Relying on trtool in Sigstore scaffolding

[lkatalin]

Hi @kommendorkapten :wave: I'm looking into how to adapt this code into the https://github.com/sigstore/scaffolding repo to fix the issue around generating the TUF trusted_root.json.

So far I am able to run the init command successfully, though having trouble adding more data. I am also not sure why the init options are different from the add options (for example, I can't specify a tlog when I init). Any thoughts on this or what the correct usage is to generate a root with the PGI format? Anything you are hoping to change or update that I should know about before importing parts of this in to scaffolding? Thanks!

[kommendorkapten]

Hi @lkatalin !

This work is done on my idle time, and so is very incomplete and so far only the use-cases that have been relevant for me has been implemented 🙈

The reason the init and add is quite different is that init is meant to be more "complete" (i.e CA, TLog and TSA) and the add is to add a specific instance (any of of CA, TSA or TLog) and so the parameters are different.

Today TLog is not working at all, let me see if I can get some time this week to fix that. That would of course be added for both add and init commands.

Also the verify command does not verify TLogs at all this time. The focus has been on CAs as that's been where we have seen most "issues" so far.

If you want to have more swift responses, don't hesitate to reach out to me at slack!

[lkatalin]

Thanks for the reply, @kommendorkapten ! Let me set up a Slack thread so that we can figure out how to get this going.