-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trustroot: initial client config messages #277
trustroot: initial client config messages #277
Conversation
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Co-authored-by: Fredrik Skogman <[email protected]> Signed-off-by: William Woodruff <[email protected]>
LGTM, I think this just needs a regeneration |
Signed-off-by: William Woodruff <[email protected]>
Done! |
@woodruffw Do you want to get this in before 0.3.1? |
@haydentherapper Yep! I'll rework on top of #279 now. |
Signed-off-by: William Woodruff <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Before merging, I would just like to make sure we are agreeing on how this will be distributed via PGI TUF root (i.e how this should be documented in the Sigstore Client Spec).
We now have:
- SigningConfig
- TrustedRoot
And then ClientTrustConfig = {SigningConfig, TrustedRoot}
The TUF repository already ships TrustedRoot as single artifact, trusted_root.json
.
How would we ship the SigningConfig? My recommendation is to add a new artifact to the TUF root called signing_config.json
. Why? Do not break the clients. Adding a new target is trivial.
The alternative is to add a new target client_trust_config
that contains both messages. The downside is that we would need to duplicate the trusted_root
.
Shipping two files from the TUF repo is not the end of the world IMHO. We can still allow clients to accept a single file (client_trust_config
) to simplify the UX when e.g. invoked via the terminal.
As we are in the process of adding support for trusted root to a lot of components, withdrawing that from the TUF repository would be very disruptive 😅
This might be a minority opinion, but IMO it's okay for the PGI TUF repo to not ship In other words, IMO it's okay if Regardless of the above, I 100% agree about not removing the current |
Sounds good, I think we are in agreement! |
Merging! |
@woodruffw @kommendorkapten I think a primary motivation would be if we move Rekor to yearly sharding, since the URL would change periodically and clients would need to discover it without breaking old clients. I don't think we need to immediately ship a |
@haydentherapper yes, I proposed in the client meeting to today that we add the |
Added `signing_config.json` (see sigstore/protobuf-specs#277 for details on the name of the file). Signed-off-by: Fredrik Skogman <[email protected]>
WIP; needs workshopping 🙂.Closes #259.CC @haydentherapper @loosebazooka @kommendorkapten