Hayden B
Hayden B
TUF and airgapped environments don't work together and there really is no solution that doesn't involve deviating from the TUF specification. The Sigstore TUF client has no mechanism for an...
https://github.com/sigstore/cosign/issues/3548 tracks the change in Cosign This issue can track what's needed in Scaffolding. https://github.com/kommendorkapten/trtool/blob/main/cmd/trtool/app/initroot.go might be a place to start for code to generate a trusted root. We need...
@kommendorkapten One issue is I think this is lagging behind some of the updates to the expected Sigstore TUF metadata, it's not setting `custom`. https://github.com/sigstore/helm-charts/pull/673 should fix this because it...
@k4leung4 A couple questions for this - * Where is createAll used? * Is this for setting up a CA that's backed by an on-disk private key? * Does this...
Sweet, thanks for confirming. I'm looking at dropping support for RFC1423 keys in Fulcio, so I may need to import a third-party library for PKCS#8 key generation in Scaffolding. Any...
This was completed at some point.
I might suggest to align with future changes to the Cosign UI and other sigstore libraries, rather than taking in a certificate chain which contains a root & some number...
@evankanderson Moving this to a dedicated issue
Answered most of these, answers below. One new question is how do we transfer existing repos into the org and how do we import resources? > How do you administer...
This should be complete now, we have Pulumi for managing repo settings and team memberships.