mozilla-services / autograph-canary Goto Github PK
View Code? Open in Web Editor NEWAn AWS lambda for checking Autograph signing is working correctly
An AWS lambda for checking Autograph signing is working correctly
Update bin/test_canary.sh
to fail when the invocation fails.
see also #43
Currently, we only test that an addon installs in https://github.com/mozilla-services/autograph-canary/blob/main/tests/addon_signature_test.js#L106
but we should update the blocklist then check that an addon install is blocked or not blocked for the following cases:
While useful in the initial PoC tlscanary pulls in a lot of unused functionality and support for more platforms than we need. Instead we can:
addon_signature_test.js
content_signature_test.js
Including:
Two possible mechanisms here:
Specifically, we'd like to run it in the future to detect pending expirations.
Something like the following should work:
timedatectl set-ntp no
timedatectl set-time YYYY-MM-DD
timedatectl set-time $(date -u -d '+60 day' '+%F')
https://www.cyberciti.biz/faq/howto-set-date-time-from-linux-command-prompt/
^ results in:
root@85daaeb79bd9:/function# timedatectl set-time $(date -u -d '+60 day' '+%F')
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
so that approach might not be possible in a container.
from @erkolson:
[ERROR] AttributeError: 'LambdaContext' object has no attribute 'get'
Traceback (most recent call last):
File "/var/task/autograph.py", line 86, in run_tests
env = lambda_context.get("env")
This Mozilla repository has been identified as lacking a license. Consistent with Mozilla's Licensing Policy an open source license should be applied to the code in this repository.
Please add an appropriate LICENSE.md file to the root directory of the project. In general, Mozilla's licensing policies are as follows:
Client-side products created by Mozilla employees or contributors should use the Mozilla Public License, Version 2.0 (MPL).
Server-side products or utilities that support Mozilla products may use either the MPL or the Apache License 2.0 (Apache 2.0).
In special cases, another license might be appropriate. If the repository is a fork of another repository it must apply the license of the original. Similarly, another license might be appropriate to match that of a broader project (for example Rust crates that Firefox depends on are published under an Apache 2.0 / MIT dual license, as that is the dual license used by the Rust programming language and projects).
Please ensure that any license added to the LICENSE.md file matches other licensing information in the repository (for example, it should match any license indicated in a setup.py or package.json file).
Mozilla staff can access more information in our Software Licensing Runbook – search for “Licensing Runbook” in Confluence to find it.
If you have any questions you can contact Daniel Nazer who can be reached at dnazer on Mozilla email or Slack.
OPENLIC-2023-01
In order to have a consistent build pipeline, we need a requirements.txt for this project.
Currently we assume the production signing root and remote settings infra. Since this is for testing signature issues, it makes sense to provide coverage on stage too.
To help with silent failures: e.g. #17 (comment)
Seeing this error mozilla/tls-canary#227
One possible solution is pulling in the content signature JS from about remove settings / remote settings dev tools.
https://docs.aws.amazon.com/lambda/latest/dg/images-create.html
We can run it in the lambda emulator using docker-compose as in mozilla-services/autograph#652
mozilla/autograph-canary
(alternatively push directly to ecr)AFAIK it's fine for the image to be public and to make this repo public.
That way more people can view this repo
file:///
urlrefs: #48
I ran a quick scan in #48 (comment) and don't think there's anything sensitive in here.
I spent awhile debugging deploys today and yesterday. mirrorDockerImage
pulls build info from CircleCI but doesn't error for 404s (which CircleCI returns for private repos), so making this public will make it easier to deploy (alternatively we could set up a CircleCI API token).
We sleep an amount of time scaled by the number of things a test verifies, but it'd be better to verify things complete or fail and shut down gracefully.
One possible route:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.