Comments (9)
adityasaky
commented on August 22, 2024
2
Opened #13 to track this. :)
from in-toto-rs.
joyliu-q
commented on August 22, 2024
Hi! Thank you for finding this: I will look into this issue.
Do you know what the rebuilder is trying to rebuild so I can try to reproduce the issue?
from in-toto-rs.
kpcyrd
commented on August 22, 2024
hi :)
this happens with every package, the paths that are passed to in_toto_run by rebuilderd are absolute paths, the in-toto lib then converts them into strings here:
Line 29 in 11c7a41
I'm wondering if it'd make sense to generate the (VirtualTargetPath, TargetDescription) in rebuilderd because it's already aware of the filename and the directory traversal code in record_artifacts isn't needed. :)
from in-toto-rs.
joyliu-q
commented on August 22, 2024
Hmm, this is a bit tricky. Because that line of code is nested somewhat deeply and called inside the record_artifact function (which lays inside record_artifacts which is in in_toto_run), I'm not sure if there's a simple way to have rebuilderd step in for the (VirtualTargetPath, TargetDescription) generation.
So far, I see 3 solutions to the absolute path solution:
- Quick fix (but not very pretty): like you've said, the directory traversal is unneeded in this step. Because of that, maybe we can assemble the link using the subfunctions called in
in_toto_runwithout callingin_toto_runitself. We can replace therecord_artifactsstep with rebuilderd hashing the package and insert it into the link in a similar format. - Add an optional input parameter to
in_toto_runcalledstrip_artifact_prefixforin_toto_runthat takes in a string and strips the prefix from material and product paths.strip_artifact_prefixwould then be passed torecord_artifactsandrecord_artifact. - Before passing the rebuilderd paths into
in_toto_run, convert absolute paths to relative paths(?). It's generally not good to store absolute paths in a file either way, so this might be the fix we need. However, to be honest, I'm not super sure how converting absolute back to relative would work (maybe similar tostrip_prefix?)
Would love some input from @SantiagoTorres @adityasaky as well!
from in-toto-rs.
SantiagoTorres
commented on August 22, 2024
Well, this sounds like something we do in the in-toto-run bits, with allowing callers to lstrip paths. I think we can definitely make this feature appear soonβ’ for -rs...
from in-toto-rs.
adityasaky
commented on August 22, 2024
Since rebuilderd is aware of the paths of both, can we just add lstrip functionality (i.e., option 2) to in_toto_run?
from in-toto-rs.
adityasaky
commented on August 22, 2024
See: something like https://github.com/in-toto/in-toto/blob/develop/in_toto/runlib.py#L94
from in-toto-rs.
adityasaky
commented on August 22, 2024
I believe we can now close this. We have left-strip capabilities courtesy of #19.
from in-toto-rs.
adityasaky
commented on August 22, 2024
I've opened a separate thread here: kpcyrd/rebuilderd#129
from in-toto-rs.
Related Issues (14)
- Provide an example loading key created with `in-toto-keygen` HOT 3
- Add left-stripping functionality
- Missing Verifylib HOT 5
- Allow colon in filenames HOT 6
- Add support for ITE-6 semantics and SLSA provenance HOT 2
- Provide a helper function to register a material/product to an existing link HOT 1
- Return-value of byproducts in a link-file should be treated as an int HOT 2
- Metablock is not safe object HOT 4
- Roadmap of GSOC 2022
- Inconsistent logic in `calculate_key_id` with python version HOT 2
- Develop in-toto-rs capabilities to support rebuilderd HOT 3
- Inconsistent format of publickey with python version HOT 3
- Add support for ecdsa keys HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from in-toto-rs.