agent icon indicating copy to clipboard operation
agent copied to clipboard
verified publisher icon buildkite

Log public signing key thumbprint and signed step payload

Open jordandcarter opened this issue 1 year ago • 0 comments

Description

To aid debugging signing verification failures this PR introduces a new flag --debug-signing which will log to both agent and job logs the step payload as it is signed and verified. This will allow asserting the payloads match mean tracking down the verification failures. This is intended for development debugging purposes. ⚠️ Using --debug-signing will log the step payloads in full to the job logs when uploading steps, this could leak secrets to those with access to the build and thus the job logs.

Context

Updates go-pipeline to v0.10.0

Changes

Testing

  • [ ] Tests have run locally (with go test ./...). Buildkite employees may check this if the pipeline has run automatically.
  • [ ] Code is formatted (with go fmt ./...)

jordandcarter avatar Jun 27 '24 03:06 jordandcarter