a whole bunch of signature signing improvements#2227
Merged
bors-ferrocene[bot] merged 15 commits intomainfrom Mar 25, 2026
Merged
a whole bunch of signature signing improvements#2227bors-ferrocene[bot] merged 15 commits intomainfrom
bors-ferrocene[bot] merged 15 commits intomainfrom
Conversation
Hoverbear
reviewed
Mar 16, 2026
Hoverbear
reviewed
Mar 16, 2026
jyn514
changed the title
Before, build failures in the `document-signatures` tool wouldn't appear until bootstrap had done all the work of building the docs.
Examples: ``` $ x sign --dry-run internal-procedures Signing stage1 internal-procedures ``` ``` $ x sign --dry-run Signing stage1 document-list Signing stage1 evaluation-plan Signing stage1 evaluation-report Signing stage1 plan Signing stage1 report Signing stage1 safety-manual Signing stage1 internal-procedures ```
When the new `ferrocene.allow_dev_signing` is enabled, signatures will not be required to match against `signature.toml` in the document repo. `allow_dev_signing` is disabled by default.
Previously it tried to parse the body of the bors commit, not just the first line; didn't understand the syntax; and then discarded all its progress even though it understood the first line. This also adds a bit more error handling to make future similar issues easier to debug.
This doesn't use the existing `DelayFail` variant because `fail_fast` is on by default for `x test` commands and there's no way to override it per-Step.
Example diff:
```
running: "gtar" "--sort=name" "--mtime=2020-01-01T00:00:00Z" "--owner=0" "--group=0" "--numeric-owner" "--mode=u+rw,go+r,go-w" "--format=gnu" "--anchored" "--exclude=./signature" "-C" "/Users/jyn/work/ferrocene3/build/aarch6
4-apple-darwin/doc/qualification/internal-procedures" "-c" "." "-f" "/var/folders/t3/46yqwwp56vg2jp1604qr5wd00000gn/T/.tmpxhsBVS"
Signature incorrect: /Users/jyn/work/ferrocene3/build/aarch64-apple-darwin/doc/qualification/internal-procedures
existing document id: IP-e3d6f6af48b7631163516fa2c6cb7b8bc2b76be0
expected document id: IP-fb9e843580c0a88900c6d950009cbfb42818d878
existing tarball sha256: 75f4f89049985b5ff97a7e8661e3e829163d7a9f9593464e6403159976df06ff
expected tarball sha256: 496e2fbf9ab4931de93de2001aeced470afd9074f45978f9c26baed1ccb6c596
comparing build/host/signature-diffs/internal-procedures to build/host/doc/qualification/internal-procedures
diff --unified --recursive --ex build/host/signature-diffs/internal-procedures/_sources/docs/signatures.rst.txt build/host/doc/qualification/internal-procedures/_sources/docs/signatures.rst.txt
--- build/host/signature-diffs/internal-procedures/_sources/docs/signatures.rst.txt 2020-01-01 01:00:00
+++ build/host/doc/qualification/internal-procedures/_sources/docs/signatures.rst.txt 2026-03-16 17:43:52
@@ -26,7 +26,7 @@
While everyone can invoke the command to begin signing, after a signature is
made, the tooling will error out if you are not listed as an authorized
- signer.
+ ner.
.. caution::
```
I discovered while writing this that anything in
`doc/qualification/internal-procedures/signature` gets overwritten by `x
test signatures`. I don't love that, ideally it would use a different
temporary directory, but it wasn't too hard to put my
`stable-archive.tar` in a different directory instead.
The `saved-archive` return value from `generate` can't be part of
`Pinned` because it can't (and shouldn't) be serialized into
`pinned.toml`.
Feels bad to touch the network and leave permanent records if we don't have to. I verified that `x test document-signatures` still works if and only if `allow_dev_signing` is disabled. Otherwise cosign will complain that it's missing the proper role: ``` Signature correct: /Users/jyn/work/ferrocene3/build/aarch64-apple-darwin/doc/qualification/internal-procedures Error: missing signature file for role safety-manager ```
Member
|
bors merge |
Contributor
|
Build succeeded:
|
github-actions
bot
added
backport:maybe
ferrocene-automations bot
pushed a commit
that referenced
this pull request
Mar 27, 2026
Feels bad to touch the network and leave permanent records if we don't have to. I verified that `x test document-signatures` still works if and only if `allow_dev_signing` is disabled. Otherwise cosign will complain that it's missing the proper role: ``` Signature correct: /Users/jyn/work/ferrocene3/build/aarch64-apple-darwin/doc/qualification/internal-procedures Error: missing signature file for role safety-manager ``` Ferrocene-backport-of: #2227
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a grab-bag of different small fixes, which I'm happy to split up into smaller PRs. I highly encourage reviewing commit-by-commit and reading the commit descriptions.
b770889 is being upstreamed in rust-lang/rust#153992.