Skip to content
This repository was archived by the owner on Jul 31, 2025. It is now read-only.

Regenerate testing certificates #1594

Merged
justincormack merged 2 commits into from
Apr 30, 2021
Merged

Regenerate testing certificates #1594

justincormack merged 2 commits into from
Apr 30, 2021

Conversation

@marcofranssen
Copy link
Contributor

@marcofranssen marcofranssen commented Apr 2, 2021

The test certificates expired.

This PR refreshed the certificates using the shell script in the fixtures folder.

@stefan-zh
Copy link

stefan-zh commented Apr 14, 2021

I wonder if it's a good idea to include in this PR a removal of the -u on this line regenerateTestingCerts.sh#L174 that causes this issue with the transient dependency: #1593 (comment)

@marcofranssen
Copy link
Contributor Author

marcofranssen commented Apr 14, 2021

@stefan-zh Not sure what you mean by that as I just pulled the repo, ran the script and got these certificates updated without any issues.

@stefan-zh
Copy link

stefan-zh commented Apr 14, 2021
edited
Loading

@stefan-zh Not sure what you mean by that as I just pulled the repo, ran the script and got these certificates updated without any issues.

@marcofranssen You probably have the cfssljson binary pre-installed. Try removing it and regenerating certificates from scratch:

rm $(which cfssljson)
cd ./fixtures
./regenerateTestingCerts.sh

@ioannisgk
Copy link

ioannisgk commented Apr 21, 2021
edited
Loading

I wonder if it's a good idea to include in this PR a removal of the -u on this line regenerateTestingCerts.sh#L174 that causes this issue with the transient dependency: #1593 (comment)

@stefan-zh I think you may be mistaken, this PR does not remove the -u option, please check here

I have just used notary with the newly created certificates and I see that everything is working perfectly, I think this PR should be merged to master.

Thank you @marcofranssen

@stefan-zh
Copy link

stefan-zh commented Apr 21, 2021
edited
Loading

@ioannisgk I think you misunderstood my suggestion. I am suggesting that this PR should include a removal of the -u option on this line regenerateTestingCerts.sh#L174. I am proposing this additional change because certificates might not get regenerated properly in some cases and I think this PR is a proper place to add it.

Are there such cases? Yes, there are - this person ran into this issue #1593 (comment) and I ran into the same issue.

Why do we have this issue when we run the regenerateTestingCerts.sh script? Because we don't have the cfssl binary on our $GOPATH. Because of that regenerateTestingCerts.sh will try to get it and compile it. However, there is a transient issue with a dependency of cfssl called github.com/coreos/bbolt and the author of the comment above said this:

Not a go expert. I think it may be affected by github.com/coreos/bbolt now redirects to github.com/etcd-io/bbolt or the github.com/etcd-io/bbolt/

Is this issue solvable? Yes, it is. Someone else had this issue with the cfssl dependency, posted the issue on their GitHub repo cloudflare/cfssl#1183 and then someone provided an answer how to fix it: cloudflare/cfssl#1183 (comment), which includes the removal of the -u option.

@marcofranssen
Copy link
Contributor Author

marcofranssen commented Apr 28, 2021

@stefan-zh I have applied your suggestion.

stefan-zh
stefan-zh approved these changes Apr 28, 2021
View reviewed changes
Copy link

@stefan-zh stefan-zh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These look good to me

@marcofranssen
Copy link
Contributor Author

marcofranssen commented Apr 29, 2021

@seb-bah are we good to merge? can you handle the merge?

@seb-bah
Copy link

seb-bah commented Apr 29, 2021

@seb-bah are we good to merge? can you handle the merge?

@marcofranssen I just tested this PR and we're good to go! I don't have write access to be able to merge.

@marcofranssen
Copy link
Contributor Author

marcofranssen commented Apr 30, 2021

FYI @justincormack

@justincormack
Copy link
Contributor

justincormack commented Apr 30, 2021

Thanks!

@justincormack justincormack merged commit 25cc887 into notaryproject:master Apr 30, 2021
@marcofranssen marcofranssen deleted the refresh-testing-certs branch May 3, 2021 10:51
@stefan-zh stefan-zh mentioned this pull request May 5, 2021
Closed
@jakekreider jakekreider mentioned this pull request Apr 26, 2023
Open
@stefbog stefbog mentioned this pull request Apr 27, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@justincormack justincormack justincormack approved these changes

@stefan-zh stefan-zh stefan-zh approved these changes

@seb-bah seb-bah seb-bah approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@marcofranssen @stefan-zh @ioannisgk @seb-bah @justincormack