Generate trusted_root.json in the TUF server

sigstore / scaffolding

Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

Apache License 2.0

59 stars 57 forks source link

Generate trusted_root.json in the TUF server #1235

Closed bkabrda closed 3 months ago

bkabrda commented 3 months ago

Summary

This PR replaces #1191 and is the last PR to address #1182 to make the TUF server useful for prod deployment - it allows for generating the trusted_root.json file and serving it as one of the TUF targets. It does the same as #1191, but uses the new functionality from sigstore-go.

Release Note

The TUF server was improved to generate a trusted_root.json target from the supplied files.

Documentation

I don't believe that the TUF server is even documented anywhere, so I don't think documentation change is required, but please let me know if I'm wrong about that.

bkabrda commented 3 months ago

FWIW this is also related to https://github.com/sigstore/scaffolding/issues/1001 - it addresses the part the TUF server to ensure it generates trusted_root.json (but also to keep the old-style targets for now).

bkabrda commented 3 months ago

@haydentherapper I think I addressed all points from your review, except the one about perhaps the one about some docs - I can address that if you can advise where to put the docs. Thanks!

haydentherapper commented 3 months ago

Thanks, I left a comment about where we could put some docs!

bkabrda commented 3 months ago

@haydentherapper thanks for the pointer, done!

bkabrda commented 3 months ago

@haydentherapper rebased and addressed the last comment. Thank you for the great review!