Closed bkabrda closed 1 month ago
haydentherapper
commented
2 months ago Generally I’m ok with this, but the TUF metadata generated from scaffolding is out of date with other modern Sigstore clients. We need to complete https://github.com/sigstore/scaffolding/issues/1001. Id like to see that issue completed first rather than proliferate the use of this TUF repo implementation, but I also recognize there’s blocking work to get this done.
bkabrda
commented
2 months ago Thanks for sharing the link to the trusted root TUF target issue, I wasn't aware of that and I'll definitely go through it.
My aim is to mostly use this TUF server as a "quick preview" service that a user could stand up quickly, hence I didn't dive into any other issues. I think my PR doesn't make the current situation worse, it only allows running the same code outside of k8s. Would that make it good enough to be accepted right now?
jku
commented
2 months ago aim is to mostly use this TUF server as a "quick preview" service that a user could stand up quickly
My only worry is that some folks will think this is a reasonable way to setup a real TUF repository. That said I don't think this patch makes things worse
bkabrda
commented
2 months ago My only worry is that some folks will think this is a reasonable way to setup a real TUF repository.
I totally see what you mean. I think that could perhaps be fixed by explicitly stating in the README that this is not a production-grade service and maybe also emitting a warning logline saying this when starting the TUF server?
bkabrda
commented
1 month ago @haydentherapper hi, is there anything specific I can do to help get this PR reviewed? Or should I consider it blocked on the issue you linked?
haydentherapper
commented
1 month ago @bkabrda I'm OK to merge this, I don't want to block y'all, but if you are interested, we'd love some help pushing forward updates in scaffolding around generating modern TUF repos.
bkabrda
commented
1 month ago @haydentherapper thanks! I was just thinking about the improvements and I think I have a reasonable proposal. I'll open a separate issue to discuss it and CC you on it. I'm happy to work on the implementation of the proposal assuming it will look ok to you.
bkabrda
commented
1 month ago I opened the proposal for improvements here. It took a little longer than I promised as I was caught up in other things... Anyway, I'd love to hear thoughts on the proposal from both of you - and if it looks good, I would really appreciate if we could get this PR approved and merged. Thanks!
Summary
This PR makes it possible to run the TUF server outside of k8s environment. Fixes https://github.com/sigstore/scaffolding/issues/716
Context: I'm a member of Red Hat's Trusted Artifact Signer product team and we're trying to make Sigstore work outside of k8s environment, in a podman-based Ansible deployment. This will allow us to start the simple TUF server in a podman pod.
Release Note
Made it possible to start the TUF server in a non-k8s environment.
Documentation
I don't believe this needs documentation, as the newly added flag is self-explanatory - but do let me know if you think this should be documented somewhere.