From b1183f0647594d8c111d456be8cca1d5f2091d94 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 21:04:05 +0200 Subject: [PATCH 01/19] chore(deps): Bump the minor-patch group with 2 updates (#1823) Bumps the minor-patch group with 2 updates: [ko-build/setup-ko](https://github.com/ko-build/setup-ko) and [github/codeql-action](https://github.com/github/codeql-action). Updates `ko-build/setup-ko` from 0.8 to 0.9 - [Release notes](https://github.com/ko-build/setup-ko/releases) - [Commits](https://github.com/ko-build/setup-ko/compare/d982fec422852203cfb2053a8ec6ad302280d04d...d006021bd0c28d1ce33a07e7943d48b079944c8d) Updates `github/codeql-action` from 3.28.13 to 3.28.15 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...45775bd8235c68ba998cffa5171334d58593da47) --- updated-dependencies: - dependency-name: ko-build/setup-ko dependency-version: '0.9' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github/codeql-action dependency-version: 3.28.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 2 +- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/kind-cluster-image-policy-no-tuf.yaml | 2 +- .github/workflows/kind-cluster-image-policy-trustroot.yaml | 2 +- .github/workflows/kind-cluster-image-policy-tsa.yaml | 2 +- .github/workflows/kind-cluster-image-policy.yaml | 2 +- .github/workflows/kind-e2e-cosigned.yaml | 2 +- .github/workflows/kind-e2e-trustroot-crd.yaml | 2 +- .github/workflows/release-snapshot.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecard_action.yml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 94afb0bb..48214019 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -44,7 +44,7 @@ jobs: check-latest: true # will use the latest release available for ko - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: chainguard-dev/actions/goimports@dacf41f3472c33979cfd49bca5b503236be57de0 # main diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e2aa9e69..fb99651b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -61,7 +61,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: languages: ${{ matrix.language }} @@ -70,4 +70,4 @@ jobs: make policy-controller - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 diff --git a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml index a25bd96e..26b84d5e 100644 --- a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml +++ b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml @@ -101,7 +101,7 @@ jobs: check-latest: true # will use the latest release available for ko - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/kind-cluster-image-policy-trustroot.yaml b/.github/workflows/kind-cluster-image-policy-trustroot.yaml index b668ce0c..70c99360 100644 --- a/.github/workflows/kind-cluster-image-policy-trustroot.yaml +++ b/.github/workflows/kind-cluster-image-policy-trustroot.yaml @@ -106,7 +106,7 @@ jobs: check-latest: true # will use the latest release available for ko - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/kind-cluster-image-policy-tsa.yaml b/.github/workflows/kind-cluster-image-policy-tsa.yaml index 9b4fce96..96be5f88 100644 --- a/.github/workflows/kind-cluster-image-policy-tsa.yaml +++ b/.github/workflows/kind-cluster-image-policy-tsa.yaml @@ -101,7 +101,7 @@ jobs: check-latest: true # will use the latest release available for ko - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml index f2e0bb2f..3cea9107 100644 --- a/.github/workflows/kind-cluster-image-policy.yaml +++ b/.github/workflows/kind-cluster-image-policy.yaml @@ -115,7 +115,7 @@ jobs: check-latest: true # will use the latest release available for ko - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index 5cfa6361..d6905711 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -98,7 +98,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/kind-e2e-trustroot-crd.yaml b/.github/workflows/kind-e2e-trustroot-crd.yaml index 16842a7c..dec2c20c 100644 --- a/.github/workflows/kind-e2e-trustroot-crd.yaml +++ b/.github/workflows/kind-e2e-trustroot-crd.yaml @@ -98,7 +98,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 diff --git a/.github/workflows/release-snapshot.yaml b/.github/workflows/release-snapshot.yaml index 4be2669b..59bd5f02 100644 --- a/.github/workflows/release-snapshot.yaml +++ b/.github/workflows/release-snapshot.yaml @@ -29,7 +29,7 @@ jobs: - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Set LDFLAGS id: ldflags diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d5fe564c..f54237b2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -41,7 +41,7 @@ jobs: - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 - - uses: ko-build/setup-ko@d982fec422852203cfb2053a8ec6ad302280d04d # v0.8 + - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Set up Cloud SDK uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8 diff --git a/.github/workflows/scorecard_action.yml b/.github/workflows/scorecard_action.yml index 976789dd..ccf0a45d 100644 --- a/.github/workflows/scorecard_action.yml +++ b/.github/workflows/scorecard_action.yml @@ -53,6 +53,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 + uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 with: sarif_file: results.sarif From e58d7f5acbe8b8cfded12b04c99d72192d9503a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 21:04:35 +0200 Subject: [PATCH 02/19] chore(deps): Bump the sigstore group with 5 updates (#1821) Bumps the sigstore group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/rekor](https://github.com/sigstore/rekor) | `1.3.9` | `1.3.10` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.1` | `1.9.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.1` | `1.9.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.1` | `1.9.3` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.1` | `1.9.3` | Updates `github.com/sigstore/rekor` from 1.3.9 to 1.3.10 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.3.9...v1.3.10) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.1 to 1.9.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.1...v1.9.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.1 to 1.9.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.1...v1.9.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.1 to 1.9.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.1...v1.9.3) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.1 to 1.9.3 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.1...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-version: 1.3.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.9.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 26 +++++++++++++------------- go.sum | 56 ++++++++++++++++++++++++++++---------------------------- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index d3e87eff..65af76b9 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c github.com/ryanuber/go-glob v1.0.0 github.com/sigstore/cosign/v2 v2.5.0 - github.com/sigstore/rekor v1.3.9 + github.com/sigstore/rekor v1.3.10 github.com/sigstore/sigstore v1.9.3 github.com/stretchr/testify v1.10.0 github.com/theupdateframework/go-tuf v0.7.0 @@ -64,10 +64,10 @@ require ( github.com/go-jose/go-jose/v4 v4.0.5 github.com/sigstore/protobuf-specs v0.4.1 github.com/sigstore/scaffolding v0.7.22 - github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.1 - github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.1 - github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.1 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1 + github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 + github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3 + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3 github.com/spf13/viper v1.20.1 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254 knative.dev/pkg v0.0.0-20230612155445-74c4be5e935e @@ -76,7 +76,7 @@ require ( require ( cloud.google.com/go v0.118.3 // indirect cloud.google.com/go/auth v0.15.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.4.1 // indirect cloud.google.com/go/kms v1.21.1 // indirect @@ -114,8 +114,8 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/config v1.29.10 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.63 // indirect + github.com/aws/aws-sdk-go-v2/config v1.29.13 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.66 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect @@ -124,10 +124,10 @@ require ( github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.38.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.38.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect @@ -268,7 +268,7 @@ require ( golang.org/x/text v0.24.0 // indirect golang.org/x/tools v0.30.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.227.0 // indirect + google.golang.org/api v0.228.0 // indirect google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect diff --git a/go.sum b/go.sum index a22852e9..8273f7ff 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ cloud.google.com/go v0.118.3 h1:jsypSnrE/w4mJysioGdMBg4MiW/hHx/sArFpaBWHdME= cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc= cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= -cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M= -cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc= +cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= +cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -173,10 +173,10 @@ github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= -github.com/aws/aws-sdk-go-v2/config v1.29.10 h1:yNjgjiGBp4GgaJrGythyBXg2wAs+Im9fSWIUwvi1CAc= -github.com/aws/aws-sdk-go-v2/config v1.29.10/go.mod h1:A0mbLXSdtob/2t59n1X0iMkPQ5d+YzYZB4rwu7SZ7aA= -github.com/aws/aws-sdk-go-v2/credentials v1.17.63 h1:rv1V3kIJ14pdmTu01hwcMJ0WAERensSiD9rEWEBb1Tk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.63/go.mod h1:EJj+yDf0txT26Ulo0VWTavBl31hOsaeuMxIHu2m0suY= +github.com/aws/aws-sdk-go-v2/config v1.29.13 h1:RgdPqWoE8nPpIekpVpDJsBckbqT4Liiaq9f35pbTh1Y= +github.com/aws/aws-sdk-go-v2/config v1.29.13/go.mod h1:NI28qs/IOUIRhsR7GQ/JdexoqRN9tDxkIrYZq0SOF44= +github.com/aws/aws-sdk-go-v2/credentials v1.17.66 h1:aKpEKaTy6n4CEJeYI1MNj97oSDLi4xro3UzQfwf5RWE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.66/go.mod h1:xQ5SusDmHb/fy55wU0QqTy0yNfLqxzec59YcsRZB+rI= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= @@ -193,14 +193,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= -github.com/aws/aws-sdk-go-v2/service/kms v1.38.1 h1:tecq7+mAav5byF+Mr+iONJnCBf4B4gon8RSp4BrweSc= -github.com/aws/aws-sdk-go-v2/service/kms v1.38.1/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 h1:8JdC7Gr9NROg1Rusk25IcZeTO59zLxsKgE0gkh5O6h0= -github.com/aws/aws-sdk-go-v2/service/sso v1.25.1/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2 h1:wK8O+j2dOolmpNVY1EWIbLgxrGCHJKVPm08Hv/u80M8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.2/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 h1:PZV5W8yk4OtH1JAuhV2PXwwO9v5G5Aoj+eMCn4T+1Kc= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.17/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= +github.com/aws/aws-sdk-go-v2/service/kms v1.38.2 h1:945yEU8s1zYwy9s/2JzEJoHKvbAaZEkPqt8TOuO6r/g= +github.com/aws/aws-sdk-go-v2/service/kms v1.38.2/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= +github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 h1:xz7WvTMfSStb9Y8NpCT82FXLNC3QasqBfuAFHY4Pk5g= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.18/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 h1:50sS0RWhGpW/yZx2KcDNEb1u1MANv5BMEkJgcieEDTA= @@ -733,8 +733,8 @@ github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d h1:HWfigq github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= -github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= +github.com/redis/go-redis/v9 v9.7.3 h1:YpPyAayJV+XErNsatSElgRZZVCwXX9QzkKYNvO7x0wM= +github.com/redis/go-redis/v9 v9.7.3/go.mod h1:bGUrSggJ9X9GUmZpZNEOQKaANxSGgOEBRltRTZHSvrA= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a h1:w3tdWGKbLGBPtR/8/oO74W6hmz0qE5q0z9aqSAewaaM= @@ -762,22 +762,22 @@ github.com/sigstore/fulcio v1.6.6 h1:XaMYX6TNT+8n7Npe8D94nyZ7/ERjEsNGFC+REdi/wzw github.com/sigstore/fulcio v1.6.6/go.mod h1:BhQ22lwaebDgIxVBEYOOqLRcN5+xOV+C9bh/GUXRhOk= github.com/sigstore/protobuf-specs v0.4.1 h1:5SsMqZbdkcO/DNHudaxuCUEjj6x29tS2Xby1BxGU7Zc= github.com/sigstore/protobuf-specs v0.4.1/go.mod h1:+gXR+38nIa2oEupqDdzg4qSBT0Os+sP7oYv6alWewWc= -github.com/sigstore/rekor v1.3.9 h1:sUjRpKVh/hhgqGMs0t+TubgYsksArZ6poLEC3MsGAzU= -github.com/sigstore/rekor v1.3.9/go.mod h1:xThNUhm6eNEmkJ/SiU/FVU7pLY2f380fSDZFsdDWlcM= +github.com/sigstore/rekor v1.3.10 h1:/mSvRo4MZ/59ECIlARhyykAlQlkmeAQpvBPlmJtZOCU= +github.com/sigstore/rekor v1.3.10/go.mod h1:JvryKJ40O0XA48MdzYUPu0y4fyvqt0C4iSY7ri9iu3A= github.com/sigstore/scaffolding v0.7.22 h1:VjrRzUVRXWGPboglizvGvgq3U8kXnBS5/s4jDCUVwiU= github.com/sigstore/scaffolding v0.7.22/go.mod h1:ojN1gLIjZCl0lhEoqXBvaL+GJbTbBgcNZxxxvK7apuM= github.com/sigstore/sigstore v1.9.3 h1:y2qlTj+vh+Or3ictKuR3JUFawZPdDxAjrWkeFhon0OQ= github.com/sigstore/sigstore v1.9.3/go.mod h1:VwYkiw0G0dRtwL25KSs04hCyVFF6CYMd/qvNeYrl7EQ= github.com/sigstore/sigstore-go v0.7.1 h1:lyzi3AjO6+BHc5zCf9fniycqPYOt3RaC08M/FRmQhVY= github.com/sigstore/sigstore-go v0.7.1/go.mod h1:AIRj4I3LC82qd07VFm3T2zXYiddxeBV1k/eoS8nTz0E= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.1 h1:/YcNq687WnXpIRXl04nLfJX741G4iW+w+7Nem2Zy0f4= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.1/go.mod h1:ApL9RpKsi7gkSYN0bMNdm/3jZ9EefxMmfYHfUmq2ZYM= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.1 h1:FnusXyTIInnwfIOzzl5PFilRm1I97dxMSOcCkZBu9Kc= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.1/go.mod h1:d5m5LOa/69a+t2YC9pDPwS1n2i/PhqB4cUKbpVDlKKE= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.1 h1:LFiYK1DEWQ6Hf/nroFzBMM+s5rVSjVL45Alpb5Ctl5A= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.1/go.mod h1:GFyFmDsE2wDuIHZD+4+JErGpA0S4zJsKNz5l2JVJd8s= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1 h1:sIW6xe4yU5eIMH8fve2C78d+r29KmHnIb+7po+80bsY= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.1/go.mod h1:3pNf99GnK9eu3XUa5ebHzgEQSVYf9hqAoPFwbwD6O6M= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 