8000 Update staging assets, refactor TUF asset lookup · jku/sigstore-python@91121ee · GitHub
[go: up one dir, main page]
Skip to content

Commit 91121ee

Browse files
jkujku
committed
Update staging assets, refactor TUF asset lookup
Commit is large just because the test and embedded assets for staging are updated. * Update the embedded data in sigstore/_store * Also update the test assets in test/assets * refactor the embedded asset lookup: use the URL to build the asset dir. This means less code duplication and easier to make this work with non-Public Good Instance TUF repos * Make the tuf module work with non-PGI instances: if the local TUF metadata is initialized out of band, tuf module just works with it. If a root.json is provided in _store, it is still always used to initialize the client Of special note is "signing_config.v0.2.json" for production: This does not actually exist yet in the TUF repository but I've added one in sigstore/_store and use it as a workaround in ClientTrustConfig.from_tuf() -- this way the code can otherwise remain identical for both staging and prod. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
1 parent 296f8b6 commit 91121ee

File tree

32 files changed

+474
-654
lines changed

32 files changed

+474
-654
lines changed

sigstore/_internal/trust.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -568,7 +568,7 @@ def from_tuf(
568568
except TUFError as e:
569569
# TUF repo may not have signing config yet: hard code values for prod:
570570
if url == DEFAULT_TUF_URL:
571-
embedded = read_embedded("signing_config.v0.2.json", "prod")
571+
embedded = read_embedded("signing_config.v0.2.json", url)
572572
inner_sc = _SigningConfig().from_json(embedded)
573573
else:
574574
raise e

sigstore/_internal/tuf.py

Lines changed: 21 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929

3030
from sigstore import __version__
3131
from sigstore._utils import read_embedded
32-
from sigstore.errors import RootError, TUFError
32+
from sigstore.errors import TUFError
3333

3434
_logger = logging.getLogger(__name__)
3535

@@ -70,34 +70,27 @@ def __init__(self, url: str, offline: bool = False) -> None:
7070
"""
7171
Create a new `TrustUpdater`, pulling from the given `url`.
7272
73-
The URL is expected to match one of `sigstore-python`'s known TUF
74-
roots, i.e. for the production or staging Sigstore TUF repos.
73+
TrustUpdater expects that either embedded data contains
74+
a root.json for this url or that local data has been initialized
75+
already.
7576
7677
If not `offline`, TrustUpdater will update the TUF metadata from
7778
the remote repository.
7879
"""
7980
self._repo_url = url
8081
self._metadata_dir, self._targets_dir = _get_dirs(url)
8182

82-
rsrc_prefix: str
83-
if self._repo_url == DEFAULT_TUF_URL:
84-
rsrc_prefix = "prod"
85-
elif self._repo_url == STAGING_TUF_URL:
86-
rsrc_prefix = "staging"
87-
else:
88-
raise RootError
89-
90-
# Initialize targets cache dir
83+
# Populate targets cache so we don't have to download these versions
9184
self._targets_dir.mkdir(parents=True, exist_ok=True)
92-
trusted_root_target = self._targets_dir / "trusted_root.json"
93-
94-
if not trusted_root_target.exists():
95-
try:
96-
trusted_root_json = read_embedded("trusted_root.json", rsrc_prefix)
97-
except FileNotFoundError as e:
98-
raise RootError from e
9985

100-
trusted_root_target.write_bytes(trusted_root_json)
86+
for artifact in ["trusted_root.json", "signing_config.v0.2.json"]:
87+
artifact_path = self._targets_dir / artifact
88+
if not artifact_path.exists():
89+
try:
90+
data = read_embedded(artifact, url)
91+
artifact_path.write_bytes(data)
92+
except FileNotFoundError:
93+
pass # this is ok: e.g. signing_config is not in prod repository yet
10194

