Regression: TUF contents are not saved to disk anymore

sigstore / sigstore-rs

An experimental Rust crate for sigstore

https://sigstore.github.io/sigstore-rs/sigstore/

Apache License 2.0

164 stars 51 forks source link

Regression: TUF contents are not saved to disk anymore #345

Closed flavio closed 2 weeks ago

flavio commented 5 months ago

Description

Up to version 0.7.2, the SigstoreRepository::fetch method took care of synchronizing the contents of a local checkout of Sigstore's TUF repository.

Now (v0.8.0 being latest stable release), the SigstoreTrustRoot::new method tries to take advantage of a local cache of the TUF repository, but it doesn't update the local contents.

The code that takes care of synchronizing the local cache is still part of the sigstore-rs codebase, but it's no longer being used.

tnytown commented 5 months ago

Apologies for the regression. #311 reworks the target fetching functionality and caches the trust root correctly.

flavio commented 5 months ago

@tnytown no worries, ping me on the other PR when it's ready to be reviewed

flavio commented 2 weeks ago

Closing, this has been fixed