Update to targets - Githubissues

sigstore / root-signing-staging

Staging TUF repository for Sigstore trust root

https://tuf-repo-cdn.sigstage.dev/

Apache License 2.0

3 stars 6 forks source link

Update to targets #157

Closed kommendorkapten closed 2 months ago

kommendorkapten commented 2 months ago

Description

Remove the GitHub TSA as it's not used by anything. It's being removed from the production repo too, see https://github.com/sigstore/root-signing/issues/1268

Add signing_config.json for client configuration. This file will contain URLs for the OIDC provider, Fulcio CA and Rekor transparency log which can be used by a client to bootstrap itself. This was added to sigstore protobuf spec in https://github.com/sigstore/protobuf-specs/pull/277

haydentherapper commented 2 months ago

We'll want to update signing_config again once with https://github.com/sigstore/protobuf-specs/pull/383

kommendorkapten commented 2 months ago

Fixed: https://github.com/sigstore/root-signing-staging/pull/166

kommendorkapten commented 2 months ago

Btw i added this to trtool

 $ ./trtool sc-init -ca https://fulcio.sigstage.dev -op https://oauth2.sigstage.dev/auth/ -tlog https://rekor.sigstage.dev | jq
{
  "mediaType": "application/vnd.dev.sigstore.signingconfig.v0.1+json",
  "caUrl": "https://fulcio.sigstage.dev",
  "oidcUrl": "https://oauth2.sigstage.dev/auth/",
  "tlogUrls": [
    "https://rekor.sigstage.dev"
  ]
}