h1:ofTeeCNenFFqUxSziEOYh5TLMtHbHO6e8+9vT3Vf34A= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3/go.mod h1:2D6TX/FEBMoaD86P5aYzhxRKUYPiWcOz+6EARsVnM3s= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3 h1:2vhoi7q92JPOCrCR7AZ52lKLj1G+U+hdRnJX6/wN+qk= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3/go.mod h1:nR4s/4sdbeHfe7RwEPL1NhwsC1ia72wDJOIMevxTMYY= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3 h1:FtLuqkIQYvZwWWbtWHbuTbKhsILMeWnMg0VMf6xB4O4= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3/go.mod h1:yZMHY5cEkNRkhZGGhMS6IAUgE0HcXja1xmil796wtqg= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3 h1:f+gPRf7NVfHhJfloN672KKkNHWA7b0vAOSQZyBINHWw= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3/go.mod h1:AjN/gspnXeMDFTOXlHzRJDs8xbkd30kH8VN9D8g4CZM= github.com/sigstore/timestamp-authority v1.2.5 h1:W22JmwRv1Salr/NFFuP7iJuhytcZszQjldoB8GiEdnw= github.com/sigstore/timestamp-authority v1.2.5/go.mod h1:gWPKWq4HMWgPCETre0AakgBzcr9DRqHrsgbrRqsigOs= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1214,8 +1214,8 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.227.0 h1:QvIHF9IuyG6d6ReE+BNd11kIB8hZvjN8Z5xY5t21zYc= -google.golang.org/api v0.227.0/go.mod h1:EIpaG6MbTgQarWF5xJvX0eOJPK9n/5D4Bynb9j2HXvQ= +google.golang.org/api v0.228.0 h1:X2DJ/uoWGnY5obVjewbp8icSL5U4FzuCfy9OjbLSnLs= +google.golang.org/api v0.228.0/go.mod h1:wNvRS1Pbe8r4+IfBIniV8fwCpGwTrYa+kMUDiC5z5a4= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From 7845832df94339d62e98865c4300793c667eca81 Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Wed, 27 Nov 2024 12:59:18 -0500 Subject: [PATCH 03/19] Add SignatureFormat field to Authority Signed-off-by: Cody Soyland --- config/300-clusterimagepolicy.yaml | 6 ++++++ docs/api-types/index-v1alpha1.md | 1 + docs/api-types/index.md | 1 + pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go | 2 ++ pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go | 4 ++++ pkg/apis/policy/v1beta1/clusterimagepolicy_types.go | 4 ++++ pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go | 3 +++ 7 files changed, 21 insertions(+) diff --git a/config/300-clusterimagepolicy.yaml b/config/300-clusterimagepolicy.yaml index c5c3c28e..941bd47c 100644 --- a/config/300-clusterimagepolicy.yaml +++ b/config/300-clusterimagepolicy.yaml @@ -209,6 +209,9 @@ spec: trustRootRef: description: Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities type: string + signatureFormat: + description: SignatureFormat specifies the format the authority expects. Supported formats are "legacy" and "bundle". If not specified, the default is "legacy" (cosign's default). + type: string source: description: Sources sets the configuration to specify the sources from where to consume the signatures. type: array @@ -545,6 +548,9 @@ spec: trustRootRef: description: Use the Certificate Chain from the referred TrustRoot.TimeStampAuthorities type: string + signatureFormat: + description: SignatureFormat specifies the format the authority expects. Supported formats are "legacy" and "bundle". If not specified, the default is "legacy" (cosign's default). + type: string source: description: Sources sets the configuration to specify the sources from where to consume the signatures. type: array diff --git a/docs/api-types/index-v1alpha1.md b/docs/api-types/index-v1alpha1.md index a55f6810..0dbc3d4c 100644 --- a/docs/api-types/index-v1alpha1.md +++ b/docs/api-types/index-v1alpha1.md @@ -172,6 +172,7 @@ Attestation defines the type of attestation to validate and optionally apply a p | ctlog | CTLog sets the configuration to verify the authority against a Rekor instance. | [TLog](#tlog) | false | | attestations | Attestations is a list of individual attestations for this authority, once the signature for this authority has been verified. | [][Attestation](#attestation) | false | | rfc3161timestamp | RFC3161Timestamp sets the configuration to verify the signature timestamp against a RFC3161 time-stamping instance. | [RFC3161Timestamp](#rfc3161timestamp) | false | +| signatureFormat | SignatureFormat specifies the format the authority expects. Supported formats are \"legacy\" and \"bundle\". If not specified, the default is \"legacy\" (cosign's default). | string | false | [Back to TOC](#table-of-contents) diff --git a/docs/api-types/index.md b/docs/api-types/index.md index c3cdbb51..56c93cdf 100644 --- a/docs/api-types/index.md +++ b/docs/api-types/index.md @@ -49,6 +49,7 @@ The authorities block defines the rules for discovering and validating signature | ctlog | CTLog sets the configuration to verify the authority against a Rekor instance. | [TLog](#tlog) | false | | attestations | Attestations is a list of individual attestations for this authority, once the signature for this authority has been verified. | [][Attestation](#attestation) | false | | rfc3161timestamp | RFC3161Timestamp sets the configuration to verify the signature timestamp against a RFC3161 time-stamping instance. | [RFC3161Timestamp](#rfc3161timestamp) | false | +| signatureFormat | SignatureFormat specifies the format the authority expects. Supported formats are \"legacy\" and \"bundle\". If not specified, the default is \"legacy\" (cosign's default). | string | false | [Back to TOC](#table-of-contents) diff --git a/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go b/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go index 671fdba3..bebbe75d 100644 --- a/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go +++ b/pkg/apis/policy/v1alpha1/clusterimagepolicy_conversion.go @@ -89,6 +89,7 @@ func (matchResource *MatchResource) ConvertTo(_ context.Context, sink *v1beta1.M func (authority *Authority) ConvertTo(ctx context.Context, sink *v1beta1.Authority) error { sink.Name = authority.Name + sink.SignatureFormat = authority.SignatureFormat if authority.CTLog != nil && authority.CTLog.URL != nil { sink.CTLog = &v1beta1.TLog{ URL: authority.CTLog.URL.DeepCopy(), @@ -244,6 +245,7 @@ func (spec *ClusterImagePolicySpec) ConvertFrom(ctx context.Context, source *v1b func (authority *Authority) ConvertFrom(ctx context.Context, source *v1beta1.Authority) error { authority.Name = source.Name + authority.SignatureFormat = source.SignatureFormat if source.CTLog != nil && source.CTLog.URL != nil { authority.CTLog = &TLog{ URL: source.CTLog.URL.DeepCopy(), diff --git a/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go b/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go index 32cf7978..75a99159 100644 --- a/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go +++ b/pkg/apis/policy/v1alpha1/clusterimagepolicy_types.go @@ -144,6 +144,10 @@ type Authority struct { // RFC3161Timestamp sets the configuration to verify the signature timestamp against a RFC3161 time-stamping instance. // +optional RFC3161Timestamp *RFC3161Timestamp `json:"rfc3161timestamp,omitempty"` + // SignatureFormat specifies the format the authority expects. Supported + // formats are "legacy" and "bundle". If not specified, the default + // is "legacy" (cosign's default). + SignatureFormat string `json:"signatureFormat,omitempty"` } // This references a public verification key stored in diff --git a/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go b/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go index 8e1b1b8b..44c3adf1 100644 --- a/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go +++ b/pkg/apis/policy/v1beta1/clusterimagepolicy_types.go @@ -143,6 +143,10 @@ type Authority struct { // RFC3161Timestamp sets the configuration to verify the signature timestamp against a RFC3161 time-stamping instance. // +optional RFC3161Timestamp *RFC3161Timestamp `json:"rfc3161timestamp,omitempty"` + // SignatureFormat specifies the format the authority expects. Supported + // formats are "legacy" and "bundle". If not specified, the default + // is "legacy" (cosign's default). + SignatureFormat string `json:"signatureFormat,omitempty"` } // This references a public verification key stored in diff --git a/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go b/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go index a01235eb..e022d5d6 100644 --- a/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go +++ b/pkg/webhook/clusterimagepolicy/clusterimagepolicy_types.go @@ -86,6 +86,8 @@ type Authority struct { Attestations []AttestationPolicy `json:"attestations,omitempty"` // +optional RFC3161Timestamp *RFC3161Timestamp `json:"rfc3161timestamp,omitempty"` + // +optional + SignatureFormat string `json:"signatureFormat,omitempty"` } // This references a public verification key stored in @@ -325,6 +327,7 @@ func convertAuthorityV1Alpha1ToWebhook(in v1alpha1.Authority) *Authority { CTLog: in.CTLog, RFC3161Timestamp: rfc3161Timestamp, Attestations: attestations, + SignatureFormat: in.SignatureFormat, } } From 60096f2420fa9b42dc629b337bd9a09ae9eb9e9c Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Wed, 27 Nov 2024 13:00:23 -0500 Subject: [PATCH 04/19] Add func to retrieve TrustedRoot from TUF Signed-off-by: Cody Soyland Sync TUF cache used for sigstore bundle verification (#166) * sync tuf cache used for sigstore bundle verification Signed-off-by: Meredith Lancaster * remove singleton err Signed-off-by: Meredith Lancaster * start adding lock Signed-off-by: Meredith Lancaster * Use RWMutex Signed-off-by: Meredith Lancaster * pr feedback Signed-off-by: Meredith Lancaster --------- Signed-off-by: Meredith Lancaster Fix shadowed trustedroot (#178) * Fix shadowed variable bug This code caused the singleton `trustedRoot` to be returned as nil on subsequent calls. The singleton was shadowed when the variable was redeclared in the `if` block. Signed-off-by: Cody Soyland * Remove unused singleton `singletonRootError` was never returned without being overwritten, so it was essentially unused. I think it's wise to always retry the TUF call on future invocations in case of network errors. Signed-off-by: Cody Soyland --------- Signed-off-by: Cody Soyland Update go.mod Signed-off-by: Cody Soyland --- go.mod | 2 +- pkg/tuf/repo.go | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 65af76b9..9206acd1 100644 --- a/go.mod +++ b/go.mod @@ -64,6 +64,7 @@ require ( github.com/go-jose/go-jose/v4 v4.0.5 github.com/sigstore/protobuf-specs v0.4.1 github.com/sigstore/scaffolding v0.7.22 + github.com/sigstore/sigstore-go v0.7.1 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3 @@ -228,7 +229,6 @@ require ( github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/sigstore/sigstore-go v0.7.1 // indirect github.com/sigstore/timestamp-authority v1.2.5 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sourcegraph/conc v0.3.0 // indirect diff --git a/pkg/tuf/repo.go b/pkg/tuf/repo.go index 0b31c49d..0d8b8a23 100644 --- a/pkg/tuf/repo.go +++ b/pkg/tuf/repo.go @@ -28,9 +28,12 @@ import ( "path/filepath" "runtime" "strings" + "sync" "testing/fstest" "time" + "github.com/sigstore/sigstore-go/pkg/root" + "github.com/sigstore/sigstore/pkg/tuf" "github.com/theupdateframework/go-tuf/client" "sigs.k8s.io/release-utils/version" ) @@ -294,3 +297,43 @@ func ClientFromRemote(_ context.Context, mirror string, rootJSON []byte, targets } return tufClient, nil } + +var ( + mu sync.RWMutex + timestamp time.Time + trustedRoot *root.TrustedRoot +) + +// GetTrustedRoot returns the trusted root for the TUF repository. +func GetTrustedRoot() (*root.TrustedRoot, error) { + now := time.Now().UTC() + // check if timestamp has never been or if the current time is more + // than 24 hours after the current value of timestamp + if timestamp.IsZero() || now.After(timestamp.Add(24*time.Hour)) { + mu.Lock() + defer mu.Unlock() + + tufClient, err := tuf.NewFromEnv(context.Background()) + if err != nil { + return nil, fmt.Errorf("initializing tuf: %w", err) + } + // TODO: add support for custom trusted root path + targetBytes, err := tufClient.GetTarget("trusted_root.json") + if err != nil { + return nil, fmt.Errorf("error getting targets: %w", err) + } + trustedRoot, err = root.NewTrustedRootFromJSON(targetBytes) + if err != nil { + return nil, fmt.Errorf("error creating trusted root: %w", err) + } + + timestamp = now + + return trustedRoot, nil + } + + mu.RLock() + defer mu.RUnlock() + + return trustedRoot, nil +} From d8993d486c1c1518185c078a15de6d953059e76e Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 26 Jun 2024 14:45:49 -0600 Subject: [PATCH 05/19] Thread configurable trustroot resync period to bundle trustroot func (#171) * move trustroot resync period configration to different package Signed-off-by: Meredith Lancaster * add license Signed-off-by: Meredith Lancaster * comment Signed-off-by: Meredith Lancaster * rename files Signed-off-by: Meredith Lancaster --------- Signed-off-by: Meredith Lancaster --- cmd/webhook/main.go | 3 +- pkg/reconciler/trustroot/controller.go | 20 +--------- pkg/reconciler/trustroot/controller_test.go | 20 ---------- pkg/tuf/context.go | 41 ++++++++++++++++++++ pkg/tuf/context_test.go | 42 +++++++++++++++++++++ pkg/tuf/repo.go | 9 +++-- 6 files changed, 92 insertions(+), 43 deletions(-) create mode 100644 pkg/tuf/context.go create mode 100644 pkg/tuf/context_test.go diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index 52f329ca..6f84894f 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -56,6 +56,7 @@ import ( "github.com/sigstore/sigstore/pkg/tuf" "github.com/sigstore/policy-controller/pkg/apis/config" + pctuf "github.com/sigstore/policy-controller/pkg/tuf" cwebhook "github.com/sigstore/policy-controller/pkg/webhook" ) @@ -136,7 +137,7 @@ func main() { // Set the policy and trust root resync periods ctx = clusterimagepolicy.ToContext(ctx, *policyResyncPeriod) - ctx = trustroot.ToContext(ctx, *trustrootResyncPeriod) + ctx = pctuf.ToContext(ctx, *trustrootResyncPeriod) // This must match the set of resources we configure in // cmd/webhook/main.go in the "types" map. diff --git a/pkg/reconciler/trustroot/controller.go b/pkg/reconciler/trustroot/controller.go index 8373b980..66fffe2a 100644 --- a/pkg/reconciler/trustroot/controller.go +++ b/pkg/reconciler/trustroot/controller.go @@ -16,7 +16,6 @@ package trustroot import ( "context" - "time" "k8s.io/client-go/tools/cache" kubeclient "knative.dev/pkg/client/injection/kube/client" @@ -30,6 +29,7 @@ import ( "github.com/sigstore/policy-controller/pkg/apis/config" trustrootinformer "github.com/sigstore/policy-controller/pkg/client/injection/informers/policy/v1alpha1/trustroot" trustrootreconciler "github.com/sigstore/policy-controller/pkg/client/injection/reconciler/policy/v1alpha1/trustroot" + "github.com/sigstore/policy-controller/pkg/tuf" cminformer "knative.dev/pkg/injection/clients/namespacedkube/informers/core/v1/configmap" ) @@ -37,8 +37,6 @@ import ( // use it in tests as well. const FinalizerName = "trustroots.policy.sigstore.dev" -type trustrootResyncPeriodKey struct{} - // NewController creates a Reconciler and returns the result of NewImpl. func NewController( ctx context.Context, @@ -78,22 +76,8 @@ func NewController( pkgreconciler.NamespaceFilterFunc(system.Namespace()), pkgreconciler.NameFilterFunc(config.SigstoreKeysConfigName)), Handler: controller.HandleAll(grCb), - }, FromContextOrDefaults(ctx)); err != nil { + }, tuf.FromContextOrDefaults(ctx)); err != nil { logging.FromContext(ctx).Warnf("Failed configMapInformer AddEventHandlerWithResyncPeriod() %v", err) } return impl } - -func ToContext(ctx context.Context, duration time.Duration) context.Context { - return context.WithValue(ctx, trustrootResyncPeriodKey{}, duration) -} - -// FromContextOrDefaults returns a stored trustrootResyncPeriod if attached. -// If not found, it returns a default duration -func FromContextOrDefaults(ctx context.Context) time.Duration { - x, ok := ctx.Value(trustrootResyncPeriodKey{}).