Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1 tuf client #415

Merged
merged 2 commits into from
Apr 14, 2023
Merged

v1 tuf client #415

merged 2 commits into from
Apr 14, 2023

Conversation

loosebazooka
Copy link
Member

Continuation of patricks work on this.

This is the sigstore wrapper around the Updater. It's very barebones right now, but it should allow us to easily access key/cert material defined in the trusted_root.json easier. This should also implement an interface that is passed to all verifiers (not yet defined).

@loosebazooka loosebazooka requested review from patflynn and vlsi April 5, 2023 19:31
patflynn
patflynn previously approved these changes Apr 14, 2023
View reviewed changes
sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java Outdated

public Builder usePublicGoodInstance() {
if (remoteMirror != null || trustedRoot != null) {
throw new IllegalStateException();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe just a message here explaining why you're throwing.

sigstore-java/src/main/java/dev/sigstore/tuf/SigstoreTufClient.java Outdated
}

public SigstoreTufClient build() throws IOException {
Preconditions.checkState(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not just accept 0 as no caching?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that works.

Patrick Flynn and others added 2 commits April 14, 2023 08:42
@loosebazooka
initial sigstore TUF client
80b2d99 
Signed-off-by: Patrick Flynn <patrick@chainguard.dev>
@loosebazooka
additions to sigstore TUF v1
8499567 
Signed-off-by: Appu Goundan <appu@google.com>
@loosebazooka loosebazooka added the safe to test conformance testing label label Apr 14, 2023
@loosebazooka loosebazooka merged commit 4adcc71 into main Apr 14, 2023
@loosebazooka loosebazooka deleted the v1-tuf-client branch April 14, 2023 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patflynn patflynn patflynn approved these changes

@vlsi vlsi Awaiting requested review from vlsi

Assignees
No one assigned
Labels
safe to test conformance testing label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@loosebazooka @patflynn