Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/timestamps #41

Merged
merged 2 commits into from
Nov 16, 2022
Merged

Feat/timestamps #41

merged 2 commits into from
Nov 16, 2022

Conversation

mikhailswift
Copy link
Member

@mikhailswift mikhailswift commented Nov 15, 2022

  • Adds timestamp metadata to any signatures that may have timestamping information attached.

Also,

Archivist used the Store and Download functions which returned
envelopes, parsed on either end by go's json decoder and encoder. This
could cause a new line to be appended to an envelope after encoding,
causing a difference in the envelope's hash.

By using the Reader/Writer methods archivistctl just passes through the
raw bytes to archivist, allowing the server to decode and verify any
information before passing those raw bytes to object storage. This
ensures gitoids and shasums of envelopes remain consistent.

@coveralls
Copy link

coveralls commented Nov 15, 2022

Pull Request Test Coverage Report for Build 3472136889

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 0.0%

Totals Coverage Status
Change from base Build 3389149922: 0.0%
Covered Lines: 0
Relevant Lines: 0

💛 - Coveralls

@mikhailswift
Copy link
Member Author

Sample query to test this:

{
  dsses(first:10,
  where:{
    hasSignaturesWith:{
      hasTimestamps: true
    }
  }) {
    edges{
      node{
        gitoidSha256
        signatures{
          keyID
          timestamps{
             timestamp
          }
        }
      }
    }
  }
}

example results from above query:

{
  "data": {
    "dsses": {
      "edges": [
        {
          "node": {
            "gitoidSha256": "3e2d12258466b2ec5b2c65a87232c8d2356e3532044185f39a4e63b1a77a5777",
            "signatures": [
              {
                "keyID": "ae2dcc989ea9c109a36e8eba5c4bc16d8fafcfe8e1a614164670d50aedacd647",
                "timestamps": [
                  {
                    "timestamp": "2022-11-15T00:06:03Z"
                  }
                ]
              }
            ]
          }
        }
      ]
    }
  }
}

Will get this pushed to the dev instance tomorrow.

Adds timestamp metadata to any signatures that may have timestamping
information attached.
Archivist used the Store and Download functions which returned
envelopes, parsed on either end by go's json decoder and encoder. This
could cause a new line to be appended to an envelope after encoding,
causing a difference in the envelope's hash.

By using the Reader/Writer methods archivistctl just passes through the
raw bytes to archivist, allowing the server to decode and verify any
information before passing those raw bytes to object storage. This
ensures gitoids and shasums of envelopes remain consistent.
timestampGT: Time
timestampGTE: Time
timestampLT: Time
timestampLTE: Time
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be great!

SetKeyID(sig.KeyID).
SetSignature(base64.StdEncoding.EncodeToString(sig.Signature)).
SetDsse(dsse).
Save(ctx)
if err != nil {
return err
}

for _, timestamp := range sig.Timestamps {
timestampedTime, err := timeFromTimestamp(timestamp)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct me if I am wrong, but we will only store the time if a timestamp exists.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct. I’m splitting up the other time stuff currently

@colek42
Copy link
Member

colek42 commented Nov 16, 2022

Great Work!

@colek42 colek42 merged commit a4a0c89 into main Nov 16, 2022
@mikhailswift mikhailswift deleted the feat/timestamps branch November 17, 2022 00:15
@mikhailswift mikhailswift mentioned this pull request Nov 29, 2022
jessesanford pushed a commit to jessesanford/archivista that referenced this pull request Oct 1, 2024
* feat: add timestamp metadata to database

Adds timestamp metadata to any signatures that may have timestamping
information attached.

* fix: prevent archivistctl from modifiying envelope hashes

Archivist used the Store and Download functions which returned
envelopes, parsed on either end by go's json decoder and encoder. This
could cause a new line to be appended to an envelope after encoding,
causing a difference in the envelope's hash.

By using the Reader/Writer methods archivistctl just passes through the
raw bytes to archivist, allowing the server to decode and verify any
information before passing those raw bytes to object storage. This
ensures gitoids and shasums of envelopes remain consistent.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants