ianhundere
commented
7 months ago @haydentherapper i opened a draft PR for this, didn't write a tsalog_test, but wanted to get this 👀 first.
Closed haydentherapper closed 4 months ago
ianhundere
commented
7 months ago @haydentherapper i opened a draft PR for this, didn't write a tsalog_test, but wanted to get this 👀 first.
Description
The sigstore/sigstore TUF client has been updated to support the "TSA" usage type. We currently require the TSA cert chain to be provided by flag. We can also support reading the cert chain from either an environment or the TUF targets, to be more in line with how Fulcio certs or Rekor keys can be provided on verification. See RekorPubKeys as an example for how to support this. Ideally we can refactor all places where we read in the TSA cert chain via flag into a single function that reads from either a flag, env var, or TUF.
Note that as described in https://github.com/sigstore/scaffolding/issues/1001, the usage type will be deprecated in the near future, but given the simplicity of adding this feature, it's worthwhile to do now.