(time.Duration) - if ok { - return x - } - return controller.DefaultResyncPeriod -} diff --git a/pkg/reconciler/trustroot/controller_test.go b/pkg/reconciler/trustroot/controller_test.go index 7d6b442a..0377b562 100644 --- a/pkg/reconciler/trustroot/controller_test.go +++ b/pkg/reconciler/trustroot/controller_test.go @@ -16,10 +16,8 @@ package trustroot import ( "testing" - "time" "knative.dev/pkg/configmap" - "knative.dev/pkg/controller" rtesting "knative.dev/pkg/reconciler/testing" // Fake injection informers @@ -39,21 +37,3 @@ func TestNew(t *testing.T) { t.Fatal("Expected NewController to return a non-nil value") } } - -func TestContextDuration(t *testing.T) { - ctx, _ := rtesting.SetupFakeContext(t) - - expected := controller.DefaultResyncPeriod - actual := FromContextOrDefaults(ctx) - if expected != actual { - t.Fatal("Expected the context to store the value and be retrievable") - } - - expected = time.Hour - ctx = ToContext(ctx, expected) - actual = FromContextOrDefaults(ctx) - - if expected != actual { - t.Fatal("Expected the context to store the value and be retrievable") - } -} diff --git a/pkg/tuf/context.go b/pkg/tuf/context.go new file mode 100644 index 00000000..3c9f8153 --- /dev/null +++ b/pkg/tuf/context.go @@ -0,0 +1,41 @@ +// +// Copyright 2024 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tuf + +import ( + "context" + "time" + + "knative.dev/pkg/controller" +) + +type trustrootResyncPeriodKey struct{} + +// ToContext returns a context that includes a key trustrootResyncPeriod +// set to the included duration +func ToContext(ctx context.Context, duration time.Duration) context.Context { + return context.WithValue(ctx, trustrootResyncPeriodKey{}, duration) +} + +// FromContextOrDefaults returns a stored trustrootResyncPeriod if attached. +// If not found, it returns a default duration +func FromContextOrDefaults(ctx context.Context) time.Duration { + x, ok := ctx.Value(trustrootResyncPeriodKey{}).(time.Duration) + if ok { + return x + } + return controller.DefaultResyncPeriod +} diff --git a/pkg/tuf/context_test.go b/pkg/tuf/context_test.go new file mode 100644 index 00000000..5537cb0a --- /dev/null +++ b/pkg/tuf/context_test.go @@ -0,0 +1,42 @@ +// +// Copyright 2024 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package tuf + +import ( + "testing" + "time" + + "knative.dev/pkg/controller" + rtesting "knative.dev/pkg/reconciler/testing" +) + +func TestContextDuration(t *testing.T) { + ctx, _ := rtesting.SetupFakeContext(t) + + expected := controller.DefaultResyncPeriod + actual := FromContextOrDefaults(ctx) + if expected != actual { + t.Fatal("Expected the context to store the value and be retrievable") + } + + expected = time.Hour + ctx = ToContext(ctx, expected) + actual = FromContextOrDefaults(ctx) + + if expected != actual { + t.Fatal("Expected the context to store the value and be retrievable") + } +} diff --git a/pkg/tuf/repo.go b/pkg/tuf/repo.go index 0d8b8a23..eb957377 100644 --- a/pkg/tuf/repo.go +++ b/pkg/tuf/repo.go @@ -305,11 +305,12 @@ var ( ) // GetTrustedRoot returns the trusted root for the TUF repository. -func GetTrustedRoot() (*root.TrustedRoot, error) { +func GetTrustedRoot(ctx context.Context) (*root.TrustedRoot, error) { + resyncPeriodDuration := FromContextOrDefaults(ctx) now := time.Now().UTC() - // check if timestamp has never been or if the current time is more - // than 24 hours after the current value of timestamp - if timestamp.IsZero() || now.After(timestamp.Add(24*time.Hour)) { + // check if timestamp has never been set or if the current time + // is after the current timestamp value plus the included resync duration + if timestamp.IsZero() || now.After(timestamp.Add(resyncPeriodDuration)) { mu.Lock() defer mu.Unlock() From 1b9864a52ee9557c3c73179c856797bae577fdf8 Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Wed, 4 Dec 2024 16:08:42 -0500 Subject: [PATCH 06/19] linter: remove redundant error checks Signed-off-by: Cody Soyland --- pkg/webhook/validator_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index 5ff0f816..bfc86c1b 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -3032,7 +3032,7 @@ func TestFulcioCertsFromAuthority(t *testing.T) { } else if err.Error() != tc.wantErr { t.Errorf("unexpected error: %v wanted %q", err, tc.wantErr) } - } else if err == nil && tc.wantErr != "" { + } else if tc.wantErr != "" { t.Errorf("wanted error: %q got none", tc.wantErr) } if !roots.Equal(tc.wantRoots) { @@ -3140,7 +3140,7 @@ func TestRekorClientAndKeysFromAuthority(t *testing.T) { } else if err.Error() != tc.wantErr { t.Errorf("unexpected error: %v wanted %q", err, tc.wantErr) } - } else if err == nil && tc.wantErr != "" { + } else if tc.wantErr != "" { t.Errorf("wanted error: %q got none", tc.wantErr) } if tc.wantLogID != "" { @@ -3370,7 +3370,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { } else if err.Error() != tc.wantErr { t.Errorf("unexpected error: %v wanted %q", err, tc.wantErr) } - } else if err == nil && tc.wantErr != "" { + } else if tc.wantErr != "" { t.Errorf("wanted error: %q got none", tc.wantErr) } if tc.wantClient && (gotCheckOpts == nil || gotCheckOpts.RekorClient == nil) { From 9ae61a3fa519160c23d0fbfbf6615d426162df2f Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Mon, 9 Dec 2024 14:34:38 -0500 Subject: [PATCH 07/19] Generate CheckOpts for verification of the new bundle format Signed-off-by: Cody Soyland --- pkg/webhook/validator.go | 66 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 64 insertions(+), 2 deletions(-) diff --git a/pkg/webhook/validator.go b/pkg/webhook/validator.go index 53f53310..1f18eada 100644 --- a/pkg/webhook/validator.go +++ b/pkg/webhook/validator.go @@ -45,6 +45,7 @@ import ( "github.com/sigstore/policy-controller/pkg/webhook/registryauth" rekor "github.com/sigstore/rekor/pkg/client" "github.com/sigstore/rekor/pkg/generated/client" + "github.com/sigstore/sigstore-go/pkg/root" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/fulcioroots" "github.com/sigstore/sigstore/pkg/signature" @@ -1338,10 +1339,10 @@ func normalizeArchitecture(cf *v1.ConfigFile) string { func checkOptsFromAuthority(ctx context.Context, authority webhookcip.Authority, remoteOpts ...ociremote.Option) (*cosign.CheckOpts, error) { ret := &cosign.CheckOpts{ RegistryClientOpts: remoteOpts, + NewBundleFormat: authority.SignatureFormat == "bundle", } - // Add in the identities for verification purposes, as well as Fulcio URL - // and certificates + // Add in the identities for verification purposes if authority.Keyless != nil { for _, id := range authority.Keyless.Identities { ret.Identities = append(ret.Identities, @@ -1351,6 +1352,67 @@ func checkOptsFromAuthority(ctx context.Context, authority webhookcip.Authority, IssuerRegExp: id.IssuerRegExp, SubjectRegExp: id.SubjectRegExp}) } + } + + if ret.NewBundleFormat { + // The new bundle format is only supported for keyless authorities + // and the trustRootRef must be set. + if authority.Keyless == nil { + // TODO: Support the new bundle format for non-keyless authorities + return nil, fmt.Errorf("when using the new bundle format, the authority must be keyless") + } + trustRootRef := authority.Keyless.TrustRootRef + if trustRootRef != "" { + // Set up TrustedMaterial + sigstoreKeys, err := sigstoreKeysFromContext(ctx, trustRootRef) + if err != nil { + return nil, fmt.Errorf("getting SigstoreKeys: %w", err) + } + sk, ok := sigstoreKeys.SigstoreKeys[trustRootRef] + if !ok { + return nil, fmt.Errorf("trustRootRef %s not found", trustRootRef) + } + ret.TrustedMaterial, err = root.NewTrustedRootFromProtobuf(sk) + if err != nil { + return nil, fmt.Errorf("failed to create trusted root from protobuf: %w", err) + } + } else { + var err error + ret.TrustedMaterial, err = root.FetchTrustedRoot() + if err != nil { + return nil, fmt.Errorf("failed to fetch trusted root: %w", err) + } + } + if authority.Keyless.InsecureIgnoreSCT != nil && *authority.Keyless.InsecureIgnoreSCT { + ret.IgnoreSCT = *authority.Keyless.InsecureIgnoreSCT + } + + // Check for custom TSA + tsa := authority.RFC3161Timestamp + if tsa != nil { + if tsa.TrustRootRef != authority.Keyless.TrustRootRef { + return nil, fmt.Errorf("when using the new bundle format, the trustRootRef for the TSA must be the same as the trustRootRef for the Keyless authority") + } + ret.UseSignedTimestamps = true + } + + // Check for custom Rekor + tlog := authority.CTLog + if tlog != nil { + if tlog.TrustRootRef != authority.Keyless.TrustRootRef { + return nil, fmt.Errorf("when using the new bundle format, the trustRootRef for the TLog must be the same as the trustRootRef for the Keyless authority") + } + // Only require the TLog if we're not using signed timestamps + if ret.UseSignedTimestamps { + ret.IgnoreTlog = true + } + } + return ret, nil + } + + // If we're not using the new bundle verifier (TrustedMaterial), we need to assemble the other CheckOpts (Fulcio, Rekor, TSA, etc.) + + if authority.Keyless != nil { fulcioRoots, fulcioIntermediates, ctlogKeys, err := fulcioCertsFromAuthority(ctx, authority.Keyless) if err != nil { return nil, fmt.Errorf("getting Fulcio certs: %s: %w", authority.Name, err) From 2c06b7545a20374ee622a9bd99de2fde081d98b4 Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Tue, 15 Apr 2025 14:01:28 -0400 Subject: [PATCH 08/19] Use cached trusted root Signed-off-by: Cody Soyland --- pkg/webhook/validator.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/webhook/validator.go b/pkg/webhook/validator.go index 1f18eada..491af26c 100644 --- a/pkg/webhook/validator.go +++ b/pkg/webhook/validator.go @@ -41,6 +41,7 @@ import ( "github.com/sigstore/policy-controller/pkg/apis/config" policyduckv1beta1 "github.com/sigstore/policy-controller/pkg/apis/duck/v1beta1" policycontrollerconfig "github.com/sigstore/policy-controller/pkg/config" + pctuf "github.com/sigstore/policy-controller/pkg/tuf" webhookcip "github.com/sigstore/policy-controller/pkg/webhook/clusterimagepolicy" "github.com/sigstore/policy-controller/pkg/webhook/registryauth" rekor "github.com/sigstore/rekor/pkg/client" @@ -1378,7 +1379,7 @@ func checkOptsFromAuthority(ctx context.Context, authority webhookcip.Authority, } } else { var err error - ret.TrustedMaterial, err = root.FetchTrustedRoot() + ret.TrustedMaterial, err = pctuf.GetTrustedRoot(ctx) if err != nil { return nil, fmt.Errorf("failed to fetch trusted root: %w", err) } From 27748812c290901dea840d65bc48721bca33b5ac Mon Sep 17 00:00:00 2001 From: Yuto Iso <6024009+0xiso@users.noreply.github.com> Date: Wed, 16 Apr 2025 03:41:25 +0900 Subject: [PATCH 09/19] Preserve original tag when resolving an image tag to digest Signed-off-by: Yuto Iso <6024009+0xiso@users.noreply.github.com> --- pkg/webhook/validator.go | 14 ++++++++++++-- pkg/webhook/validator_test.go | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/pkg/webhook/validator.go b/pkg/webhook/validator.go index 53f53310..e6b1e129 100644 --- a/pkg/webhook/validator.go +++ b/pkg/webhook/validator.go @@ -1078,7 +1078,12 @@ func (v *Validator) resolvePodSpec(ctx context.Context, ps *corev1.PodSpec, opt logging.FromContext(ctx).Debugf("Unable to resolve digest %q: %v", ref.String(), err) continue } - cs[i].Image = digest.String() + // Keep the original tag and append the digest + if tagRef, ok := ref.(name.Tag); ok { + cs[i].Image = fmt.Sprintf("%s@%s", tagRef.Name(), digest.DigestStr()) + } else { + cs[i].Image = digest.String() + } } } } @@ -1102,7 +1107,12 @@ func (v *Validator) resolvePodSpec(ctx context.Context, ps *corev1.PodSpec, opt logging.FromContext(ctx).Debugf("Unable to resolve digest %q: %v", ref.String(), err) continue } - cs[i].Image = digest.String() + // Keep the original tag and append the digest + if tagRef, ok := ref.