10295
_logger.debug(f"TUF metadata: {self._metadata_dir}")
10396
_logger.debug(f"TUF targets cache: {self._targets_dir}")
@@ -110,9 +103,12 @@ def __init__(self, url: str, offline: bool = False) -> None:
110103
else:
111104
# Initialize and update the toplevel TUF metadata
112105
try:
113-
root_json = read_embedded("root.json", rsrc_prefix)
114-
except FileNotFoundError as e:
115-
raise RootError from e
106+
root_json = read_embedded("root.json", url)
107+
except FileNotFoundError:
108+
# embedded root not found: we can still initialize _if_ the local metadata
109+
# exists already
110+
root_json = None
111+
116112
self._updater = Updater(
117113
metadata_dir=str(self._metadata_dir),
118114
metadata_base_url=self._repo_url,
@@ -121,6 +117,7 @@ def __init__(self, url: str, offline: bool = False) -> None:
121117
config=UpdaterConfig(app_user_agent=f"sigstore-python/{__version__}"),
122118
bootstrap=root_json,
123119
)
120+
124121
try:
125122
self._updater.refresh()
126123
except Exception as e:
@@ -167,7 +164,7 @@ def get_signing_config_path(self) -> str:
167164
TUFExceptions.DownloadError,
168165
TUFExceptions.RepositoryError,
169166
) as e:
170-
raise TUFError("Failed to download trusted key bundle") from e
167+
raise TUFError("Failed to download signing config") from e
171168

172169
_logger.debug("Found and verified signing config")
173170
return path

sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/root.json

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
{
2+
"signatures": [
3+
{
4+
"keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81",
5+
"sig": "3044022064ac6af7f922e3bc8ac095d1fb59c5e65b52c8b378d3777b9223fc63b65c1f05022022a3722f464b3cfb985cdd76b76790533c5ac81613dade8f3a1136d4473dc466"
6+
},
7+
{
8+
"keyid": "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc",
9+
"sig": "3046022100ef742d08c803a87e4eabbefbad528e40bdbe7aa9dcdcdcc024aa256315c8bcf202210089e444aebb431f743fad85cecbb16a3cfd62b624dbd37a9bfdce21135659bd8b"
10+
},
11+
{
12+
"keyid": "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237",
13+
"sig": ""
14+
},
15+
{
16+
"keyid": "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5",
17+
"sig": ""
18+
}
19+
],
20+
"signed": {
21+
"_type": "root",
22+
"consistent_snapshot": true,
23+
"expires": "2025-08-01T13:24:50Z",
24+
"keys": {
25+
"0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5": {
26+
"keytype": "ecdsa",
27+
"keyval": {
28+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoxkvDOmtGEknB3M+ZkPts8joDM0X\nIH5JZwPlgC2CXs/eqOuNF8AcEWwGYRiDhV/IMlQw5bg8PLICQcgsbrDiKg==\n-----END PUBLIC KEY-----\n"
29+
},
30+
"scheme": "ecdsa-sha2-nistp256",
31+
"x-tuf-on-ci-keyowner": "@mnm678"
32+
},
33+
"61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc": {
34+
"keytype": "ecdsa",
35+
"keyval": {
36+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE++Wv+DcLRk+mfkmlpCwl1GUi9EMh\npBUTz8K0fH7bE4mQuViGSyWA/eyMc0HvzZi6Xr0diHw0/lUPBvok214YQw==\n-----END PUBLIC KEY-----\n"
37+
},
38+
"scheme": "ecdsa-sha2-nistp256",
39+
"x-tuf-on-ci-keyowner": "@kommendorkapten"
40+
},
41+
"9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237": {
42+
"keytype": "ecdsa",
43+
"keyval": {
44+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFHDb85JH+JYR1LQmxiz4UMokVMnP\nxKoWpaEnFCKXH8W4Fc/DfIxMnkpjCuvWUBdJXkO0aDIxwsij8TOFh2R7dw==\n-----END PUBLIC KEY-----\n"
45+
},
46+
"scheme": "ecdsa-sha2-nistp256",
47+
"x-tuf-on-ci-keyowner": "@joshuagl"
48+
},
49+
"aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81": {
50+
"keytype": "ecdsa",
51+
"keyval": {
52+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEohqIdE+yTl4OxpX8ZxNUPrg3SL9H\nBDnhZuceKkxy2oMhUOxhWweZeG3bfM1T4ZLnJimC6CAYVU5+F5jZCoftRw==\n-----END PUBLIC KEY-----\n"
53+
},
54+
"scheme": "ecdsa-sha2-nistp256",
55+
"x-tuf-on-ci-keyowner": "@jku"
56+
},
57+
"c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4": {
58+
"keytype": "ecdsa",
59+
"keyval": {
60+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExxmEtmhF5U+i+v/6he4BcSLzCgMx\n/0qSrvDg6bUWwUrkSKS2vDpcJrhGy5fmmhRrGawjPp1ALpC3y1kqFTpXDg==\n-----END PUBLIC KEY-----\n"
61+
},
62+
"scheme": "ecdsa-sha2-nistp256",
63+
"x-tuf-on-ci-online-uri": "gcpkms:projects/projectsigstore-staging/locations/global/keyRings/tuf-keyring/cryptoKeys/tuf-key/cryptoKeyVersions/2"
64+
}
65+
},
66+
"roles": {
67+
"root": {
68+
"keyids": [
69+
"aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81",
70+
"61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc",
71+
"9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237",
72+
"0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5"
73+
],
74+
"threshold": 2
75+
},
76+
"snapshot": {
77+
"keyids": [
78+
"c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4"
79+
],
80+
"threshold": 1,
81+
"x-tuf-on-ci-expiry-period": 3650,
82+
"x-tuf-on-ci-signing-period": 365
83+
},
84+
"targets": {
85+
"keyids": [
86+
"aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81",
87+
"61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc",
88+
"9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237",
89+
"0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5"
90+
],
91+
"threshold": 1
92+
},
93+
"timestamp": {
94+
"keyids": [
95+
"c3479007e861445ce5dc109d9661ed77b35bbc0e3f161852c46114266fc2daa4"
96+
],
97+
"threshold": 1,
98+
"x-tuf-on-ci-expiry-period": 7,
99+
"x-tuf-on-ci-signing-period": 6
100+
}
101+
},
102+
"spec_version": "1.0",
103+
"version": 11,
104+
"x-tuf-on-ci-expiry-period": 182,
105+
"x-tuf-on-ci-signing-period": 35
106+
}
107+
}

sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/signing_config.v0.2.json

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
{
2+
"mediaType": "application/vnd.dev.sigstore.signingconfig.v0.2+json",
3+
"caUrls": [
4+
{
5+
"url": "https://fulcio.sigstage.dev",
6+
"majorApiVersion": 1,
7+
"validFor": {
8+
"start": "2022-04-14T21:38:40Z"
9+
}
10+
}
11+
],
12+
"oidcUrls": [
13+
{
14+
"url": "https://oauth2.sigstage.dev/auth",
15+
"majorApiVersion": 1,
16+
"validFor": {
17+
"start": "2025-04-16T00:00:00Z"
18+
}
19+
}
20+
],
21+
"rekorTlogUrls": [
22+
{
23+
"url": "https://rekor.sigstage.dev",
24+
"majorApiVersion": 1,
25+
"validFor": {
26+
"start": "2021-01-12T11:53:27Z"
27+
}
28+
}
29+
],
30+
"tsaUrls": [
31+
{
32+
"url": "https://timestamp.sigstage.dev/api/v1/timestamp",
33+
"majorApiVersion": 1,
34+
"validFor": {
35+
"start": "2025-04-09T00:00:00Z"
36+
}
37+
}
38+
],
39+
"rekorTlogConfig": {
40+
"selector": "ANY"
41+
},
42+
"tsaConfig": {
43+
"selector": "ANY"
44+
}
45+
}

sigstore/_store/staging/trusted_root.json renamed to sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/trusted_root.json

