Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix fetching updated targets from TUF root #1921

Merged
merged 11 commits into from May 31, 2022
Merged

fix: fix fetching updated targets from TUF root #1921

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4348caf
fix: fix fetching updated targets from TUF root
asraa May 23, 2022
9b337a5
update zack comments
asraa May 25, 2022
81a86c3
try haydens comments
asraa May 27, 2022
8d77efe
Use Rekor API for pubkeys before TUF if so specified.
vaikas May 30, 2022
153cfde
Address PR feedback, bump golangci-lint from 1.46.0 to 1.46.2
vaikas May 30, 2022
90798bd
Add comments for the env variables.
vaikas May 30, 2022
4dd5b89
Use path instead of filepath, basically revert to what it was before.
vaikas May 31, 2022
530c29e
ho hum, really just use the path.
vaikas May 31, 2022
b8a5075
When interacting with fs do not use OS specific separators.
vaikas May 31, 2022
410d6cf
fix windows line endings
asraa May 31, 2022
e7bcb69
pass embedded into initialization
asraa May 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Expand Up @@ -118,7 +118,7 @@ cross:
golangci-lint:
rm -f $(GOLANGCI_LINT_BIN) || :
set -e ;\
GOBIN=$(GOLANGCI_LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.43.0 ;\
GOBIN=$(GOLANGCI_LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0 ;\

lint: golangci-lint ## Run golangci-lint linter
$(GOLANGCI_LINT_BIN) run -n
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go
View file
Open in desktop
Expand Up @@ -121,7 +121,7 @@ func initRoots() (*x509.CertPool, *x509.CertPool, error) {
// call is made to update the root.
targets, err := tufClient.GetTargetsByMeta(tuf.Fulcio, []string{fulcioTargetStr, fulcioV1TargetStr})
if err != nil {
return nil, nil, errors.New("error getting targets")
return nil, nil, fmt.Errorf("error getting targets: %w", err)
}
if len(targets) == 0 {
return nil, nil, errors.New("none of the Fulcio roots have been found")
Expand Down
18 changes: 9 additions & 9 deletions pkg/cosign/tlog.go
View file
Open in desktop
Expand Up @@ -78,15 +78,6 @@ func getLogID(pub crypto.PublicKey) (string, error) {
// GetRekorPubs retrieves trusted Rekor public keys from the embedded or cached
// TUF root. If expired, makes a network call to retrieve the updated targets.
func GetRekorPubs(ctx context.Context) (map[string]RekorPubKey, error) {
tufClient, err := tuf.NewFromEnv(ctx)
if err != nil {
return nil, err
}
defer tufClient.Close()
targets, err := tufClient.GetTargetsByMeta(tuf.Rekor, []string{rekorTargetStr})
if err != nil {
return nil, err
}
publicKeys := make(map[string]RekorPubKey)
altRekorPub := os.Getenv(altRekorPublicKey)
if altRekorPub != "" {
Expand All @@ -105,6 +96,15 @@ func GetRekorPubs(ctx context.Context) (map[string]RekorPubKey, error) {
}
publicKeys[keyID] = RekorPubKey{PubKey: extra, Status: tuf.Active}
} else {
tufClient, err := tuf.NewFromEnv(ctx)
if err != nil {
return nil, err
}
defer tufClient.Close()
targets, err := tufClient.GetTargetsByMeta(tuf.Rekor, []string{rekorTargetStr})
if err != nil {
return nil, err
}
for _, t := range targets {
rekorPubKey, err := PemToECDSAKey(t.Target)
if err != nil {
Expand Down