Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for file based remote stores for airgap mode. #715

Merged
merged 3 commits into from
Oct 1, 2022
Merged

Add support for file based remote stores for airgap mode. #715

merged 3 commits into from
Oct 1, 2022

Conversation

vaikas
Copy link
Contributor

@vaikas vaikas commented Sep 24, 2022
edited

Signed-off-by: Ville Aikas vaikas@chainguard.dev

Summary

Add support for TUF remote that's backed by local filesystem, or anything that implements golang io/fs.FS. Motivation is to support airgapped environments which can not fetch from HTTP remotes.
This is to pick up: theupdateframework/go-tuf#397

Release Note

Documentation

Add support for specifying file:// based remote TUF mirror. Add support for airgap mode by bringing in the root via filesystem .

vaikas added a commit to vaikas/cosign that referenced this pull request Sep 24, 2022
@vaikas
Use newer version of theupdateframework/go-tuf, sigstore/sigstore
b01cc95 
theupdateframework/go-tuf#397
sigstore/sigstore#715

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas mentioned this pull request Sep 24, 2022
Merged
asraa
asraa reviewed Sep 26, 2022
View reviewed changes
Copy link
Contributor

@asraa asraa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, changes lgtm. Agree this is majorly useful, even for test cases. I'll head over to go-tuf to review that PR when it's ready

vaikas added a commit to vaikas/cosign that referenced this pull request Sep 27, 2022
@vaikas
Use newer version of theupdateframework/go-tuf, sigstore/sigstore
e535ebc 
theupdateframework/go-tuf#397
sigstore/sigstore#715

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
Copy link
Contributor Author

vaikas commented Sep 27, 2022

FWIW, this has been wired in through sigstore here:
#715
And
cosign here:
https://github.com/vaikas/cosign/tree/air-gap

And finally in scaffolding I use a local filesystem based custom TUF root here:
sigstore/scaffolding#382

https://github.com/sigstore/scaffolding/actions/runs/3139401394/jobs/5099778521
If you look at the 'Untar the repository from the fetched secret' section, and it's using a cosign built from here:
https://github.com/vaikas/cosign/tree/air-gap

@vaikas vaikas mentioned this pull request Sep 27, 2022
Merged
2 tasks
@vaikas
Draft of supporting file based remote stores for airgap mode.
3ccec7d 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas
use os.DirFS
b18d31d 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas changed the title Draft of supporting file based remote stores for airgap mode. Add suppor for file based remote stores for airgap mode. Sep 30, 2022
@vaikas
bump to latest tuf to pick up air-gap mods.
0347add 
Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas marked this pull request as ready for review September 30, 2022 15:32
@vaikas vaikas changed the title Add suppor for file based remote stores for airgap mode. Add support for file based remote stores for airgap mode. Sep 30, 2022
haydentherapper
haydentherapper approved these changes Sep 30, 2022
View reviewed changes
Copy link
Contributor

@haydentherapper haydentherapper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!!

@dlorenc dlorenc merged commit ff55a90 into sigstore:main Oct 1, 2022
@vaikas vaikas deleted the air-gap branch October 1, 2022 17:34
vaikas added a commit to vaikas/cosign that referenced this pull request Oct 1, 2022
@vaikas
Use newer version of theupdateframework/go-tuf, sigstore/sigstore
a72f709 
theupdateframework/go-tuf#397
sigstore/sigstore#715

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>
@vaikas vaikas mentioned this pull request Oct 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa left review comments

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vaikas @asraa @haydentherapper @dlorenc