Lines changed: 13 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDODRU688UYGuy54mNUlaEBiQdTE9nYLr0lg6RXowI/QV/RE1azBn4Eg5/2uTOMbhB1/gfcHzijzFi9Tk+g1Prg==",
99
"keyDetails": "PKIX_ECDSA_P256_SHA_256",
1010
"validFor": {
11-
"start": "2021-01-12T11:53:27.000Z"
11+
"start": "2021-01-12T11:53:27Z"
1212
}
1313
},
1414
"logId": {
@@ -34,7 +34,7 @@
3434
]
3535
},
3636
"validFor": {
37-
"start": "2022-04-14T21:38:40.000Z"
37+
"start": "2022-04-14T21:38:40Z"
3838
}
3939
}
4040
],
@@ -46,8 +46,8 @@
4646
"rawBytes": "MIICCgKCAgEA27A2MPQXm0I0v7/Ly5BIauDjRZF5Jor9vU+QheoE2UIIsZHcyYq3slHzSSHy2lLj1ZD2d91CtJ492ZXqnBmsr4TwZ9jQ05tW2mGIRI8u2DqN8LpuNYZGz/f9SZrjhQQmUttqWmtu3UoLfKz6NbNXUnoo+NhZFcFRLXJ8VporVhuiAmL7zqT53cXR3yQfFPCUDeGnRksnlhVIAJc3AHZZSHQJ8DEXMhh35TVv2nYhTI3rID7GwjXXw4ocz7RGDD37ky6p39Tl5NB71gT1eSqhZhGHEYHIPXraEBd5+3w9qIuLWlp5Ej/K6Mu4ELioXKCUimCbwy+Cs8UhHFlqcyg4AysOHJwIadXIa8LsY51jnVSGrGOEBZevopmQPNPtyfFY3dmXSS+6Z3RD2Gd6oDnNGJzpSyEk410Ag5uvNDfYzJLCWX9tU8lIxNwdFYmIwpd89HijyRyoGnoJ3entd63cvKfuuix5r+GHyKp1Xm1L5j5AWM6P+z0xigwkiXnt+adexAl1J9wdDxv/pUFEESRF4DG8DFGVtbdH6aR1A5/vD4krO4tC1QYUSeyL5Mvsw8WRqIFHcXtgybtxylljvNcGMV1KXQC8UFDmpGZVDSHx6v3e/BHMrZ7gjoCCfVMZ/cFcQi0W2AIHPYEMH/C95J2r4XbHMRdYXpovpOoT5Ca78gsCAwEAAQ==",
4747
"keyDetails": "PKCS1_RSA_PKCS1V5",
4848
"validFor": {
49-
"start": "2021-03-14T00:00:00.000Z",
50-
"end": "2022-07-31T00:00:00.000Z"
49+
"start": "2021-03-14T00:00:00Z",
50+
"end": "2022-07-31T00:00:00Z"
5151
}
5252
},
5353
"logId": {
@@ -61,8 +61,8 @@
6161
"rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh99xuRi6slBFd8VUJoK/rLigy4bYeSYWO/fE6Br7r0D8NpMI94+A63LR/WvLxpUUGBpY8IJA3iU2telag5CRpA==",
6262
"keyDetails": "PKIX_ECDSA_P256_SHA_256",
6363
"validFor": {
64-
"start": "2022-07-01T00:00:00.000Z",
65-
"end": "2022-07-31T00:00:00.000Z"
64+
"start": "2022-07-01T00:00:00Z",
65+
"end": "2022-07-31T00:00:00Z"
6666
}
6767
},
6868
"logId": {
@@ -76,7 +76,7 @@
7676
"rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8gEDKNme8AnXuPBgHjrtXdS6miHqc24CRblNEOFpiJRngeq8Ko73Y+K18yRYVf1DXD4AVLwvKyzdNdl5n0jUSQ==",
7777
"keyDetails": "PKIX_ECDSA_P256_SHA_256",
7878
"validFor": {
79-
"start": "2022-07-01T00:00:00.000Z"
79+
"start": "2022-07-01T00:00:00Z"
8080
}
8181
},
8282
"logId": {
@@ -87,25 +87,22 @@
8787
"timestampAuthorities": [
8888
{
8989
"subject": {
90-
"organization": "GitHub, Inc.",
91-
"commonName": "Internal Services Root - staging"
90+
"organization": "sigstore.dev",
91+
"commonName": "sigstore-tsa-selfsigned"
9292
