Merge pull request #317 from jku/better-ed25519-reporting

Better ed25519 upstream reporting, update expected commit
secure-systems-lab · Jan 18, 2021 · 3ec66da · 3ec66da
2 parents 0a8bde5 + cd841cd
commit 3ec66da
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/.github/workflows/check-upstream-ed25519.yml b/.github/workflows/check-upstream-ed25519.yml
@@ -14,17 +14,19 @@ jobs:
     - name: Test if ed25519 upstream master HEAD is what we expect
       id: test_ed25519
       run: |
-        if sh securesystemslib/_vendor/test-ed25519-upstream.sh; then
+        if output=$(securesystemslib/_vendor/test-ed25519-upstream.sh); then
           echo "::set-output name=result::0"
         else
           echo "::set-output name=result::1"
+          echo "::set-output name=output::$output"
         fi
     - name: Create issue (unless one is open already)
       uses: actions/github-script@v3
       if: ${{ steps.test_ed25519.outputs.result == '1' }}
       with:
         script: |
           console.log("ed25519 upstream master has changed!")
+          console.log("${{ steps.test_ed25519.outputs.output }}")
           const repo = context.repo.owner + "/" + context.repo.repo
           const issues = await github.search.issuesAndPullRequests({
             q: "ed25519+upstream+has+new+commits+in:title+state:open+type:issue+repo:" + repo,
@@ -38,9 +40,10 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               title: "ed25519 upstream has new commits",
-              body: "It seems https://github.com/pyca/ed25519.git has new commits. " +
-                    "Please review them, update the vendored copy if needed, and then " +
-                    "update the expected hash in _vendor/test-ed25519-upstream.sh"
+              body: "It seems https://github.com/pyca/ed25519.git has changed: " +
+                    "${{ steps.test_ed25519.outputs.output }} " +
+                    "Please review changes, update the vendored copy if needed, and " +
+                    "then update the expected hash in _vendor/test-ed25519-upstream.sh"
             })
           }
 
diff --git a/securesystemslib/_vendor/test-ed25519-upstream.sh b/securesystemslib/_vendor/test-ed25519-upstream.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # Check for new commits in upstream ed25519
 #
@@ -12,13 +12,15 @@ set -eu
 # This commit matches our securesystemslib/_vendor/ed25519/ content.
 # If upstream changes, we should review the changes, vendor them,
 # and update the hash here
-pyca_ed25519_expected="c13748e1d24c5c00f6ce2b9c38a319ae02355d97"
+pyca_ed25519_expected="0abd61bd0ef914133906b797ad568b35d44744a2"
 pyca_ed25519_git_url="https://github.com/pyca/ed25519.git"
 
 pyca_ed25519_master_head=$(git ls-remote "$pyca_ed25519_git_url" master | cut -f1)
 if [ "$pyca_ed25519_master_head" != "$pyca_ed25519_expected" ]; then
-    echo "$pyca_ed25519_git_url master branch has been updated." >&2
-    echo "Expected $pyca_ed25519_expected, found $pyca_ed25519_master_head." >&2
+    echo "Expected [master](https://github.com/pyca/ed25519/commits/master)" \
+	 "to be commit ${pyca_ed25519_expected:0:7}, found" \
+	 "${pyca_ed25519_master_head:0:7} instead" \
+	 "([diff](https://github.com/pyca/ed25519/compare/${pyca_ed25519_expected}...master))."
     exit 1
 fi