feat(bufbuild/buf): add minisign config #26430

sapphi-red · 2024-08-31T14:15:45Z

Check List

Read CONTRIBUTING.md
- Read OSS Contribution Guide
All commits are signed
- This repository enables Require signed commits, so all commits must be signed
Avoid force push
Do only one thing in one Pull Request

Adds minisign config for bufbuild/buf.

https://buf.build/docs/installation > "GitHub" tab > "Verifying a release"

aquaproj/aqua#3072 is needed.

- https://github.com/aquaproj/aqua/releases/tag/v2.34.0-1 - aquaproj/aqua#3103

suzuki-shunsuke · 2024-09-22T01:30:00Z

🤔 https://github.com/aquaproj/aqua-registry/actions/runs/10977177570/job/30478838083?pr=26430

INFO[0000] verifing a checksum file with Minisign        aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
Signature verification failed
INFO[0000] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=1 wait_time=945ms
Signature and comment signature verified
Trusted comment: timestamp:1726694754	filename:sha256.txt
Signature verification failed
INFO[0001] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=2 wait_time=144ms
Signature verification failed
INFO[0001] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=3 wait_time=210ms
Signature verification failed
INFO[0002] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=4 wait_time=389ms
Signature verification failed
ERRO[0002] install the package                           aqua_version=2.34.0-1 env=linux/amd64 error="verify a package with minisign: verify with minisign" package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard
FATA[0002] aqua failed                                   aqua_version=2.34.0-1 env=linux/amd64 error="it failed to install some packages" program=aqua
Error: Process completed with exit code 1.

I could reproduce the issue by cmdx t bufbuild/buf.

INFO[0005] verifing a checksum file with Minisign        aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
INFO[0005] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=1 wait_time=234ms
INFO[0005] downloading a checksum file                   aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.45.0 program=aqua registry=standard
INFO[0005] downloading a checksum file                   aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.41.0 program=aqua registry=standard
INFO[0005] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=2 wait_time=378ms
INFO[0006] downloading a checksum file                   aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.42.0 program=aqua registry=standard
INFO[0006] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=3 wait_time=692ms
INFO[0006] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard retry_count=1 wait_time=409ms
INFO[0006] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard retry_count=2 wait_time=682ms
INFO[0007] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard retry_count=4 wait_time=363ms
ERRO[0007] install the package                           aqua_version=2.34.0-1 env=linux/amd64 error="verify a package with minisign: verify with minisign" package_name=bufbuild/buf package_version=v0.53.0 program=aqua registry=standard
INFO[0007] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard retry_count=3 wait_time=884ms
INFO[0008] Verification by minisign failed temporarily, retring  aqua_version=2.34.0-1 env=linux/amd64 package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard retry_count=4 wait_time=287ms
ERRO[0008] install the package                           aqua_version=2.34.0-1 asset_name=buf-Linux-x86_64.tar.gz env=linux/amd64 error="verify a checksum file with Minisign: verify with minisign" package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
FATA[0008] aqua failed                                   aqua_version=2.34.0-1 env=linux/amd64 error="it failed to install some packages" program=aqua
[ERROR] Build failed linux/amd64
        If you want to look into the container, please run 'cmdx con linux amd64'
exit status 1

The verification works well on my laptop (M3 Pro).

$ buf --help
INFO[0000] download and unarchive the package            aqua_version=2.34.0-1 env=darwin/arm64 exe_name=buf package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
Downloading bufbuild/buf v1.42.0 100% |██████████████████████████████████████████████████████████████████████████| (22/22 MB, 31 MB/s)        
INFO[0001] downloading a checksum file                   aqua_version=2.34.0-1 env=darwin/arm64 exe_name=buf package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
INFO[0002] verifing a checksum file with Minisign        aqua_version=2.34.0-1 env=darwin/arm64 exe_name=buf package_name=bufbuild/buf package_version=v1.42.0 program=aqua registry=standard
Signature and comment signature verified
Trusted comment: timestamp:1726694754	filename:sha256.txt

https://buf.build/docs/installation#var-selection-github-verifying-a-release

minisign -Vm sha256.txt -P RWQ/i9xseZwBVE7pEniCNjlNOeeyp4BQgdZDLQcAohxEAH5Uj5DEKjv6

The verification should not depend on the environment (OS / Arch).

suzuki-shunsuke · 2024-09-22T14:25:20Z

This issue has been solved. #26430 (comment)

suzuki-shunsuke · 2024-09-22T22:45:44Z

Thank you for your contribution!

suzuki-shunsuke · 2024-09-22T22:58:23Z

v4.223.1 is out 🎉
https://github.com/aquaproj/aqua-registry/releases/tag/v4.223.1