(name.Tag); ok { + cs[i].Image = fmt.Sprintf("%s@%s", tagRef.Name(), digest.DigestStr()) + } else { + cs[i].Image = digest.String() + } } } } diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index 5ff0f816..fc6d15bd 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -136,6 +136,9 @@ func TestValidatePodSpec(t *testing.T) { // Resolved via crane digest on 2022/09/29 digestNewer := name.MustParseReference("gcr.io/distroless/static:nonroot@sha256:2a9e2b4fa771d31fe3346a873be845bfc2159695b9f90ca08e950497006ccc2e") + // Digest only reference (without tag) + digestOnly := name.MustParseReference("gcr.io/distroless/static@sha256:be5d77c62dbe7fedfb0a4e5ec2f91078080800ab1f18358e5f31fcc8faa023c4") + ctx, _ := rtesting.SetupFakeContext(t) // Non-existent URL for testing complete failure @@ -681,6 +684,38 @@ func TestValidatePodSpec(t *testing.T) { }, ), cvs: authorityPublicKeyCVS, + }, { + name: "digest only", + ps: &corev1.PodSpec{ + Containers: []corev1.Container{{ + Name: "user-container", + Image: digestOnly.String(), + }}, + }, + customContext: config.ToContext(context.Background(), + &config.Config{ + ImagePolicyConfig: &config.ImagePolicyConfig{ + Policies: map[string]webhookcip.ClusterImagePolicy{ + "cluster-image-policy": { + Images: []v1alpha1.ImagePattern{{ + Glob: "gcr.io/*/*", + }}, + Authorities: []webhookcip.Authority{ + { + Key: &webhookcip.KeyRef{ + Data: authorityKeyCosignPubString, + PublicKeys: []crypto.PublicKey{authorityKeyCosignPub}, + HashAlgorithm: signaturealgo.DefaultSignatureAlgorithm, + HashAlgorithmCode: crypto.SHA256, + }, + }, + }, + }, + }, + }, + }, + ), + cvs: pass, }} for _, test := range tests { From 27c8ab462914c17fc42a1fb510b506162f8bdb72 Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Wed, 16 Apr 2025 16:14:43 -0400 Subject: [PATCH 10/19] Add tests for bundle checkopts Signed-off-by: Cody Soyland --- pkg/webhook/validator_test.go | 91 ++++++++++++++++++++++++++++++++--- 1 file changed, 85 insertions(+), 6 deletions(-) diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index bfc86c1b..4e3e9775 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -33,6 +33,7 @@ import ( "time" "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/google/go-containerregistry/pkg/authn/k8schain" "github.com/google/go-containerregistry/pkg/name" "github.com/sigstore/cosign/v2/pkg/cosign" @@ -46,6 +47,8 @@ import ( "github.com/sigstore/policy-controller/pkg/apis/signaturealgo" policycontrollerconfig "github.com/sigstore/policy-controller/pkg/config" webhookcip "github.com/sigstore/policy-controller/pkg/webhook/clusterimagepolicy" + pbcommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" + "github.com/sigstore/sigstore-go/pkg/root" "github.com/sigstore/sigstore/pkg/cryptoutils" "github.com/sigstore/sigstore/pkg/fulcioroots" "github.com/sigstore/sigstore/pkg/tuf" @@ -3240,10 +3243,12 @@ func TestCheckOptsFromAuthority(t *testing.T) { }}, } skCombined := config.SigstoreKeys{ + MediaType: "application/vnd.dev.sigstore.trustedroot+json;version=0.1", Tlogs: []*config.TransparencyLogInstance{{ - PublicKey: pbpkRekor, - LogId: &config.LogID{KeyId: []byte("rekor-logid")}, - BaseUrl: "rekor.example.com", + PublicKey: pbpkRekor, + LogId: &config.LogID{KeyId: []byte("rekor-logid")}, + BaseUrl: "rekor.example.com", + HashAlgorithm: pbcommon.HashAlgorithm_SHA2_256, }}, CertificateAuthorities: []*config.CertificateAuthority{{ Subject: &config.DistinguishedName{ @@ -3253,8 +3258,9 @@ func TestCheckOptsFromAuthority(t *testing.T) { CertChain: certChainPB, }}, Ctlogs: []*config.TransparencyLogInstance{{ - LogId: &config.LogID{KeyId: []byte(ctfeLogID)}, - PublicKey: pbpkCTFE, + LogId: &config.LogID{KeyId: []byte(ctfeLogID)}, + PublicKey: pbpkCTFE, + HashAlgorithm: pbcommon.HashAlgorithm_SHA2_256, }}, } c := &config.Config{ @@ -3355,6 +3361,79 @@ func TestCheckOptsFromAuthority(t *testing.T) { }}, CTLogPubKeys: &cosign.TrustedTransparencyLogPubKeys{Keys: map[string]cosign.TransparencyLogPubKey{ctfeLogID: {PubKey: pkCTFE, Status: tuf.Active}}}, }, + }, { + name: "bundle format, with Identities and Rekor", + authority: webhookcip.Authority{ + SignatureFormat: "bundle", + CTLog: &v1alpha1.TLog{ + URL: apis.HTTPS("rekor.example.com"), + TrustRootRef: "test-trust-combined", + }, + Keyless: &webhookcip.KeylessRef{ + TrustRootRef: "test-trust-combined", + Identities: []v1alpha1.Identity{{ + Issuer: "issuer", + Subject: "subject", + }}, + }, + }, + ctx: testCtx, + wantCheckOpts: &cosign.CheckOpts{ + NewBundleFormat: true, + Identities: []cosign.Identity{{ + Issuer: "issuer", + Subject: "subject", + }}, + TrustedMaterial: &root.TrustedRoot{}, + }, + }, { + name: "bundle format, with TSA", + authority: webhookcip.Authority{ + SignatureFormat: "bundle", + // Test keys do not contain a TSA but that is okay as we are just constructing the checkOpts + RFC3161Timestamp: &webhookcip.RFC3161Timestamp{ + TrustRootRef: "test-trust-combined", + }, + Keyless: &webhookcip.KeylessRef{ + TrustRootRef: "test-trust-combined", + }, + }, + ctx: testCtx, + wantCheckOpts: &cosign.CheckOpts{ + NewBundleFormat: true, + UseSignedTimestamps: true, + TrustedMaterial: &root.TrustedRoot{}, + }, + }, { + name: "bundle format, bad TrustRootRef", + authority: webhookcip.Authority{ + SignatureFormat: "bundle", + Keyless: &webhookcip.KeylessRef{ + TrustRootRef: "not-there", + }, + }, + ctx: testCtx, + wantErr: "trustRootRef not-there not found", + }, { + name: "bundle format, unsupported different trustroots", + authority: webhookcip.Authority{ + SignatureFormat: "bundle", + CTLog: &v1alpha1.TLog{ + TrustRootRef: "test-trust-rekor", + }, + Keyless: &webhookcip.KeylessRef{ + TrustRootRef: "test-trust-combined", + }, + }, + ctx: testCtx, + wantErr: "when using the new bundle format, the trustRootRef for the TLog must be the same as the trustRootRef for the Keyless authority", + }, { + name: "bundle format, unsupported non-keyless", + authority: webhookcip.Authority{ + SignatureFormat: "bundle", + }, + ctx: testCtx, + wantErr: "when using the new bundle format, the authority must be keyless", }} for _, tc := range tests { @@ -3384,7 +3463,7 @@ func TestCheckOptsFromAuthority(t *testing.T) { if gotCheckOpts != nil { gotCheckOpts.RekorClient = nil } - if diff := cmp.Diff(gotCheckOpts, tc.wantCheckOpts); diff != "" { + if diff := cmp.Diff(gotCheckOpts, tc.wantCheckOpts, cmpopts.IgnoreUnexported(root.TrustedRoot{})); diff != "" { t.Errorf("CheckOpts differ: %s", diff) } }) From 5ebbbe3d1f912a0cf542869c80e133fde5cbc815 Mon Sep 17 00:00:00 2001 From: Yuto Iso <6024009+0xiso@users.noreply.github.com> Date: Sun, 20 Apr 2025 16:57:53 +0900 Subject: [PATCH 11/19] Revert test Signed-off-by: Yuto Iso <6024009+0xiso@users.noreply.github.com> --- pkg/webhook/validator_test.go | 35 ----------------------------------- 1 file changed, 35 deletions(-) diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index fc6d15bd..5ff0f816 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -136,9 +136,6 @@ func TestValidatePodSpec(t *testing.T) { // Resolved via crane digest on 2022/09/29 digestNewer := name.MustParseReference("gcr.io/distroless/static:nonroot@sha256:2a9e2b4fa771d31fe3346a873be845bfc2159695b9f90ca08e950497006ccc2e") - // Digest only reference (without tag) - digestOnly := name.MustParseReference("gcr.io/distroless/static@sha256:be5d77c62dbe7fedfb0a4e5ec2f91078080800ab1f18358e5f31fcc8faa023c4") - ctx, _ := rtesting.SetupFakeContext(t) // Non-existent URL for testing complete failure @@ -684,38 +681,6 @@ func TestValidatePodSpec(t *testing.T) { }, ), cvs: authorityPublicKeyCVS, - }, { - name: "digest only", - ps: &corev1.PodSpec{ - Containers: []corev1.Container{{ - Name: "user-container", - Image: digestOnly.String(), - }}, - }, - customContext: config.ToContext(context.Background(), - &config.Config{ - ImagePolicyConfig: &config.ImagePolicyConfig{ - Policies: map[string]webhookcip.ClusterImagePolicy{ - "cluster-image-policy": { - Images: []v1alpha1.ImagePattern{{ - Glob: "gcr.io/*/*", - }}, - Authorities: []webhookcip.Authority{ - { - Key: &webhookcip.KeyRef{ - Data: authorityKeyCosignPubString, - PublicKeys: []crypto.PublicKey{authorityKeyCosignPub}, - HashAlgorithm: signaturealgo.DefaultSignatureAlgorithm, - HashAlgorithmCode: crypto.SHA256, - }, - }, - }, - }, - }, - }, - }, - ), - cvs: pass, }} for _, test := range tests { From ea54b96d5124049d59755ab86c0ef786098913e9 Mon Sep 17 00:00:00 2001 From: Yuto Iso <6024009+0xiso@users.noreply.github.com> Date: Sun, 20 Apr 2025 17:08:14 +0900 Subject: [PATCH 12/19] Update test for images without a tag Signed-off-by: Yuto Iso <6024009+0xiso@users.noreply.github.com> --- pkg/webhook/validator_test.go | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index 5ff0f816..dce5344b 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -1000,6 +1000,7 @@ func TestResolvePodSpec(t *testing.T) { tag := name.MustParseReference("gcr.io/distroless/static:nonroot") // Resolved via crane digest on 2021/09/25 digest := name.MustParseReference("gcr.io/distroless/static:nonroot@sha256:be5d77c62dbe7fedfb0a4e5ec2f91078080800ab1f18358e5f31fcc8faa023c4") + digestWithoutTag := name.MustParseReference("gcr.io/distroless/static@sha256:be5d77c62dbe7fedfb0a4e5ec2f91078080800ab1f18358e5f31fcc8faa023c4") ctx, _ := rtesting.SetupFakeContext(t) @@ -1017,7 +1018,7 @@ func TestResolvePodSpec(t *testing.T) { remoteResolveDigest = rrd }() resolve := func(_ name.Reference, _ ...remote.Option) (name.Digest, error) { - return digest.(name.Digest), nil + return tag.Context().Digest(digestWithoutTag.Identifier()), nil } tests := []struct { @@ -1107,6 +1108,30 @@ func TestResolvePodSpec(t *testing.T) { }, wc: apis.WithinCreate, rrd: resolve, + }, { + name: "digests without tag resolve (in create)", + ps: &corev1.PodSpec{ + InitContainers: []corev1.Container{{ + Name: "setup-stuff", + Image: digestWithoutTag.String(), + }}, + Containers: []corev1.Container{{ + Name: "user-container", + Image: digestWithoutTag.String(), + }}, + }, + want: &corev1.PodSpec{ + InitContainers: []corev1.Container{{ + Name: "setup-stuff", + Image: digestWithoutTag.String(), + }}, + Containers: []corev1.Container{{ + Name: "user-container", + Image: digestWithoutTag.String(), + }}, + }, + wc: apis.WithinCreate, + rrd: resolve, }} for _, test := range tests { From f4f2f1e63a6317122742cab1c7c88b95a1a3fa42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 11:51:23 +0200 Subject: [PATCH 13/19] chore(deps): Bump codecov/codecov-action in the minor-patch group (#1828) Bumps the minor-patch group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 5.4.0 to 5.4.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/0565863a31f2c772f9f0395002a31e3f06189574...ad3126e916f78f00edff4ed0317cf185271ccc2d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 5.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 2aeb5915..fc6710c3 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -57,7 +57,7 @@ jobs: - name: Run Go tests run: go test -covermode atomic -coverprofile coverage.txt $(go list ./... | grep -v third_party/) - name: Upload Coverage Report - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 with: env_vars: OS - name: Run Go tests w/ `-race` From 46a8ea538bea00e4c27cfaabebaf308205c6ff66 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Tue, 22 Apr 2025 14:02:08 +0200 Subject: [PATCH 14/19] pin ch/actions to a hash tag and update version comment (#1829) * pin ch/actions to a hash tag and update version comment Signed-off-by: Carlos Panato * update codegen Signed-off-by: Carlos Panato --------- Signed-off-by: Carlos Panato --- .github/workflows/build.yaml | 2 +- .github/workflows/donotsubmit.yaml | 2 +- .../kind-cluster-image-policy-no-tuf.yaml | 4 +- .../kind-cluster-image-policy-trustroot.yaml | 4 +- .../kind-cluster-image-policy-tsa.yaml | 4 +- .../workflows/kind-cluster-image-policy.yaml | 4 +- .github/workflows/kind-e2e-cosigned.yaml | 6 +- .github/workflows/kind-e2e-trustroot-crd.yaml | 6 +- .github/workflows/style.yaml | 4 +- .github/workflows/verify-codegen.yaml | 2 +- .github/workflows/verify-docs.yaml | 2 +- .github/workflows/whitespace.yaml | 4 +- .../github.com/prometheus/procfs/LICENSE | 201 ++++++++++++++++++ .../github.com/prometheus/procfs/NOTICE | 7 + 14 files changed, 230 insertions(+), 22 deletions(-) create mode 100644 third_party/VENDOR-LICENSE/github.com/prometheus/procfs/LICENSE create mode 100644 third_party/VENDOR-LICENSE/github.com/prometheus/procfs/NOTICE diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 48214019..8632eef0 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -46,7 +46,7 @@ jobs: # will use the latest release available for ko - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - - uses: chainguard-dev/actions/goimports@dacf41f3472c33979cfd49bca5b503236be57de0 # main + - uses: chainguard-dev/actions/goimports@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 - name: Set up Cloud SDK uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8 diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 3e8fed02..e6bc87aa 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -17,4 +17,4 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Do Not Submit - uses: chainguard-dev/actions/donotsubmit@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/donotsubmit@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml index 26b84d5e..3ae24c50 100644 --- a/.github/workflows/kind-cluster-image-policy-no-tuf.yaml +++ b/.github/workflows/kind-cluster-image-policy-no-tuf.yaml @@ -109,7 +109,7 @@ jobs: uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1 - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io @@ -143,4 +143,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-cluster-image-policy-trustroot.yaml b/.github/workflows/kind-cluster-image-policy-trustroot.yaml index 70c99360..4f580c56 100644 --- a/.github/workflows/kind-cluster-image-policy-trustroot.yaml +++ b/.github/workflows/kind-cluster-image-policy-trustroot.yaml @@ -114,7 +114,7 @@ jobs: uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1 - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io @@ -150,4 +150,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-cluster-image-policy-tsa.yaml b/.github/workflows/kind-cluster-image-policy-tsa.yaml index 96be5f88..e0fd6f08 100644 --- a/.github/workflows/kind-cluster-image-policy-tsa.yaml +++ b/.github/workflows/kind-cluster-image-policy-tsa.yaml @@ -109,7 +109,7 @@ jobs: uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1 - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io @@ -179,4 +179,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml index 3cea9107..c8926d52 100644 --- a/.github/workflows/kind-cluster-image-policy.yaml +++ b/.github/workflows/kind-cluster-image-policy.yaml @@ -123,7 +123,7 @@ jobs: uses: mikefarah/yq@8bf425b4d1344db7cd469a8d10a390876e0c77fd # v4.45.1 - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io @@ -174,4 +174,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index d6905711..a83737ad 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -108,12 +108,12 @@ jobs: - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io - name: Setup kind cluster - uses: chainguard-dev/actions/setup-kind@main + uses: chainguard-dev/actions/setup-kind@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: k8s-version: ${{ matrix.k8s-version }} cluster-suffix: c${{ github.run_id }}.local @@ -170,4 +170,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/kind-e2e-trustroot-crd.yaml b/.github/workflows/kind-e2e-trustroot-crd.yaml index dec2c20c..9751d95a 100644 --- a/.github/workflows/kind-e2e-trustroot-crd.yaml +++ b/.github/workflows/kind-e2e-trustroot-crd.yaml @@ -108,12 +108,12 @@ jobs: - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a - name: Setup mirror - uses: chainguard-dev/actions/setup-mirror@main + uses: chainguard-dev/actions/setup-mirror@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: mirror: mirror.gcr.io - name: Setup kind cluster - uses: chainguard-dev/actions/setup-kind@main + uses: chainguard-dev/actions/setup-kind@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: k8s-version: ${{ matrix.k8s-version }} cluster-suffix: c${{ github.run_id }}.local @@ -141,4 +141,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@29fb6e979a0b3efc79748a17e8cec08d0594cbfd # main + uses: chainguard-dev/actions/kind-diag@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index adfb385d..296ffee5 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -21,7 +21,7 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: chainguard-dev/actions/gofmt@e6364567e59cb42c49cf69f8e1242f247bc23844 # main + - uses: chainguard-dev/actions/gofmt@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: args: -s @@ -39,4 +39,4 @@ jobs: go-version-file: './go.mod' check-latest: true - - uses: chainguard-dev/actions/goimports@main # main + - uses: chainguard-dev/actions/goimports@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 diff --git a/.github/workflows/verify-codegen.yaml b/.github/workflows/verify-codegen.yaml index 82fe1f05..a11159e5 100644 --- a/.github/workflows/verify-codegen.yaml +++ b/.github/workflows/verify-codegen.yaml @@ -50,7 +50,7 @@ jobs: # For whatever reason running this makes it not complain... git status - - uses: chainguard-dev/actions/nodiff@4ba8d060251254fc0e65500a8d3a90013a22a8d7 # main + - uses: chainguard-dev/actions/nodiff@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: path: ./src/github.com/${{ github.repository }} fixup-command: "./hack/update-codegen.sh" diff --git a/.github/workflows/verify-docs.yaml b/.github/workflows/verify-docs.yaml index b9010f30..2a9482e4 100644 --- a/.github/workflows/verify-docs.yaml +++ b/.github/workflows/verify-docs.yaml @@ -50,7 +50,7 @@ jobs: # For whatever reason running this makes it not complain... git status - - uses: chainguard-dev/actions/nodiff@4ba8d060251254fc0e65500a8d3a90013a22a8d7 # main + - uses: chainguard-dev/actions/nodiff@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 with: path: ./src/github.com/${{ github.repository }} fixup-command: "make docs" diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index b462822f..8c5707d6 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -16,8 +16,8 @@ jobs: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: chainguard-dev/actions/trailing-space@7071df0659dbd4a79804731f0da2d0f1dba0b356 # main + - uses: chainguard-dev/actions/trailing-space@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 if: ${{ always() }} - - uses: chainguard-dev/actions/eof-newline@7071df0659dbd4a79804731f0da2d0f1dba0b356 # main + - uses: chainguard-dev/actions/eof-newline@be6c67b5b374ed43d908ac017ff9b04c271ad3d8 # v1.0.3 if: ${{ always() }} diff --git a/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/LICENSE b/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/NOTICE b/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/NOTICE new file mode 100644 index 00000000..53c5e9aa --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/prometheus/procfs/NOTICE @@ -0,0 +1,7 @@ +procfs provides functions to retrieve system, kernel and process +metrics from the pseudo-filesystem proc. + +Copyright 2014-2015 The Prometheus Authors + +This product includes software developed at +SoundCloud Ltd. (http://soundcloud.com/). From e2b050f1871d059a37a21c3bfbf7967ece34b2cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Apr 2025 14:58:41 +0200 Subject: [PATCH 15/19] chore(deps): Bump the minor-patch group across 1 directory with 4 updates (#1826) * chore(deps): Bump the minor-patch group across 1 directory with 4 updates Bumps the minor-patch group with 4 updates in the / directory: [golang.org/x/net](https://github.com/golang/net), [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). Updates `golang.org/x/net` from 0.38.0 to 0.39.0 - [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.8.2 to 1.9.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azidentity/v1.8.2...sdk/azcore/v1.9.0) Updates `github.com/docker/docker` from 28.0.4+incompatible to 28.1.1+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.0.4...v28.1.1) Updates `github.com/go-jose/go-jose/v4` from 4.0.5 to 4.1.0 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v4.0.5...v4.1.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/docker/docker dependency-version: 28.1.1+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-patch ... Signed-off-by: dependabot[bot] * update go.mod Signed-off-by: Carlos Panato --------- Signed-off-by: dependabot[bot] Signed-off-by: Carlos Panato Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Panato --- go.mod | 13 +++++++------ go.sum | 24 ++++++++++++++---------- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 65af76b9..a0954d27 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/sigstore/policy-controller -go 1.23.4 +go 1.24 require ( github.com/aws/aws-sdk-go v1.55.6 @@ -34,7 +34,7 @@ require ( github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.37.0 - golang.org/x/net v0.38.0 + golang.org/x/net v0.39.0 golang.org/x/sys v0.32.0 // indirect golang.org/x/time v0.11.0 google.golang.org/grpc v1.71.0 // indirect @@ -55,13 +55,13 @@ require github.com/spf13/cobra v1.9.1 require ( github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/docker/docker v28.0.4+incompatible + github.com/docker/docker v28.1.1+incompatible github.com/docker/docker-credential-helpers v0.9.3 github.com/docker/go-connections v0.5.0 - github.com/go-jose/go-jose/v4 v4.0.5 + github.com/go-jose/go-jose/v4 v4.1.0 github.com/sigstore/protobuf-specs v0.4.1 github.com/sigstore/scaffolding v0.7.22 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 @@ -85,7 +85,7 @@ require ( contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect cuelang.org/go v0.12.1 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.14.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect @@ -204,6 +204,7 @@ require ( github.com/mailru/easyjson v0.9.0 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/sys/atomicwriter v0.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/mozillazg/docker-credential-acr-helper v0.4.0 // indirect diff --git a/go.sum b/go.sum index 8273f7ff..7c31223f 100644 --- a/go.sum +++ b/go.sum @@ -63,12 +63,12 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2 h1:F0gBpfdPLGsw+nsgk6aqqkZS1jiixa5WwFe3fk/T3Ys= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2/go.mod h1:SqINnQ9lVVdRlyC8cd1lCI0SdX4n2paeABd2K8ggfnE= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0 h1:OVoM452qUFBrX+URdH3VpR299ma4kfom0yB0URYky9g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0/go.mod h1:kUjrAo8bgEwLeZ/CmHqNl3Z/kPm7y6FKfxxK0izYUg4= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.0 h1:Bg8m3nq/X1DeePkAbCfb6ml6F3F0IunEhE8TMh+lY48= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.0/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1 h1:Wgf5rZba3YZqeTNJPtvqZoBu1sBN/L4sry+u2U3Y75w= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.3.1/go.mod h1:xxCBG/f/4Vbmh2XQJBsOmNdxWUY5j/s27jujKPbQf14= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.1.1 h1:bFWuoEKg+gImo7pvkiQEFAc8ocibADgXeiLAxWhWmkI= @@ -290,8 +290,8 @@ github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvD github.com/docker/cli v27.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= -github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.1.1+incompatible h1:49M11BFLsVO1gxY9UX9p/zwkE/rswggs8AdFmXQw51I= +github.com/docker/docker v28.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -339,8 +339,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= -github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= +github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY= +github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -630,6 +630,10 @@ github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c h1:cqn374 github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= +github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= +github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= +github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1023,8 +1027,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY= +golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From 14458a79f0ef6c82ce8894be3f08ba54e1ec3dc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 13:57:07 +0200 Subject: [PATCH 16/19] chore(deps): Bump the sigstore group with 6 updates (#1832) Bumps the sigstore group with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.9.3` | `1.9.4` | | [github.com/sigstore/sigstore-go](https://github.com/sigstore/sigstore-go) | `0.7.1` | `0.7.2` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.9.3` | `1.9.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.9.3` | `1.9.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.9.3` | `1.9.4` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.9.3` | `1.9.4` | Updates `github.com/sigstore/sigstore` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4) Updates `github.com/sigstore/sigstore-go` from 0.7.1 to 0.7.2 - [Release notes](https://github.com/sigstore/sigstore-go/releases) - [Commits](https://github.com/sigstore/sigstore-go/compare/v0.7.1...v0.7.2) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.9.3 to 1.9.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore-go dependency-version: 0.7.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: sigstore ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 42 ++++++++++++------------- go.sum | 96 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 69 insertions(+), 69 deletions(-) diff --git a/go.mod b/go.mod index 43ad6053..4aa6802a 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( github.com/ryanuber/go-glob v1.0.0 github.com/sigstore/cosign/v2 v2.5.0 github.com/sigstore/rekor v1.3.10 - github.com/sigstore/sigstore v1.9.3 + github.com/sigstore/sigstore v1.9.4 github.com/stretchr/testify v1.10.0 github.com/theupdateframework/go-tuf v0.7.0 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 @@ -37,7 +37,7 @@ require ( golang.org/x/net v0.39.0 golang.org/x/sys v0.32.0 // indirect golang.org/x/time v0.11.0 - google.golang.org/grpc v1.71.0 // indirect + google.golang.org/grpc v1.71.1 // indirect google.golang.org/protobuf v1.36.6 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.32.3 @@ -64,24 +64,24 @@ require ( github.com/go-jose/go-jose/v4 v4.1.0 github.com/sigstore/protobuf-specs v0.4.1 github.com/sigstore/scaffolding v0.7.22 - github.com/sigstore/sigstore-go v0.7.1 - github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 - github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3 - github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3 + github.com/sigstore/sigstore-go v0.7.2 + github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.4 + github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.4 + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.4 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.4 github.com/spf13/viper v1.20.1 knative.dev/hack/schema v0.0.0-20240607132042-09143140a254 knative.dev/pkg v0.0.0-20230612155445-74c4be5e935e ) require ( - cloud.google.com/go v0.118.3 // indirect - cloud.google.com/go/auth v0.15.0 // indirect + cloud.google.com/go v0.120.0 // indirect + cloud.google.com/go/auth v0.16.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.4.1 // indirect - cloud.google.com/go/kms v1.21.1 // indirect - cloud.google.com/go/longrunning v0.6.5 // indirect + cloud.google.com/go/iam v1.5.0 // indirect + cloud.google.com/go/kms v1.21.2 // indirect + cloud.google.com/go/longrunning v0.6.6 // indirect contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect cuelang.org/go v0.12.1 // indirect @@ -115,8 +115,8 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/config v1.29.13 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.66 // indirect + github.com/aws/aws-sdk-go-v2/config v1.29.14 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.67 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect @@ -125,10 +125,10 @@ require ( github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.38.2 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect github.com/aws/smithy-go v1.22.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect @@ -252,8 +252,8 @@ require ( go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect go.opentelemetry.io/otel v1.35.0 // indirect go.opentelemetry.io/otel/metric v1.35.0 // indirect go.opentelemetry.io/otel/sdk v1.35.0 // indirect @@ -269,10 +269,10 @@ require ( golang.org/x/text v0.24.0 // indirect golang.org/x/tools v0.30.