEc=*_Y!Cf929snNgIlz-FL)DhE14QSfnnudP5MQ%UeVH0PT)(#yByh?^Z>efpEWTa5U)) zoxOMoO&Y~fGfqiGVdn+!M^4$ew#JE52Y^(NQzeAd95=95vUUiu@n!kII_eN9V4*Q= z&YeJ^ouj=-v_iy55t{lL<%0g4RGW*H;7w5VFoY#Iz%iV$R{4}Djjps9d!?kJ$YZj^ zVTc!v`Q9b|dCp5|<}oF@Nno?2*#vLnjYdMrCYs?+<9K=%W+O8wP2}1a6gZryH~;nj E8~+p%@&Et; delta 855 zcmZ9}IgjIX0ETgPCPG>_z!WRALL)@6(#k^4I6jLh>^P3k#77)E?tCY{uQ-3FnFxug zktnvITtv@EP*KwE_n?OogxKwPyXS3xf4sZ->)p+F;QII1lc&#Ke*4MKpZ@vr^V`Ws z?|1w3_Y3Ok=JxG}wy!_j_Vv?0FJ4_eefjeH@SDry<=Nxq>hW^@%ViRL^<0-CxZ(^7)IGnf3}l_O<1-DWrw6X zuyk*lDQ~mGY@?Nq3rwk!&LpSb-$VCgFKBPnpC(`Y`uW?*56}LuFgH;qMqJCuy#>yc z@m7K(7_^~!mLnN2?<(I8mS|*~4Rt`^+;-xWYBruLb(>M|AfIg*t?s03UD`9U3f6T! zEJbcC`gp)GGZ^#`wsQ%|3p(gs=?o{ly)tJd6~!Xpz2yTGvZPbMbhzTkNDX%NalRf= zue(#62&8C^Z>B&31KYyWWjqG4i7oi^-dQnAwP6SnRFEgq=aCS*j`wNqWNp=!F-lBI z*6z+TaH$UW#FnLGHqqt0BC@o^{n}KiwvYv$&M1?G5F$`H9|M^!EVOm88Le^|`cB;k zD@A7jitsMS*3ofTMLWzSXkMpI1TQ0O&Qlp-AdnYJnM8o1Z4IUL4ENAz%Fa>6&d`nB N=|6=?I9l%&{skpO6jT5J