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [aquaproj/aqua-registry](https://github.com/aquaproj/aqua-registry) | minor | `v4.220.1` -> `v4.223.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>aquaproj/aqua-registry (aquaproj/aqua-registry)</summary> ### [`v4.223.1`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.223.1) [Compare Source](aquaproj/aqua-registry@v4.223.0...v4.223.1) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.223.1) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.223.1) | aquaproj/aqua-registry@v4.223.0...v4.223.1 #### Features [#26430](aquaproj/aqua-registry#26430) bufbuild/buf: Add minisign config [@sapphi-red](https://github.com/sapphi-red) ⚠️ [aqua v2.34.0](https://github.com/aquaproj/aqua/releases/tag/v2.34.0) or later is required for Minisign ### [`v4.223.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.223.0) [Compare Source](aquaproj/aqua-registry@v4.222.0...v4.223.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.223.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.223.0) | aquaproj/aqua-registry@v4.222.0...v4.223.0 #### 🎉 New Packages [#27068](aquaproj/aqua-registry#27068) [fastfetch-cli/fastfetch](https://github.com/fastfetch-cli/fastfetch): An actively maintained, feature-rich and performance oriented, neofetch like system information tool [@Allianaab2m](https://github.com/Allianaab2m) ### [`v4.222.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.222.0) [Compare Source](aquaproj/aqua-registry@v4.221.0...v4.222.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.222.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.222.0) | aquaproj/aqua-registry@v4.221.0...v4.222.0 #### 🎉 New Packages [#27031](aquaproj/aqua-registry#27031) [Darth-Tech/samwise-cli](https://github.com/Darth-Tech/samwise-cli): A CLI application to accompany on your terraform module journey and sharing your burden of module dependency updates, just as one brave Hobbit helped Frodo carry his :) [#27032](aquaproj/aqua-registry#27032) [RoseSecurity/Kuzco](https://github.com/RoseSecurity/Kuzco): Kuzco reviews your Terraform resources, compares them to the provider schema to detect unused parameters, and uses AI to suggest improvements [#27030](aquaproj/aqua-registry#27030) [breml/tfreveal](https://github.com/breml/tfreveal): tfreveal shows a Terraform plan with all the secret (sensitive) values revealed #### Fixes [#26991](aquaproj/aqua-registry#26991) buildkite/cli: Follow up changes of buildkite v3.0.0 ### [`v4.221.0`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.221.0) [Compare Source](aquaproj/aqua-registry@v4.220.2...v4.221.0) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.221.0) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.221.0) | aquaproj/aqua-registry@v4.220.2...v4.221.0 #### 🎉 New Packages [#26911](aquaproj/aqua-registry#26911) [Songmu/podbard](https://github.com/Songmu/podbard): The Podbard is a primitive podcast site generator [@ponkio-o](https://github.com/ponkio-o) ### [`v4.220.2`](https://github.com/aquaproj/aqua-registry/releases/tag/v4.220.2) [Compare Source](aquaproj/aqua-registry@v4.220.1...v4.220.2) [Issues](https://github.com/aquaproj/aqua-registry/issues?q=is%3Aissue+milestone%3Av4.220.2) | [Merge Requests](https://github.com/aquaproj/aqua-registry/pulls?q=is%3Apr+milestone%3Av4.220.2) | aquaproj/aqua-registry@v4.220.1...v4.220.2 #### Fixes [#26909](aquaproj/aqua-registry#26909) printfn/fend: Regenerate the setting Follow up the change of fend v1.5.2 https://github.com/printfn/fend/releases/tag/v1.5.2 > The linux-x64 binary has been renamed to linux-x86\_64-gnu for consistency/clarity [#26874](aquaproj/aqua-registry#26874) derailed/popeye: Follow up changes of popeye v0.21.5 - derailed/popeye@13f3b9c [#26813](aquaproj/aqua-registry#26813) Macchina-CLI/macchina: Follow up changes of macchina </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

sapphi-red and others added 3 commits August 31, 2024 22:52

feat(bufbuild/buf): add minisign config

d1fa374

Merge branch 'main' into feat/buf-add-minisign

ce430d4

chore: update aqua to v2.34.0-1

61fdd33

- https://github.com/aquaproj/aqua/releases/tag/v2.34.0-1 - aquaproj/aqua#3103

suzuki-shunsuke added 4 commits September 22, 2024 15:52

chore: update aqua to v2.34.0-2

79f917c

fix(bufbuild/buf): fix the indentation

4709b7f

chore: update aqua to v2.34.0-4

97c2996

chore: update aqua to v2.34.0-5

36026e4

Merge branch 'main' into feat/buf-add-minisign

3b233e2

suzuki-shunsuke marked this pull request as ready for review September 22, 2024 14:56

chore: update aqua to v2.34.0

e514c77

suzuki-shunsuke merged commit dc9b004 into aquaproj:main Sep 22, 2024
18 checks passed

suzuki-shunsuke added this to the v4.223.1 milestone Sep 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(bufbuild/buf): add minisign config #26430

feat(bufbuild/buf): add minisign config #26430

sapphi-red commented Aug 31, 2024

suzuki-shunsuke commented Sep 22, 2024 •

edited

Loading

suzuki-shunsuke commented Sep 22, 2024

suzuki-shunsuke commented Sep 22, 2024

suzuki-shunsuke commented Sep 22, 2024

feat(bufbuild/buf): add minisign config #26430

feat(bufbuild/buf): add minisign config #26430

Conversation

sapphi-red commented Aug 31, 2024

Check List

suzuki-shunsuke commented Sep 22, 2024 • edited Loading

suzuki-shunsuke commented Sep 22, 2024

suzuki-shunsuke commented Sep 22, 2024

suzuki-shunsuke commented Sep 22, 2024

suzuki-shunsuke commented Sep 22, 2024 •

edited

Loading