},
93-
"uri": "tsa.github.internal",
93+
"uri": "https://timestamp.sigstage.dev/api/v1/timestamp",
9494
"certChain": {
9595
"certificates": [
9696
{
97-
"rawBytes": "MIICEzCCAZigAwIBAgIUMpRykCcZaSOBipYce6r2DlnM7vUwCgYIKoZIzj0EAwMwPDEVMBMGA1UEChMMR2l0SHViLCBJbmMuMSMwIQYDVQQDExpUU0EgaW50ZXJtZWRpYXRlIC0gc3RhZ2luZzAeFw0yMzA2MTQxMjAwMDBaFw0yNDA2MTMxMjAwMDBaMDwxFTATBgNVBAoTDEdpdEh1YiwgSW5jLjEjMCEGA1UEAxMaVFNBIFRpbWVzdGFtcGluZyAtIHN0YWdpbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWAMg1BEHAzb03PHUKJiRJZdXcKIL0K/ks3Ylq5F5YDRIxUN4o8yeIaCWXa6i16zi8nXMFsa+3XrYM8mUyi9F6o3gwdjAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUr+RZdcTNo31p3FuR0pajelcnr40wHwYDVR0jBBgwFoAUCmpQzrB6hAnlizGx37LrhKEzsT4wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwCgYIKoZIzj0EAwMDaQAwZgIxAIPUlZB2/p5rpCM3HCn1R8G5TIIW6aZPKtfPWDkNQY0bpFu6e8Dkm2TV3jfgYExuBgIxAOA+vTlDDJoz/qTMMs8VSpw3AMgktlMEhd8V0E+aLW5OizfphuiidkqkqkbCwRSW1w=="
98-
},
99-
{
100-
"rawBytes": "MIICNzCCAb6gAwIBAgIUUXRsBKgGXjrJbdJCQPJMsjfyJcYwCgYIKoZIzj0EAwMwQjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMSkwJwYDVQQDEyBJbnRlcm5hbCBTZXJ2aWNlcyBSb290IC0gc3RhZ2luZzAeFw0yMzA2MTQwMDAwMDBaFw0yODA2MTIwMDAwMDBaMDwxFTATBgNVBAoTDEdpdEh1YiwgSW5jLjEjMCEGA1UEAxMaVFNBIGludGVybWVkaWF0ZSAtIHN0YWdpbmcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS/upihrvu/9+w1Ybfog3B1a8KfQa1bn7DLcJz2iumo+oCfg2bcbyRWygu8zRmrzJKp4HgQHC4LZJEEWm/MNIN1o6wVVmiDTZw01tk4aInmRVF13VKMscdzW5Ho4sYaeOejezB5MA4GA1UdDwEB/wQEAwIBBjATBgNVHSUEDDAKBggrBgEFBQcDCDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQKalDOsHqECeWLMbHfsuuEoTOxPjAfBgNVHSMEGDAWgBR04GYtT79vaQmAEPPEte8q+W1KRTAKBggqhkjOPQQDAwNnADBkAjBOTWZP1QYnmHpFqL73eSzhmSLiHs9pXsQghK0p8pvlAg0R9bxAyXGIZ8qx+k2iIGcCMDRQIScz0gu2Xef3++p2vFYouBsIKbqxv0raJuIlmGiYEvb22MDpAitevKAgqNVMEg=="
97+
"rawBytes": "MIICDzCCAZagAwIBAgIUCjWhBmHV4kFzxomWp/J98n4DfKcwCgYIKoZIzj0EAwMwOTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Etc2VsZnNpZ25lZDAeFw0yNTAzMjgwOTE0MDZaFw0zNTAzMjYwODE0MDZaMC4xFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEVMBMGA1UEAxMMc2lnc3RvcmUtdHNhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEx1v5F3HpD9egHuknpBFlRz7QBRDJu4aeVzt9zJLRY0lvmx1lF7WBM2c9AN8ZGPQsmDqHlJN2R/7+RxLkvlLzkc19IOx38t7mGGEcB7agUDdCF/Ky3RTLSK0Xo/0AgHQdo2owaDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFKj8ZPYo3i7mO3NPVIxSxOGc3VOlMB8GA1UdIwQYMBaAFDsgRlletTJNRzDObmPuc3RH8gR9MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMAoGCCqGSM49BAMDA2cAMGQCMESvVS6GGtF33+J19TfwENWJXjRv4i0/HQFwLUSkX6TfV7g0nG8VnqNHJLvEpAtOjQIwUD3uywTXorQP1DgbV09rF9Yen+CEqs/iEpieJWPst280SSOZ5Na+dyPVk9/8SFk6"
10198
},
10299
{
103-
"rawBytes": "MIICCDCCAY6gAwIBAgIULHHP/UhbXJbdyZfT6gHgTzIYF4EwCgYIKoZIzj0EAwMwQjEVMBMGA1UEChMMR2l0SHViLCBJbmMuMSkwJwYDVQQDEyBJbnRlcm5hbCBTZXJ2aWNlcyBSb290IC0gc3RhZ2luZzAeFw0yMzA2MTQwMDAwMDBaFw0zMzA2MTEwMDAwMDBaMEIxFTATBgNVBAoTDEdpdEh1YiwgSW5jLjEpMCcGA1UEAxMgSW50ZXJuYWwgU2VydmljZXMgUm9vdCAtIHN0YWdpbmcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASocByKBUdzgtqRXcpe/AE5oPoDMWTQqz1/jUQOA8qoEjYBXg9gfGU5KHK/UdwQc4lxbZEA9nJS9vUQAMVV5Es9B4thNHThKR4hFmCL8kKIEoMzXx282Qr6x4ZHYk4tQsCjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBR04GYtT79vaQmAEPPEte8q+W1KRTAKBggqhkjOPQQDAwNoADBlAjBBOu3RtlH1FLvfHPhyoWJHgm+PSNrsWQLRkmWQgAfNPYsfO5fWyhAebMV3FpKVPBICMQCVaie4NAsGi+AHLDhGnPn4Qptz0LBH2So6AVJS24ICeDUDQxKeUTNkUsy6Qgg97/4="
100+
"rawBytes": "MIIB9zCCAXygAwIBAgIUCPExEFKiQh0dP4sp5ltmSYSSkFUwCgYIKoZIzj0EAwMwOTEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MSAwHgYDVQQDExdzaWdzdG9yZS10c2Etc2VsZnNpZ25lZDAeFw0yNTAzMjgwOTE0MDZaFw0zNTAzMjYwODE0MDZaMDkxFTATBgNVBAoTDHNpZ3N0b3JlLmRldjEgMB4GA1UEAxMXc2lnc3RvcmUtdHNhLXNlbGZzaWduZWQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATt0tIDWyo4ARfL9BaSo0W5bJQEbKJTU/u7llvdjSI5aTkOAJa8tixn2+LEfPG4dMFdsMPtsIuU1qn2OqFiuMk6vHv/c+az25RQVY1oo50iMb0jIL3N4FgwhPFpZnCbQPOjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQ7IEZZXrUyTUcwzm5j7nN0R/IEfTAKBggqhkjOPQQDAwNpADBmAjEA2MI1VXgbf3dUOSc95hSRypBKOab18eh2xzQtxUsHvWeY+1iFgyMluUuNR6taoSmFAjEA31m2czguZhKYX+4JSKu5pRYhBTXAd8KKQ3xdPRX/qCaLvT2qJAEQ1YQM3EJRrtI7"
104101
}
105102
]
106103
},
107104
"validFor": {
108-
"start": "2023-06-15T00:00:00Z"
105+
"start": "2025-04-09T00:00:00Z"
109106
}
110107
}
111108
]

sigstore/_store/prod/root.json renamed to sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/root.json

File renamed without changes.

sigstore/_store/prod/signing_config.v0.2.json renamed to sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/signing_config.v0.2.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
{
2+
"comment": "Place holder for use until prod actually has a signing config: see ClientTrustConfig.from_tuf()",
23
"mediaType": "application/vnd.dev.sigstore.signingconfig.v0.2+json",
34
"caUrls": [
45
{

sigstore/_store/prod/trusted_root.json renamed to sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/trusted_root.json

File renamed without changes.

0 commit comments

Comments
 (0)
0