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.228.0 // indirect + google.golang.org/api v0.229.0 // indirect google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 7c31223f..0b430021 100644 --- a/go.sum +++ b/go.sum @@ -13,10 +13,10 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.118.3 h1:jsypSnrE/w4mJysioGdMBg4MiW/hHx/sArFpaBWHdME= -cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc= -cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= -cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= +cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= +cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= +cloud.google.com/go/auth v0.16.0 h1:Pd8P1s9WkcrBE2n/PhAwKsdrR35V3Sg2II9B+ndM3CU= +cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -29,12 +29,12 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.4.1 h1:cFC25Nv+u5BkTR/BT1tXdoF2daiVbZ1RLx2eqfQ9RMM= -cloud.google.com/go/iam v1.4.1/go.mod h1:2vUEJpUG3Q9p2UdsyksaKpDzlwOrnMzS30isdReIcLM= -cloud.google.com/go/kms v1.21.1 h1:r1Auo+jlfJSf8B7mUnVw5K0fI7jWyoUy65bV53VjKyk= -cloud.google.com/go/kms v1.21.1/go.mod h1:s0wCyByc9LjTdCjG88toVs70U9W+cc6RKFc8zAqX7nE= -cloud.google.com/go/longrunning v0.6.5 h1:sD+t8DO8j4HKW4QfouCklg7ZC1qC4uzVZt8iz3uTW+Q= -cloud.google.com/go/longrunning v0.6.5/go.mod h1:Et04XK+0TTLKa5IPYryKf5DkpwImy6TluQ1QTLwlKmY= +cloud.google.com/go/iam v1.5.0 h1:QlLcVMhbLGOjRcGe6VTGGTyQib8dRLK2B/kYNV0+2xs= +cloud.google.com/go/iam v1.5.0/go.mod h1:U+DOtKQltF/LxPEtcDLoobcsZMilSRwR7mgNL7knOpo= +cloud.google.com/go/kms v1.21.2 h1:c/PRUSMNQ8zXrc1sdAUnsenWWaNXN+PzTXfXOcSFdoE= +cloud.google.com/go/kms v1.21.2/go.mod h1:8wkMtHV/9Z8mLXEXr1GK7xPSBdi6knuLXIhqjuWcI6w= +cloud.google.com/go/longrunning v0.6.6 h1:XJNDo5MUfMM05xK3ewpbSdmt7R2Zw+aQEMbdQR65Rbw= +cloud.google.com/go/longrunning v0.6.6/go.mod h1:hyeGJUrPHcx0u2Uu1UFSoYZLn4lkMrccJig0t4FI7yw= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -173,10 +173,10 @@ github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM= github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg= -github.com/aws/aws-sdk-go-v2/config v1.29.13 h1:RgdPqWoE8nPpIekpVpDJsBckbqT4Liiaq9f35pbTh1Y= -github.com/aws/aws-sdk-go-v2/config v1.29.13/go.mod h1:NI28qs/IOUIRhsR7GQ/JdexoqRN9tDxkIrYZq0SOF44= -github.com/aws/aws-sdk-go-v2/credentials v1.17.66 h1:aKpEKaTy6n4CEJeYI1MNj97oSDLi4xro3UzQfwf5RWE= -github.com/aws/aws-sdk-go-v2/credentials v1.17.66/go.mod h1:xQ5SusDmHb/fy55wU0QqTy0yNfLqxzec59YcsRZB+rI= +github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM= +github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g= +github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q= @@ -193,14 +193,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= -github.com/aws/aws-sdk-go-v2/service/kms v1.38.2 h1:945yEU8s1zYwy9s/2JzEJoHKvbAaZEkPqt8TOuO6r/g= -github.com/aws/aws-sdk-go-v2/service/kms v1.38.2/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk= +github.com/aws/aws-sdk-go-v2/service/kms v1.38.3 h1:RivOtUH3eEu6SWnUMFHKAW4MqDOzWn1vGQ3S38Y5QMg= +github.com/aws/aws-sdk-go-v2/service/kms v1.38.3/go.mod h1:cQn6tAF77Di6m4huxovNM7NVAozWTZLsDRp9t8Z/WYk= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.18 h1:xz7WvTMfSStb9Y8NpCT82FXLNC3QasqBfuAFHY4Pk5g= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.18/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ= github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 h1:50sS0RWhGpW/yZx2KcDNEb1u1MANv5BMEkJgcieEDTA= @@ -258,8 +258,8 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8= github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU= -github.com/coreos/go-oidc/v3 v3.13.0 h1:M66zd0pcc5VxvBNM4pB331Wrsanby+QomQYjN8HamW8= -github.com/coreos/go-oidc/v3 v3.13.0/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU= +github.com/coreos/go-oidc/v3 v3.14.1 h1:9ePWwfdwC4QKRlCXsJGou56adA/owXczOzwKdOumLqk= +github.com/coreos/go-oidc/v3 v3.14.1/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc= github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= @@ -770,18 +770,18 @@ github.com/sigstore/rekor v1.3.10 h1:/mSvRo4MZ/59ECIlARhyykAlQlkmeAQpvBPlmJtZOCU github.com/sigstore/rekor v1.3.10/go.mod h1:JvryKJ40O0XA48MdzYUPu0y4fyvqt0C4iSY7ri9iu3A= github.com/sigstore/scaffolding v0.7.22 h1:VjrRzUVRXWGPboglizvGvgq3U8kXnBS5/s4jDCUVwiU= github.com/sigstore/scaffolding v0.7.22/go.mod h1:ojN1gLIjZCl0lhEoqXBvaL+GJbTbBgcNZxxxvK7apuM= -github.com/sigstore/sigstore v1.9.3 h1:y2qlTj+vh+Or3ictKuR3JUFawZPdDxAjrWkeFhon0OQ= -github.com/sigstore/sigstore v1.9.3/go.mod h1:VwYkiw0G0dRtwL25KSs04hCyVFF6CYMd/qvNeYrl7EQ= -github.com/sigstore/sigstore-go v0.7.1 h1:lyzi3AjO6+BHc5zCf9fniycqPYOt3RaC08M/FRmQhVY= -github.com/sigstore/sigstore-go v0.7.1/go.mod h1:AIRj4I3LC82qd07VFm3T2zXYiddxeBV1k/eoS8nTz0E= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3 h1:ofTeeCNenFFqUxSziEOYh5TLMtHbHO6e8+9vT3Vf34A= -github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.3/go.mod h1:2D6TX/FEBMoaD86P5aYzhxRKUYPiWcOz+6EARsVnM3s= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3 h1:2vhoi7q92JPOCrCR7AZ52lKLj1G+U+hdRnJX6/wN+qk= -github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.3/go.mod h1:nR4s/4sdbeHfe7RwEPL1NhwsC1ia72wDJOIMevxTMYY= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3 h1:FtLuqkIQYvZwWWbtWHbuTbKhsILMeWnMg0VMf6xB4O4= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.3/go.mod h1:yZMHY5cEkNRkhZGGhMS6IAUgE0HcXja1xmil796wtqg= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3 h1:f+gPRf7NVfHhJfloN672KKkNHWA7b0vAOSQZyBINHWw= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.3/go.mod h1:AjN/gspnXeMDFTOXlHzRJDs8xbkd30kH8VN9D8g4CZM= +github.com/sigstore/sigstore v1.9.4 h1:64+OGed80+A4mRlNzRd055vFcgBeDghjZw24rPLZgDU= +github.com/sigstore/sigstore v1.9.4/go.mod h1:Q7tGTC3gbtK7c3jcxEmGc2MmK4rRpIRzi3bxRFWKvEY= +github.com/sigstore/sigstore-go v0.7.2 h1:CN4xPasChSEb0QBMxMW5dLcXdA9KD4QiRyVnMkhXj6U= +github.com/sigstore/sigstore-go v0.7.2/go.mod h1:AIRj4I3LC82qd07VFm3T2zXYiddxeBV1k/eoS8nTz0E= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.4 h1:kQqUJ1VuWdJltMkinFXAHTlJrzMRPoNgL+dy6WyJ/dA= +github.com/sigstore/sigstore/pkg/signature/kms/aws v1.9.4/go.mod h1:9miLz7c69vj/7VH7UpCKHDia41HCTIDJWJWf4Ex5yUk= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.4 h1:MHRm7YQuF4zFyoXRLgUdLaNxqVO6JlLGnkDUI9fm9ow= +github.com/sigstore/sigstore/pkg/signature/kms/azure v1.9.4/go.mod h1:899VNYSSnQ0QtcuhkW0gznzxn0cqhowTL3nzc/xnym8= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.4 h1:C2nSyTmTxpuamUmLCWWZwz+0Y1IQIig9XwAJ4UAn/SI= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.9.4/go.mod h1:vjDahU0sEw/WMkKkygZNH72EMg86iaFNLAaJFXhItXU= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.4 h1:t9yfb6yteIDv8CNRT6OHdqgTV6TSj+CdOtZP9dVhpsQ= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.9.4/go.mod h1:m7sQxVJmDa+rsmS1m6biQxaLX83pzNS7ThUEyjOqkCU= github.com/sigstore/timestamp-authority v1.2.5 h1:W22JmwRv1Salr/NFFuP7iJuhytcZszQjldoB8GiEdnw= github.com/sigstore/timestamp-authority v1.2.5/go.mod h1:gWPKWq4HMWgPCETre0AakgBzcr9DRqHrsgbrRqsigOs= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -844,8 +844,8 @@ github.com/tink-crypto/tink-go-awskms/v2 v2.1.0 h1:N9UxlsOzu5mttdjhxkDLbzwtEecuX github.com/tink-crypto/tink-go-awskms/v2 v2.1.0/go.mod h1:PxSp9GlOkKL9rlybW804uspnHuO9nbD98V/fDX4uSis= github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0 h1:3B9i6XBXNTRspfkTC0asN5W0K6GhOSgcujNiECNRNb0= github.com/tink-crypto/tink-go-gcpkms/v2 v2.2.0/go.mod h1:jY5YN2BqD/KSCHM9SqZPIpJNG/u3zwfLXHgws4x2IRw= -github.com/tink-crypto/tink-go/v2 v2.3.0 h1:4/TA0lw0lA/iVKBL9f8R5eP7397bfc4antAMXF5JRhs= -github.com/tink-crypto/tink-go/v2 v2.3.0/go.mod h1:kfPOtXIadHlekBTeBtJrHWqoGL+Fm3JQg0wtltPuxLU= +github.com/tink-crypto/tink-go/v2 v2.4.0 h1:8VPZeZI4EeZ8P/vB6SIkhlStrJfivTJn+cQ4dtyHNh0= +github.com/tink-crypto/tink-go/v2 v2.4.0/go.mod h1:l//evrF2Y3MjdbpNDNGnKgCpo5zSmvUvnQ4MU+yE2sw= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= @@ -887,10 +887,10 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60= @@ -903,8 +903,8 @@ go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/ go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= -go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk= -go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= +go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o= +go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= @@ -1218,8 +1218,8 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.228.0 h1:X2DJ/uoWGnY5obVjewbp8icSL5U4FzuCfy9OjbLSnLs= -google.golang.org/api v0.228.0/go.mod h1:wNvRS1Pbe8r4+IfBIniV8fwCpGwTrYa+kMUDiC5z5a4= +google.golang.org/api v0.229.0 h1:p98ymMtqeJ5i3lIBMj5MpR9kzIIgzpHHh8vQ+vgAzx8= +google.golang.org/api v0.229.0/go.mod h1:wyDfmq5g1wYJWn29O22FDWN48P7Xcz0xz+LBpptYvB0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1259,10 +1259,10 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE= google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE= -google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950= -google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= +google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e h1:UdXH7Kzbj+Vzastr5nVfccbmFsmYNygVLSPk1pEfDoY= +google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e/go.mod h1:085qFyf2+XaZlRdCgKNCIZ3afY2p4HHZdoIRpId8F4A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e h1:ztQaXfzEXTmCBvbtWYRhJxW+0iJcz2qXfd38/e9l7bA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1276,8 +1276,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= -google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI= +google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 61611cdea595be1156807684a00b9db3cff4029a Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 9 May 2025 14:55:10 +0200 Subject: [PATCH 17/19] update golangic-lint (#1837) Signed-off-by: Carlos Panato --- .github/workflows/lint.yaml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 3a4e368a..8b3339e7 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -5,20 +5,27 @@ on: - main pull_request: -permissions: - contents: read - pull-requests: read +permissions: {} jobs: golangci: name: lint runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: read + steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: './go.mod' + - name: golangci-lint - uses: golangci/golangci-lint-action@v7 + uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 with: - version: v2.0 + version: v2.1 From 7a93e27b8fb9527f49de51f0fdb47c0c7a9eb0d0 Mon Sep 17 00:00:00 2001 From: Carlos Panato Date: Tue, 1 Jul 2025 13:21:25 +0200 Subject: [PATCH 18/19] update testdata Signed-off-by: Carlos Panato --- .../trustroot/testdata/ctfeLogID.txt | 2 +- .../trustroot/testdata/ctfePublicKey.pem | 4 +-- .../trustroot/testdata/fulcioCertChain.pem | 28 ++++++++-------- .../trustroot/testdata/marshalledEntry.json | 16 +++++----- .../testdata/marshalledEntryFromMirrorFS.json | 12 +++---- .../trustroot/testdata/rekorLogID.txt | 2 +- .../trustroot/testdata/rekorPublicKey.pem | 4 +-- pkg/reconciler/trustroot/testdata/root.json | 30 +++++++++--------- .../rootWithCustomTrustedRootJSON.json | 30 +++++++++--------- .../testdata/rootWithTrustedRootJSON.json | 30 +++++++++--------- .../trustroot/testdata/tsaCertChain.pem | 26 +++++++-------- pkg/reconciler/trustroot/testdata/tufRepo.tar | Bin 3031 -> 3028 bytes .../tufRepoWithCustomTrustedRootJSON.tar | Bin 3544 -> 3545 bytes .../testdata/tufRepoWithTrustedRootJSON.tar | Bin 3537 -> 3544 bytes 14 files changed, 92 insertions(+), 92 deletions(-) diff --git a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt index 37f513b3..c87e9066 100644 --- a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt +++ b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt @@ -1 +1 @@ -ce0e092b9e35b0b9e3637a96a27b8eb3806e7f366e70367eddcbb65b4f0b7165 \ No newline at end of file +72d6dae92b27e3c66ce7c06118782a87d64cb1ca4d58da7be4bf6a6c81637d94 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem index 864534e2..52bab6af 100644 --- a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQpbV0RszJ9g2DUmv1RAYXUWS+lA -a+YbNaU6Q9ZbXmATIX+C+4nUbgM6u0ooW9eXxtnUVAwDGVuHGWtr5VzyLg== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/LRj+kZcPIO3VWlCeulO6WFtd1Vk +oG80NXchsgpBYD14tH7daOdYukeLzS+BqQFBafrHJy3dzQUNTiHwpiySMA== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem index 1fd67248..15ae53e0 100644 --- a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 -MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABDinvflTjDOr/6o70lfMWBRtYnaJcYIIdGJp -27wvISz6CbXoz4wuZbYi3oOlw6uDed+QpMQfJaGcgH0GQ9nM6vyjMzAxMA4GA1Ud -DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQnBOo/FKFK5QsnmtCW3EULNg7a8jAKBggq -hkjOPQQDAgNIADBFAiEAobePrizti+1TidezZrdZbPczorA3eNJXO11khRT5f6YC -IBGX6djF1e44voTyfjajRH6JeyWdRv7OkLKFqk94nxYa +MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 +MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABCRENSlBsT9Cceu6g60k/y/vzRPM6hb8BJbq +sX/xx4PpbXO3Um0h+CN/p6WAJh/4koXLVHaRTokl+kNc/OMhp9WjMzAxMA4GA1Ud +DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTMEbK6/VqSJCNSppR2WoB7izlXsDAKBggq +hkjOPQQDAgNHADBEAiBXRhIwRdnUy5aniaeIFqsnaOjYddGuhc1u//6ReUzfwgIg +eHDfF6BK7OmnUvc62QOJeSWj7CRe+wJd9rTL9FeDjCU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 -MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAATYMFeaxWdAnFM3nGB7MT4cVWHwWLpHtGeCWtU+ -dGLqBlF7mM/QjdGmZ3Ea3sb8k1PZfm3m2ycJtu1mle6llLjHo0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJwTqPxShSuULJ5rQ -ltxFCzYO2vIwCgYIKoZIzj0EAwIDSQAwRgIhAIQQCaaKqofWp/rNU3qyVN6qGYHq -pBMR5UHKY2ms6UaHAiEAxQ0YHuxXHYziMHoO5Ey8gIbnTSfpCUSltKKhZ5ppgrU= +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 +MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAS9qmFBSdQ8sgNy0yRybzJMKmhC9pO4TQRt2dPv +6SDJTNjOTQLm9CtBQhDOmNaanTzEUFCZxA/3Gx5a+JP0/Ts5o0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzBGyuv1akiQjUqaU +dlqAe4s5V7AwCgYIKoZIzj0EAwIDSAAwRQIhAMPb6kbHcMhpWzc7nb8QRadvUxfd +UnF2pGamtoZ4+LCXAiA4zDqYSz8JLPHgpAtXF3i/2PyqXGKy9eSlprIAYgZ7jg== -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntry.json b/pkg/reconciler/trustroot/testdata/marshalledEntry.json index 2049afb6..89c83d9d 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntry.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntry.json @@ -5,14 +5,14 @@ "baseUrl": "https://rekor.example.com", "hashAlgorithm": "SHA2_256", "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8OnaXgP7Oj//llRdP76GRDNIx8yTmXm8tra6qck1nt3ZmNvbTcKQu2WXL3kpBNYK3wMg9I3BfeWA36OlUQYL0Q==", + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfISMcpAiZrwd7KUThb0fgrsFOM1MJOxgH4OD+md+c0yHEZ6UsOR5UF5HAN/qD5skTTcXJuSOogZVc/xeOvhSTw==", "keyDetails": "PKIX_ECDSA_P256_SHA_256", "validFor": { "start": "1970-01-01T00:00:00Z" } }, "logId": { - "keyId": "ZmFiYWE1Nzg1MjczODczMWU1YmEwYjUyNzAzYWVkMWU4MzE0Yjk3ZTk1MDBiMDk5NDI5NjQwYWQ2NWRlMWM3MA==" + "keyId": "YmRmY2I5OTA3NmVjODg5MTMyNDFjYjk4ZTcyMTc4NTljNTRhYThiYTdmNjMzMTQyM2FiOWI3N2Q1ZjQxNGU5OA==" } } ], @@ -26,10 +26,10 @@ "certChain": { "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDinvflTjDOr/6o70lfMWBRtYnaJcYIIdGJp27wvISz6CbXoz4wuZbYi3oOlw6uDed+QpMQfJaGcgH0GQ9nM6vyjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQnBOo/FKFK5QsnmtCW3EULNg7a8jAKBggqhkjOPQQDAgNIADBFAiEAobePrizti+1TidezZrdZbPczorA3eNJXO11khRT5f6YCIBGX6djF1e44voTyfjajRH6JeyWdRv7OkLKFqk94nxYa" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCRENSlBsT9Cceu6g60k/y/vzRPM6hb8BJbqsX/xx4PpbXO3Um0h+CN/p6WAJh/4koXLVHaRTokl+kNc/OMhp9WjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTMEbK6/VqSJCNSppR2WoB7izlXsDAKBggqhkjOPQQDAgNHADBEAiBXRhIwRdnUy5aniaeIFqsnaOjYddGuhc1u//6ReUzfwgIgeHDfF6BK7OmnUvc62QOJeSWj7CRe+wJd9rTL9FeDjCU=" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATYMFeaxWdAnFM3nGB7MT4cVWHwWLpHtGeCWtU+dGLqBlF7mM/QjdGmZ3Ea3sb8k1PZfm3m2ycJtu1mle6llLjHo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJwTqPxShSuULJ5rQltxFCzYO2vIwCgYIKoZIzj0EAwIDSQAwRgIhAIQQCaaKqofWp/rNU3qyVN6qGYHqpBMR5UHKY2ms6UaHAiEAxQ0YHuxXHYziMHoO5Ey8gIbnTSfpCUSltKKhZ5ppgrU=" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9qmFBSdQ8sgNy0yRybzJMKmhC9pO4TQRt2dPv6SDJTNjOTQLm9CtBQhDOmNaanTzEUFCZxA/3Gx5a+JP0/Ts5o0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzBGyuv1akiQjUqaUdlqAe4s5V7AwCgYIKoZIzj0EAwIDSAAwRQIhAMPb6kbHcMhpWzc7nb8QRadvUxfdUnF2pGamtoZ4+LCXAiA4zDqYSz8JLPHgpAtXF3i/2PyqXGKy9eSlprIAYgZ7jg==" } ] }, @@ -43,14 +43,14 @@ "baseUrl": "https://ctfe.example.com", "hashAlgorithm": "SHA2_256", "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQpbV0RszJ9g2DUmv1RAYXUWS+lAa+YbNaU6Q9ZbXmATIX+C+4nUbgM6u0ooW9eXxtnUVAwDGVuHGWtr5VzyLg==", + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/LRj+kZcPIO3VWlCeulO6WFtd1VkoG80NXchsgpBYD14tH7daOdYukeLzS+BqQFBafrHJy3dzQUNTiHwpiySMA==", "keyDetails": "PKIX_ECDSA_P256_SHA_256", "validFor": { "start": "1970-01-01T00:00:00Z" } }, "logId": { - "keyId": "Y2UwZTA5MmI5ZTM1YjBiOWUzNjM3YTk2YTI3YjhlYjM4MDZlN2YzNjZlNzAzNjdlZGRjYmI2NWI0ZjBiNzE2NQ==" + "keyId": "NzJkNmRhZTkyYjI3ZTNjNjZjZTdjMDYxMTg3ODJhODdkNjRjYjFjYTRkNThkYTdiZTRiZjZhNmM4MTYzN2Q5NA==" } } ], @@ -64,10 +64,10 @@ "certChain": { "certificates": [ { - "rawBytes": "MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCKH3XivQjrlRMPBECYj4/aM4HxhmsDjB42Zb5lQNzNLybRCxhequ9/cQUgiAAlqyVNyr2Q38R15ZlzSOJ1IHNyjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBQVwh0Oz6XDozbQWCf7Pozi1nmPZDAKBggqhkjOPQQDAgNJADBGAiEA5o/l9vC7gg2N+QZ+8JKPKmbJtvVuiEEdeZu6zOrJ94sCIQCB5pj2/dyIOwpdtK+CKWvKzY7PzyLc3OuC3GgPmDLHOg==" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABI6Y+7lytAlUaqJMhBNX8MacXsvm80DnYy9rr1VD1vGaeILTzGO7lweQbR+tWPttctXOTeMq7OPfxjs0alKj+eWjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBS7jGT6QsK8sOLUKDLBCiQpI4AsCzAKBggqhkjOPQQDAgNHADBEAiBnLHjW1+zfJDNshoofVq3brzx4Vn81HQc4k9GcUffTMgIgBCyyGkJ+ayLAPmMUkX7nVZa1RB84rzHV57PISF04bq4=" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATKKGhibPWiUGgf5xOEgR4+mp2CEi4V0J12yjJzP8FJI67idgmGmdH/74hteKO+ooxvjG4obZJtwcpPztshjzaro0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUFcIdDs+lw6M20Fgn+z6M4tZ5j2QwCgYIKoZIzj0EAwIDSQAwRgIhAOATau0ajIlhNT1JWFbKO7G2g5iCH3Rsw8nU3UqQH9L4AiEA3HiFPlIFmKRvYJmyGECLw8EO2gRamBpFoi6pszfO58w=" + "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+D/5XUFXokHysm5PZVgiR0Ef/iCy3hQjbGEoZiDLKsrmGJB+LN4nA5opRL1vVvIwHRCIhu0zymmm6HufsoVXqo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu4xk+kLCvLDi1CgywQokKSOALAswCgYIKoZIzj0EAwIDSQAwRgIhAP6oXEyOIqTjIrgzrtnsVGo5/CIkVwpNy4Kumxev0L2gAiEAncABJkWROim1c7QJl3uYvKbkZkOL3frGVEPc1vxNIms=" } ] }, diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json index 52a8a908..460801c8 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json @@ -3,14 +3,14 @@ { "hashAlgorithm": "SHA2_256", "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8OnaXgP7Oj//llRdP76GRDNIx8yTmXm8tra6qck1nt3ZmNvbTcKQu2WXL3kpBNYK3wMg9I3BfeWA36OlUQYL0Q==", + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfISMcpAiZrwd7KUThb0fgrsFOM1MJOxgH4OD+md+c0yHEZ6UsOR5UF5HAN/qD5skTTcXJuSOogZVc/xeOvhSTw==", "keyDetails": "PKIX_ECDSA_P256_SHA_256", "validFor": { "start": "1970-01-01T00:00:00Z" } }, "logId": { - "keyId": "ZmFiYWE1Nzg1MjczODczMWU1YmEwYjUyNzAzYWVkMWU4MzE0Yjk3ZTk1MDBiMDk5NDI5NjQwYWQ2NWRlMWM3MA==" + "keyId": "YmRmY2I5OTA3NmVjODg5MTMyNDFjYjk4ZTcyMTc4NTljNTRhYThiYTdmNjMzMTQyM2FiOWI3N2Q1ZjQxNGU5OA==" } } ], @@ -19,10 +19,10 @@ "certChain": { "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDinvflTjDOr/6o70lfMWBRtYnaJcYIIdGJp27wvISz6CbXoz4wuZbYi3oOlw6uDed+QpMQfJaGcgH0GQ9nM6vyjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBQnBOo/FKFK5QsnmtCW3EULNg7a8jAKBggqhkjOPQQDAgNIADBFAiEAobePrizti+1TidezZrdZbPczorA3eNJXO11khRT5f6YCIBGX6djF1e44voTyfjajRH6JeyWdRv7OkLKFqk94nxYa" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCRENSlBsT9Cceu6g60k/y/vzRPM6hb8BJbqsX/xx4PpbXO3Um0h+CN/p6WAJh/4koXLVHaRTokl+kNc/OMhp9WjMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTMEbK6/VqSJCNSppR2WoB7izlXsDAKBggqhkjOPQQDAgNHADBEAiBXRhIwRdnUy5aniaeIFqsnaOjYddGuhc1u//6ReUzfwgIgeHDfF6BK7OmnUvc62QOJeSWj7CRe+wJd9rTL9FeDjCU=" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATYMFeaxWdAnFM3nGB7MT4cVWHwWLpHtGeCWtU+dGLqBlF7mM/QjdGmZ3Ea3sb8k1PZfm3m2ycJtu1mle6llLjHo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJwTqPxShSuULJ5rQltxFCzYO2vIwCgYIKoZIzj0EAwIDSQAwRgIhAIQQCaaKqofWp/rNU3qyVN6qGYHqpBMR5UHKY2ms6UaHAiEAxQ0YHuxXHYziMHoO5Ey8gIbnTSfpCUSltKKhZ5ppgrU=" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9qmFBSdQ8sgNy0yRybzJMKmhC9pO4TQRt2dPv6SDJTNjOTQLm9CtBQhDOmNaanTzEUFCZxA/3Gx5a+JP0/Ts5o0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUzBGyuv1akiQjUqaUdlqAe4s5V7AwCgYIKoZIzj0EAwIDSAAwRQIhAMPb6kbHcMhpWzc7nb8QRadvUxfdUnF2pGamtoZ4+LCXAiA4zDqYSz8JLPHgpAtXF3i/2PyqXGKy9eSlprIAYgZ7jg==" } ] }, @@ -35,14 +35,14 @@ { "hashAlgorithm": "SHA2_256", "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQpbV0RszJ9g2DUmv1RAYXUWS+lAa+YbNaU6Q9ZbXmATIX+C+4nUbgM6u0ooW9eXxtnUVAwDGVuHGWtr5VzyLg==", + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE/LRj+kZcPIO3VWlCeulO6WFtd1VkoG80NXchsgpBYD14tH7daOdYukeLzS+BqQFBafrHJy3dzQUNTiHwpiySMA==", "keyDetails": "PKIX_ECDSA_P256_SHA_256", "validFor": { "start": "1970-01-01T00:00:00Z" } }, "logId": { - "keyId": "Y2UwZTA5MmI5ZTM1YjBiOWUzNjM3YTk2YTI3YjhlYjM4MDZlN2YzNjZlNzAzNjdlZGRjYmI2NWI0ZjBiNzE2NQ==" + "keyId": "NzJkNmRhZTkyYjI3ZTNjNjZjZTdjMDYxMTg3ODJhODdkNjRjYjFjYTRkNThkYTdiZTRiZjZhNmM4MTYzN2Q5NA==" } } ] diff --git a/pkg/reconciler/trustroot/testdata/rekorLogID.txt b/pkg/reconciler/trustroot/testdata/rekorLogID.txt index f1fcebe0..e88e4ea1 100644 --- a/pkg/reconciler/trustroot/testdata/rekorLogID.txt +++ b/pkg/reconciler/trustroot/testdata/rekorLogID.txt @@ -1 +1 @@ -fabaa57852738731e5ba0b52703aed1e8314b97e9500b099429640ad65de1c70 \ No newline at end of file +bdfcb99076ec88913241cb98e7217859c54aa8ba7f6331423ab9b77d5f414e98 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem index 7aa3f9a6..11ae2f7e 100644 --- a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8OnaXgP7Oj//llRdP76GRDNIx8yT -mXm8tra6qck1nt3ZmNvbTcKQu2WXL3kpBNYK3wMg9I3BfeWA36OlUQYL0Q== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfISMcpAiZrwd7KUThb0fgrsFOM1M +JOxgH4OD+md+c0yHEZ6UsOR5UF5HAN/qD5skTTcXJuSOogZVc/xeOvhSTw== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/root.json b/pkg/reconciler/trustroot/testdata/root.json index 1acdefd7..8446376d 100644 --- a/pkg/reconciler/trustroot/testdata/root.json +++ b/pkg/reconciler/trustroot/testdata/root.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2025-10-02T16:41:39-04:00", + "expires": "2026-01-01T13:21:04+01:00", "keys": { - "4b6e470a6ae80de875a55e14ebb6f237d849afb159b9702d52a0e83a094eb79e": { + "0d940e166ae0568ea03cc478aa85b1665f7f92a35d7999575e31b21e408f487d": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "c15703fe858491eb71333222bd1d3ae9a1b12a2ad6da855a0bb87cc62bdcb1db" + "public": "9ed3a9ac657799f44fd22c9cd3b569c68e9327dca9690419bc97288bea5b6389" } }, - "5bba1132b50cab237959cf28b8471e22b448f618078934e4a551b42956cc2aeb": { + "5910c46dd13c76aac66a1931d6267de258b3017f44b8015f46d4b61524fb1e3d": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "cabab661f4fbe2a5149f46d1749d4d31275ef3c253c42ab43c23a7defd83e9e2" + "public": "7ea730fa36d4181f89bd24580a91fd22de991a7e220fbcbda8c602f1ffbe06fc" } }, - "5e981e578c6182ef0d8b74de7507a503eadb940e9f7ab4a1bff2f6ed5d9ee971": { + "de5f7af766270e2e22ca1ee043a5ff217b66639b3023d65aad9632df1e79e7b9": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "2153df976dd0916189119c20c833d3feea9b8f03e638c30ea86138106ba195f1" + "public": "508f01013c2dd120425291227553c5595b736f02a044606537a75ecdbd686b81" } }, - "86ea80bbb0d782cc9ad0cb509cdcee05cccb70b22287d1506660f0c4882d899b": { + "ecdb1e8e97ee7300b1158718d5390d622b560bec16e21a7f4e2ceb3b0b8e3da1": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "d56d7d86bdc349455a9353b850b5c5482178cfd427db91a26fd76379ee422ac6" + "public": "6c672e33e09fe3b3a4f7db624c9e797951df092325195f757c974c8578eafb30" } } }, "roles": { "root": { "keyids": [ - "5e981e578c6182ef0d8b74de7507a503eadb940e9f7ab4a1bff2f6ed5d9ee971" + "de5f7af766270e2e22ca1ee043a5ff217b66639b3023d65aad9632df1e79e7b9" ], "threshold": 1 }, "snapshot": { "keyids": [ - "5bba1132b50cab237959cf28b8471e22b448f618078934e4a551b42956cc2aeb" + "0d940e166ae0568ea03cc478aa85b1665f7f92a35d7999575e31b21e408f487d" ], "threshold": 1 }, "targets": { "keyids": [ - "86ea80bbb0d782cc9ad0cb509cdcee05cccb70b22287d1506660f0c4882d899b" + "5910c46dd13c76aac66a1931d6267de258b3017f44b8015f46d4b61524fb1e3d" ], "threshold": 1 }, "timestamp": { "keyids": [ - "4b6e470a6ae80de875a55e14ebb6f237d849afb159b9702d52a0e83a094eb79e" + "ecdb1e8e97ee7300b1158718d5390d622b560bec16e21a7f4e2ceb3b0b8e3da1" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "5e981e578c6182ef0d8b74de7507a503eadb940e9f7ab4a1bff2f6ed5d9ee971", - "sig": "491a3f69cc2aa878e0caa1b8f5488f69c1c0ebac08b2a655110454c21fe166245554eaf5d9c3b83a01a5fff9eb4c2b70cfb8af53b576193a746d404ea30a920e" + "keyid": "de5f7af766270e2e22ca1ee043a5ff217b66639b3023d65aad9632df1e79e7b9", + "sig": "0600abd72979dfe964f5dfdb204534545dc7f885bc3ee3e035488f29f90d2852070aeae1ae397a7dd1cda507ef4317edf056ac9ce88a23ae78d1fbbaf6a7df06" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json index 8bfd0556..b3833baf 100644 --- a/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json +++ b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2025-10-02T16:41:39-04:00", + "expires": "2026-01-01T13:21:04+01:00", "keys": { - "066ddc8f2c0d25760fc9e4658a6d0eac30a51a18269ace25a28ca49a1fc30879": { + "05768da397654761017646fe48c7250b634ccb72ebbb817d97757d2a4ca0d0b1": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "54a45a46b845410c3c8f6c4ff0e06cfe464c28fb3ba8de9f700c5e0786b9ca71" + "public": "2e14b5f6e51038c8eed39cea5921f25f5d8c1229e1afd6903b749d049eebdf28" } }, - "18547878bd70556810872a823a9458361643b3b194cb156da16db9cdea4bf8e7": { + "77935fd26e2f5431b14cdb2d7d833f7e894cbe3c9d476a4b0cd2140d9f2a8406": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "3f1d6918348063f2f80e9ed607a806be559fd447153ff1829b0ac8af52f374ba" + "public": "831694438642cf2f0dda68234089a20464f23a766e858b341747f931bde8577c" } }, - "6f682eb905b869b071295765b11f35cc4e4378ba6c57f363d0334224223c5cbe": { + "b805e2101b437ba4f99d2eba0eabb8144d8795822ff726e5704ba2e7faa73c4c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "606d869497cb773c0571b7a36a78bffa6088f54ddfc97b971bf08dce335d4345" + "public": "8d931de7b0b98a9b852805866a9b624e26158a0ba7890f6048a48a2d3e68d0aa" } }, - "98664c4f0dd10825afe47c106451b15d9ed92599d48099584a7e48de77a404d1": { + "f1469ae619f991d435ba37096ea88d3eec4ddd1b17c02bd72478e05bce3fb24c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "eaf623556540a9ccc698ab7776322ff1ed69670c0190c67ff0d0e1ad358324a7" + "public": "677cb8610efc92280d5a41ae782e20c65b4e14b6629a54db8ebd31af602886ee" } } }, "roles": { "root": { "keyids": [ - "066ddc8f2c0d25760fc9e4658a6d0eac30a51a18269ace25a28ca49a1fc30879" + "b805e2101b437ba4f99d2eba0eabb8144d8795822ff726e5704ba2e7faa73c4c" ], "threshold": 1 }, "snapshot": { "keyids": [ - "18547878bd70556810872a823a9458361643b3b194cb156da16db9cdea4bf8e7" + "f1469ae619f991d435ba37096ea88d3eec4ddd1b17c02bd72478e05bce3fb24c" ], "threshold": 1 }, "targets": { "keyids": [ - "98664c4f0dd10825afe47c106451b15d9ed92599d48099584a7e48de77a404d1" + "05768da397654761017646fe48c7250b634ccb72ebbb817d97757d2a4ca0d0b1" ], "threshold": 1 }, "timestamp": { "keyids": [ - "6f682eb905b869b071295765b11f35cc4e4378ba6c57f363d0334224223c5cbe" + "77935fd26e2f5431b14cdb2d7d833f7e894cbe3c9d476a4b0cd2140d9f2a8406" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "066ddc8f2c0d25760fc9e4658a6d0eac30a51a18269ace25a28ca49a1fc30879", - "sig": "9f854fc523bb70d92ab3e4c0e142864013a3ed78f405fc9dd6d45800ec2477631df58429f3f083873cabbd49229c56828a3da59271180cd3de84ce0b28d5530c" + "keyid": "b805e2101b437ba4f99d2eba0eabb8144d8795822ff726e5704ba2e7faa73c4c", + "sig": "e52a6087280190750f5d0653f79b42b6d504a5c6eceae569cf6ad726e58cd9588748dda451a1feddaf8e7e5bfa7f18b8b7ed4beb37cd988398cebadf6c6f7c06" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json index 0af2de58..6c8c01b6 100644 --- a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json +++ b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2025-10-02T16:41:39-04:00", + "expires": "2026-01-01T13:21:04+01:00", "keys": { - "a2a4c3d52c938fb090acd498ed23766c12ba9815bf475df0da33c7961e323ad2": { + "5505d5405543c1cbc904e2f8da679fd8bf2789c91b1aef887fa6cd4d8f1db64b": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "8f81796de46a7177e02c509c6fe55f8466616af5334a6c4e29dc9b0f03f58ade" + "public": "62e1a5e99d4893a885f298a08fb12c91c1e3c97a50026e34b3148c84bf6f355d" } }, - "c48bd7b25eeb29c3891be1d8fd5d374e2b2359bb780df84b912a91bc9f5f3387": { + "78f9e7683495de750dcdfddc36d8a5a8fd085b2ad6fd48285e559e7faacd1791": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "a3420281649479d9e5cd705e9f30af2b8c4b6774b0b9998824e49a4874f9d0c2" + "public": "ccb6d78d8141db89c3c09904e9d7e969c7cf3d8b916b0ad1ea11b2422803a459" } }, - "f766fe620df21a0c1cf3a3c877cad71d82e2ee823c4738e4860596b66f89daf6": { + "9cb594e347aaa05899abfc3fa82c94a811e2d9299a830af5746b60968babc8a7": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "24490718b694def42421fabd5708c225d82b6c4ae81e67f9225972398d147469" + "public": "8e0561c3a1a7d82e1e4c59c3d1f200e2fc24673999b918ce20cfb5ca5b50c7a9" } }, - "f77364f8e19144bf85d1f633957e9afce91d3af288359986dd87ecf142933948": { + "cf6ff83fc820378d51ddf2f6609ef144c59d07fe053823bf61b485916528f687": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "34156618b3210d5abc84abda86a32be05983db6868edc927cb106ee689e3c5a2" + "public": "1c534d131245d5b62663e5efd382943d2f31c6c10a3cc7e6338a6347e5434b6d" } } }, "roles": { "root": { "keyids": [ - "f77364f8e19144bf85d1f633957e9afce91d3af288359986dd87ecf142933948" + "9cb594e347aaa05899abfc3fa82c94a811e2d9299a830af5746b60968babc8a7" ], "threshold": 1 }, "snapshot": { "keyids": [ - "a2a4c3d52c938fb090acd498ed23766c12ba9815bf475df0da33c7961e323ad2" + "78f9e7683495de750dcdfddc36d8a5a8fd085b2ad6fd48285e559e7faacd1791" ], "threshold": 1 }, "targets": { "keyids": [ - "c48bd7b25eeb29c3891be1d8fd5d374e2b2359bb780df84b912a91bc9f5f3387" + "cf6ff83fc820378d51ddf2f6609ef144c59d07fe053823bf61b485916528f687" ], "threshold": 1 }, "timestamp": { "keyids": [ - "f766fe620df21a0c1cf3a3c877cad71d82e2ee823c4738e4860596b66f89daf6" + "5505d5405543c1cbc904e2f8da679fd8bf2789c91b1aef887fa6cd4d8f1db64b" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "f77364f8e19144bf85d1f633957e9afce91d3af288359986dd87ecf142933948", - "sig": "319621be06a82cb11278e9c43618dee2f65870e7de18207eaed58b091e4955207877ad7faee03881353320ac9e1d170b35428135aa103feedc422413b9087306" + "keyid": "9cb594e347aaa05899abfc3fa82c94a811e2d9299a830af5746b60968babc8a7", + "sig": "06d41903a1f0dc861e24bc4cdb1929b5fd9fb2ea77b5dcece56721178542023b5ae849976132d48d264adac7b372bfe40da73ef6d40a11dd0eb8966b5df40703" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem index 80102d63..bc5d53bc 100644 --- a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 -MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABCKH3XivQjrlRMPBECYj4/aM4HxhmsDjB42Z -b5lQNzNLybRCxhequ9/cQUgiAAlqyVNyr2Q38R15ZlzSOJ1IHNyjMzAxMA4GA1Ud -DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBQVwh0Oz6XDozbQWCf7Pozi1nmPZDAKBggq -hkjOPQQDAgNJADBGAiEA5o/l9vC7gg2N+QZ+8JKPKmbJtvVuiEEdeZu6zOrJ94sC -IQCB5pj2/dyIOwpdtK+CKWvKzY7PzyLc3OuC3GgPmDLHOg== +MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 +MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABI6Y+7lytAlUaqJMhBNX8MacXsvm80DnYy9r +r1VD1vGaeILTzGO7lweQbR+tWPttctXOTeMq7OPfxjs0alKj+eWjMzAxMA4GA1Ud +DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBS7jGT6QsK8sOLUKDLBCiQpI4AsCzAKBggq +hkjOPQQDAgNHADBEAiBnLHjW1+zfJDNshoofVq3brzx4Vn81HQc4k9GcUffTMgIg +BCyyGkJ+ayLAPmMUkX7nVZa1RB84rzHV57PISF04bq4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI1 -MDQwMjIwNDEzOVoXDTM1MDQwMjIwNDEzOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAATKKGhibPWiUGgf5xOEgR4+mp2CEi4V0J12yjJz -P8FJI67idgmGmdH/74hteKO+ooxvjG4obZJtwcpPztshjzaro0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUFcIdDs+lw6M20Fgn -+z6M4tZ5j2QwCgYIKoZIzj0EAwIDSQAwRgIhAOATau0ajIlhNT1JWFbKO7G2g5iC -H3Rsw8nU3UqQH9L4AiEA3HiFPlIFmKRvYJmyGECLw8EO2gRamBpFoi6pszfO58w= +MDcwMTExMjEwM1oXDTM1MDcwMTExMjEwM1owDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAT+D/5XUFXokHysm5PZVgiR0Ef/iCy3hQjbGEoZ +iDLKsrmGJB+LN4nA5opRL1vVvIwHRCIhu0zymmm6HufsoVXqo0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu4xk+kLCvLDi1Cgy +wQokKSOALAswCgYIKoZIzj0EAwIDSQAwRgIhAP6oXEyOIqTjIrgzrtnsVGo5/CIk +VwpNy4Kumxev0L2gAiEAncABJkWROim1c7QJl3uYvKbkZkOL3frGVEPc1vxNIms= -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/tufRepo.tar b/pkg/reconciler/trustroot/testdata/tufRepo.tar index 7610a77cc8c5a075e037d0bffd543b86ccd53cb6..4c12a89312a8e24918b3d88005ad2a36c1bd89b2 100644 GIT binary patch literal 3028 zcmV;_3oG;=iwFP!00000|Ll8NQya^EQ?Cf;%O4&(~3cX0iehw)-^J>t?b1S=sjM2eu$L;~Tx)P~3?#}HN0$#N1ZXlt#~ zDhlQ}ixNzdM&F2j_1GKnW8g|LJ0C8egYU=VZ(TTy7lZJ*Pm}&2I-I~E|X(X{L0GGk+gtB0)u3RC1YLSQW+r2a=nFUEh8N{hvd8qWIO^- zEF~8KlmA*-A*!S)X+*9e^2oU-79&VODkaXeLquVn04@S5qF_<*kXY0_ z1SKp4J$y1cJ}LAWpfvpw;_RHyxMob-oB`Po9(JG8s&! z@nrh>o}s4WvsjwnF^|MFJ-Z5_xp-HuHJ3Pd<7Ye3wU-Qf`O^Ra$OX-GDbNsViXaClEx%%lZC*I;-G;dMMhCrO*#bT11ZokNx^gs2^5mIJ{m(@ zP}C-{Dw#vQjp zF`a@Cq=PpsDsq-Mg-DpZ3=XXZNkU`N5G1qF``|72oJsD%2>~`J8OSDsPI#0)C`@31 zz#zDS=zm!};Q#yY;0uoN1pjj-_+$P@DENON_yPalr0}mr|Bsdk%YK^T+fh9J7W-@S zH2HH$nx&wS$O>f`OTh;M!O40jlGhrAHsHuADO^fK-m}Ofc?KwCWWjjv!P%g-k06y& zf@^7mfapl+peSmkxdLgl48fE4Bn*=YlqM@4lD|KjOozw!1s(Jz)8RPYomyHxn^14A z>uP7UezUe+TAoa4dNx;K=BI-%@$Smmc#xmI8tQ62`d|s4&W`+G_#G`;`zN$W7`z0* zBM%~h)yT=E1d6%H2$QzVkRYvr&{`I)3NC_+(gdX#M+44~1PGLz6bb?gLL-&X0WpuT zA~~PPgk%B_&RAu=l7czmlM4ytbF{cRpZ!bdaU2ha3!T#7)Jk|l4XG(b-J=ussp0~!&ui^3#ioX{JKNg>lpq7~7a zK#DLiA&oLlKSzz*`Q)Fc#lMj1Jo|Tm2dPe^Kt^!j(Fwt|&vleUQXCbSWSnKfv*?73 zz_|r2d~`f2A+$hal2=M-D;*13tEBTA9nTlJN#`qIj4?&zE-J>IOv+0Z5)n8EXdow- zzgwzvFaEz$_2+-7|0s>Ti2sW~QU59GKfjE!iuzAc|0(J}Mg6C!{}lC~0t>;t{Qs4z zKmSwx2PG8w{~}P-e~S7~QUCe(;vWBBzkx45#$WIMR#MBN|9cVm+WzG&I$w_z;&}2F z$}dq=d90d8N8l14_yTaH1-w~0UxWf~?7xVyenBwAr4dd0zkkCKes)3a?M+3n^s}|} z&&49l{zU!{93R#H1>-sY7y19|g#`u?Oh zs_fO6oUZFYt+01?7(ZO@tW-|hs})M)^^FS=F5BJB&R~5u8eHr&v)_L&&1I->*1i(! zXKU=Ag{R{GOVqKSj{o{`{1*y~_`e7+)ZdN&Kf8zF?QIuE@zTE*7Gd_k9{)k};`hIW z;F?;lk5o0aBTsd8~OQr4^Aj+)Kt z>lrk%N_D%wxpP#RbZphfGwdN8mM_X*F1NRu*mtI~;Z94F-SYXl+#0#vmgpWsf2F!v z9^t2KqhFSX!`%-b*J-;mJUm)C-1OyEvp=$*4w{$Qc{7u_M4?oh)hp#$yPnM&YqMIG z@_DZBH0x`%>{GAOY1Z9)EPp)R*{E*rj7Ho1)3Blkmq)vkTK2xu>z$VRhX<{#cDt7K zHrKOSrJfBcyW9Q7Y&)EEFBF{&C^lA4CnwZ8*b8Cptnb-bxs2PfdzogvMz0jtYiSiL z?{(|=r2EAqZ?`t$&Zh%i-Ht1>jbO)}4|X-y4yxUIS<_d>e9F)}2i1z9TSHe~-q4-; zhh}zoW9aH0ug^YpvQDMvZ?x2?i&6F7Hj8*Y$;on^TbTxQ|wW?5hDwY!&< zwTrVaj1C9wgYGGHOX27=i*lkq>TFi+-KNU9=hSwxY_{EQ^t0xc!$Y_3oBh$JORrCy zX>U{b(mhY1)IC|{qcu974)^8Chw5%N$mC`1bZ_US?~StQ?y4A+`PRkh?%Mkc z8+VRI<3_gE+t&xZ-+yHM@4x?F^Z(1YfIq?i-`f8rRk8kC2#Wn*#s05i|5vg9tJweb zuiyW5+bX@_{ojn?dAi-?q*#qyh9n`|&qu7rA(vb|ohbT7U``^1wut zD5nduz@^Y8`Jfdl7Z8|=PBEo@6es~vGj4Q*BtddUfQCzoOyn-fW3*oJM3y_LESJEH zv&ijy4-09-FiH;&{fjk#K6_8X16E84os&lBC~VX$FvgS$$OIaRUQ<+7S&#~a^Z-Gr z2%wF1ppb%cjODZpA|$~CC8K3BV6}AuZ3LwRDekQ_3XwD_V@WIPViXV*IScyl#)<_B W6e#e|$NvQY0RR6)-k0$JTmS&J^%Hpj literal 3031 zcmV;|3n=s-iwFP!00000|Ll8NQyaD+20{pth&M-Z zb0olTjyL!~xs;3n;e>r4lrat;iumJ1dcbU&n#l)3+{nL3!8A27zHt5SLGF%!6FlgD zm42FxM(L;1>1g=AV`O{?&cCOB4n#cDKXOh!6qiEczg++SEfiO#z3wphmCwch7K+7{ zFX`1dtb8u6WY)0q|FTolad2NQ!erVT4YMos6S=wYaE>m%hs$wq5~kU2fB^nR$!`Q& zRD9<2Gt<8j{+ZnVL{3vU#nA=WDCoB->crQY5Q^hfspAB)je&{{(&1B=8N3ruR%E`qX(OBw(y=PC-S zh*X;Kzzrg`95f2&zy$j%lVz;2LeR*g4PcOR9l7vSa_zZi6eNbo93XQXjOEM$Gt!6X z6$?7RH^>TF(STApK^25Zyt0z}AdyIegazZR<|ODSjpc^g7$J(_(d!Vjq`xp(K#}>V zrSP6;DyY(wY6rwA#ypE57;RM~EC{9?Bf%&^nW98kLp4VFHCajoqlmSZc&WfSZ9H)n ziFV$FK+rj7C9wdYq^C%P5F`@El>)D{{*^7uqwvxzVZCEqb3~&VGOLhSbjTG@sa*6N zq_>(H5YbD)qz-`t7$+W+Rk$T=WislA2Pd|0mya3f`N#6V*%F^TYI-sW)00s@^V;;0 z3a3Leo}Roc$Xor#pAsZBlWs_-FUav`Yx{F@^af#?n!)%5N!}cOUXkS9VBBap?M>4# zOusx*R63c3!r~W;NNm#CO$g1zyD_bW#F-ht*@$kfq}R>v#x*r83Z3cID5(N*#!#yw za;38K)RAC~Bg%pih?EkJ+yRY&3IQAuc`y;ZcFbmcP=hf>9V~ZXC2`Rz6Ombzf@)?Y z7oHOy3?oJZS@8Bpq4=M|A3r+_`uE~V{(onb?>q;1CI6=s<+J=>Fe>u=e;Ifo|G#%p zKWYvz2&uUbpSJ;HVR{d~x*vw!^d!4CljPRHW;wz`+-|DB$`t+NR0IsZRSP2k0GFzKqC#p1xpRr zG9ZFN8a+Az%nL(Lr7?UOhrzeJ zzf`X~f6c8WOekO?VDOsL2+9lM3ALyk37kvx5;1ZG)^Jb3d8*KOU|I=DtVbi2%7TJK zFC5RN*M>RHxeF{vgNCvIF*wJy4Mc?~Mc~eO>xB?coxht+)6w9upuO%i9Zeny z+0=9wT$fvG)w{WEab=pCbhe-{acS=&JY1PgdfDllp>F1*Pp0s3)_1+pcUaW=Pq3(L zAi+}}z#&=-kx~OPfW}CXQs$Tt4s4`MD8rNi7A0qBBKQar9C4B%xNM@G&5sm`F;eRy zL2qajN=1%9f@DT|M?z4+U~pVoBM?yXx3IXjc>4F?aT3l(leZWnOq{ZSX`{ z$F;CP_}?wnc@+PDQ1$08)qfbFdHi1n^7>C+|M_*u%IiOQ{U@*gb$eQ zIXbRipOSLY?9^{RSCXcyG`mSv?F`LPcUSJ5uCDg`dwy4n+FoV5eyOfng~8E4r4u90 z-5DLG?0B$!VOwsqIfKKaEp|38ZFe@=ywTNlR*K;;VPdD>Zg#dv^Y`Bi3mK~0m9ND5 z*^K?O@LK$Tk9L4p<3Ez;@gD@u1h5By%|Jkh|pB}nd^0)p6VHs+FZT(O3XZ3%U z%@_0dzYIKz|K;jltG-q*C#~vj0#L7)c3b5VZYGtaTP+|hO^?K)EbW~|I=(BV4%5`Rw!NFjFfb%_oF8B>Uu)zNvYBsUc`Ruw6Zf<6(dRdv2j@1 zOFKie;X3uYuWgJAAmvykBxTvb1|y~|FJo4G~NMFbb-U+mxs>#TP-AV5{?R})Jo)6c@6Mt-X z-Sudau&}*xv_t9H$zBVi=#&ffQte3i(={46zZkWy;;A{^TNfMQ>d^09$epvT&9(D0 z&4-sA^N=-trOek9y?tvaK-$8o?0aOF1A86EV4==Zly*GHs2Z&s3>g+80AR7j$#X3v>)oAb)NQ#sfp zt)#iWT1wjUBr}5R#NYgwSJ%4D_Qt$*zI(ZUvOjBYZQ!I?=%<%!IDY?h7LJRilw@#XJ+qX{ zCh4rtE|1nb*S*I2Xa}oTs#~|i)_xq9+xz`=bMxdF$K&p#{rd~b|Ni^`TK@MQO|`GD z|A?>Fe+bX>zh!_5@!kCIXE#)Ty6Xtfv%epPWvKnHtp5PZ^S@=_jq5+YIkpF6Z+g9< zyHIHlF6ds;Icgv7f9xj(^RZ*MOw+ipY5$Y^w^!_j3rY#$`^ zO6_2_UOP-DcyN8S)y>y`mW8k1|MzbJf93uE#{MsqBJclL3iAD5`Tnnb|5v{ME8qY1 zuiyW5-zvT2{oj;|=lwr|(R}@PDR?RV-?z>$r2+Iw`|&s2t^oGB+cgrvNJJW_mBe!v zjH6mcZz)AjB@e_a!?i>ZUQ-W}amNq>m(CLztmRZd1e1j+j1i?2$|E<*Q7yoMRo*!t zL2(%wL<`7~f(j;DMu5Is1L&LgBs}qo5P*22G7lO;pq5G@g>jAm*W40ogOvuDP!gGx zmT_k_56lZ9wDr_e;1W4wU_g3n18{CobKqdPL>U~_ggdmt8AYYxM0sxoQ0*;2Ld4(A ZE9S_NBga1<{}%uN|Nj>EUb+BW008lH|9k)d diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar index 2acca785cdfcef2c8d34144ca6fc3179ad01681f..5d27e065aab55b62ffeec975c3f0d78d3458b322 100644 GIT binary patch literal 3545 zcmV;~4JPs*iwFP!00000|Lj{?a~jFA_OpM5La#bwYF~WA56vP#QiFg-65N|HganCvt!NFQG^M z=irA~l4KtSX)^h-V{GKX2>B!Z69m{7`ezWqcL#4G#DBQ{|NZ{pFpYZ?XAeIf{QLdE z!Qpkbn!3Y}2ZtMLIQ-Y9DV;iVed}gvoJ=-%;0Lg~@z@5p-`#Q=&s@6cg8*W`0r(q$ z5yT%6{0PVqfFHr#lS8*k??ya01e7yj6_%V)!WjgRGs3(h!f-@^W|$bGIdWQS0lAf& zQ*MzWMga>nynoU5wfF2hiztP1JKSatrtijIyD@aD*k1Ql+P_w#UNVcb{&>UM|88#| z9HxDRD7)*u{YoJ^+t$nPekQ;!s<%n?M0M*7}uhB0pEXKLffq>(5-; zPevQmhEG(OPSiB*f0L2#*7B(ckj17ww_pJ^PLObu(vavy!;CU4axS1_Va}KnXYn zo?5^t_FQU$G_w>CMGbStDMy(!o+-P1uP|0pAvh7%Dng-x-dU@>aNJSt757kRp}Dg} zJB_)qQV1-Caavi=4D;OV!7*Z^d;1nCqEQA|KWcV&hxMTE*U>@ASD{=n2ee^S&M~+zu2?2~NCymoY zJB5Jo$Wy5dV9I#Foux=R4uOZx60DiDf|E_KBpks2VgZ3Ro(Nz#GmIdQ5SJ8dER6QX zTkfa_RtaXkftqWn8N(a`xySimm!9GO(>3@5$M`e+$K=cUA7cRT@&7I88~A@8!v8Gz z{~|>=H1jk|#@E?wo@UNoKNKUs;tepD^3UA?Wk!3XxzyGJ4Ty8jA!7)ZiW5wQ(-3Py zw1rARXpuw?AYg&9fU`}+yA5NVksI)pj%!PqL7I7mAtcTUhCFxBLC&MK3YcV}bIJdV;FNy(Ko++zc@H<$zJjY3RuP534gw_XS@0NyxP4JnbH z8DW@Y$Y5g)#N1LYHE>KZ1u(XHlYUvDxTD4~0EO0s8)h|>(pVxe!+evzZ~*om=e6_% z|9?{T|F6{lDQ9Sp|8GJ2`v1QE|H}w#U;p3N|M&I(ef@u5|KHdD_w*+8B>w+N)&IX# z|7V!*o0k zcS~`z5|1`3@qg}u+)v;GyxY|sCB4Vu%EQK{R;g>xMwE&ih2^L1sIP(V&C=s~2*Z>5vR5JX;?dY18L+C9 zx~!eno3wpQD?u%HQ>5uIip%WW(DU=%r_T?< z8YR7|eJ-e>TWy;TJLBfKgQ~P11-Lf87}SeB8b;x&Ry-bb21C+~%qolwsYRnfEo$~V zQ9tfPc3c~T>o97pLUbJ0FRQqQ8n8QPENkU9tp}ez-ShLfA^rQV2^BzXf_c{8 z=s0#?v6ytO2hL>AxlU$1HHp_->)a+v^O1>@-<~x;5u{1R<784(yNdH&=UwA(lTGUj zN!@Lx-`nW!k*^!+W+H{YiYL!md@{c$MaF}tbNiaDR;&5*Vj)jYgJRGt6*m9FASo9L zH|17HWIhNBVE~qeb#RjJ)h_Zu7zN{6Kg^S>VpN4;(JaEKvI?}quXoL}w633{c6F@r^^5`b!uFEmTF)+nDwvS8et^%xlD zR=L}C^E_mIE%GP&CcVlnm*jk^uj;rx2K}Q#EjMMC!AUq+)=aJ* z_NVf45Uzt|7?2G=wzw$ebBjhPSX9f4V&FG(thB;Xxfopb@=;jQr!04I(>f{CTGMG0 zT_$-RuSZvDF*wcldN=*ypnl$H6oX!^5)|{LAkJSk`_)C$PTDJ~Cb4qWVuB8 z<$2%0c`nDAuD$k)UbW{cMSsllr@TI%v~LYVjrxgeT@HAm>5djBR?ea`dF+aVLi^L< z6E%MR*X#A$8Wi$EJ?J<8!}S}L&ca}Luirukl@^y#5aoO3PCnKAqpZSweo-p~K}+6@ zkMk|t5NWTr0;}dquTR3$alas^brLn28M5cMtW`XTYJ+;zI2+4CmT&Zn^>Iz9NwhAt zj|<&pki+FARYxc1AQz=H0o6sL7}U3VY>0f|MQJm~px0Ow7oFlo6GTCylFJ9}MX=HR zIzz%H-RH5z2L#3(0jn~jlC3GL9l2xs{J55*KDXO zChSiy*M?8DXf&0*Z7;oTPma;Ftj1Z=B}Zq4s~`@@x_HxRt;NaNd8IcEva4ep=g|4; z=Bj+UlCCwH&Z{tT{LucFlRU zjxR1p1vekn+2wI&;l(g13sAc<{j@jDcZ!f?6>e4CcIHEOwr(BeZyLvWd7f<^2q8-)- z%|T~yJm^HtVJ+$pJCTjMQ8Vriy8YTXBw^H9*HDAjzTrt9_O`y?k7lWQr4!xs{7*b+ zma2cc`>e9g5g)CxVANJOCt*KdyAq)?SLy9ofa0XHlCv4SD8k#aa@DhFU9R)d!ZmdB zD7!q*GLv1^BNyKA`ng{YQlLhsgCqBc?z2>S;XYe@P>xt5Jr!yFtbJNM%NOFtv`T`s zu>M2$IXSBgF5%JIpA>6pKS}(>4c4>ul3Yv#tTYT6%Cc#DABDYYFJD-#%EOZ*wK@yV z$6%GbF(CSe{B`%a{uSM4bX3gItM>6#GOVo9F+J~I^x`Hc z`CMFB;eKPF%cZ0n7tc=9*|>a?KRTD<8EWvx0+-`IWbHyU0|FY7-){s`z_IR8%w+1G#Gg7)YC_vioj=l}n?^c4T^(}}nK z{TE~}@PGgN-#4Of;s3+Y$u~Iw^z8WAS1_L;^qLbu(mRZefWRoht+Pr)Zi#{t5x@n; z)MCsuf*3GkG&2e*X{=L<5`q|UlzFEhF-k*^mF0#bV1NabNnxQQjAD#DLXuccfk7G} z3^9TV1IpD8I|20FXHuWxG35e7r>XLca%hEQh8n9C_Z~Rtyz!h9j-`RlIs_!y%+Xk5 zxPgdpNxb7)BH%S~mQzd=*M=BjyhDajDIL_@63>KEQhIDW(Gpw65a0ss@pw;r+S8tX TJ^H@@00960Gn$FQ08{_~uz?J$ literal 3544 zcmV;}4JYy+iwFP!00000|Lj|7a~es~_GkYJg}!Pn)qVI4e`pSIsW~JNf;T1{Rzr0`Wo2eRPgYhjbJJuVr^#&f?xzU=0B}k-SGKtV zL^juryn}>uj1eFJzXK3sg5K@XpQqB3Eas`2y#v4`_PZvSr^@^9+<%zJ!}Y&Jp8S6V z4`)e|9uDWpQ!jEE@Lzl{L+$&RpKO**s1r*&TQYHaDKy;N5$7JB?>_mW~~t(8DJ6R40t0QVN@t)fl~$pMWKQMF{zA0R3Tv$ zkqUZ)f#CAti|)SmL49WtrBL1tm(9Tp-1u8JuG}iNmjg8)T&hu&%;Iz~&Q$yVyW4yF z^MOK?-S@tGOCj37d-vPZSKO%4qZWJn(}fj-A>IQAnDLG< zVvz6}YbC6co(jIjpA@K(C6&$=eyDNp`e5dF0|!-`4=s~WU?Kp+9(e(rbd~|G1Yp`xD!nCyLyEnJ0!a;& z5z15KF(+DmZ7k-QKu$|QwO~>M4w0msQ4OKT)EMFj=0YoGDEF9Q3o`0K1R-pw(e4*E z76Z%*CW+)mbB+z59BQsGQ(S286$3(eO04xpaxFR39tdk3#?%r_=-0-Qf-z!<2i8I$ z5LMn0ZXjTULJg^v&Pqh3v_t?YsUV6wBCO+F5kM^bg^lHuX9!cuC;>_uW0(|5bIut? z$b0B4lZ*ocpah0-?|}slDvPPWh$y~otoQc@+n*&P_XJ{haJg-P*lz3pYK(g})pRg( z^FcDoP#bQ!a6VDf`QW>Xyc$1Vq)4h}kxS>_(c{(8_A))+zJGJC2q?CtF@<|?`~erIwuNtTm`_3qyOJXPu9&a8n+;~V#M zXEBSj=FMoEHR{$%^@WV{>ebjY#!-+G7T^>j!KEKwO$DC4C2}wC)&F<$CbE_P|D@{w ze^md^ns)jB8_2HyzpMZ6>i_>-*~0((C-BFQ@z>A)QULMp{O?=H*Zx0hs@t+t*3IUJ z;OIxx(7!az7gvB7dlm}-Q9{tWz1z1iz=QwaVys_Kpg?<5l@30ABM|=X{gcB#+7WvH zcU$d$N8ZBif0F-mjPY~)#{eCFKm_3OH*^~Hx_et(2a0u^rbw^3`R9t!7*wkw7ILP0L#_;H9G&;3S&Pu0+dgWHE+T)9{NN0*&n=3d; zaerLD(QQ*}El~I31Yb>a^Xe-w?2>@d;stRfNcOi-u>(EKlc25 z|LXIju|`Q$vCj>4>w+yKh9ye4&TVq|dcZW|5l2>$~X8l=q8~iIWe{nzsyTlJPj1)YYcqeBXJ~ z_+gT@er2iq&Gd&D-F)QRL7Gh@KTz@Hxr$r!+bS~dZO`pnv0AC*n(cg!)`CJ174zBu zFi1-I{B`LpBr+F-`7i*t`E^juMfLMs5VnJHeGulzMWJ1RVWG7Qhm~c$P+T|8lZ!$- z{IYFXSQqPIFfRqLQw(myqAr~e`omm5%!Q@gYBNp{6(7e8mc?=aDnYIgPj39EJuEb4 zM=arB6&2DMxiT@S8?jb^J=2%>r=DCCZVxELhbHD~cUjSpZuwr<^@*}iU? zbutUEt5+`?5MB*V+tjmOzLG0lFgrYkj*y$Az4AjfJT0@TTXpT}4R2hX)Q+#OB$?dy z)c%$mKmY6H{ykggb3#4(H}}K++b*7j!PSF*^F35tcH2Qa7nyteRB}(Y3Uj$-Js$+^ zUU=-(ZPx~q;}B0uIUcr&Iq#O2-IHlKExCL*?Ht(B$#rgY%*WwTYiLX3J}xRe*WwB` z`+khaXl1JD0**(HjYcQKasn#LRv~EI`LQK(ffvPWjzQE~7M8uj`6*}zt@2SW=q!WG z_v^rJ`jX;t)aq21?d#_4+2Cx^IjPcFYn0v|=hwXkx~VMl(Ibv$@lrTz1h3zqglO!uUF@Fc3tX~ucx{2ly=Is9vaVCN0qbqxNU)6d2xGD?ycjnoHS^0 zC8CO+w9ouB-#Htlwc4Ohr_*TG`Si@^kFS6G3O~LH-7f>~uYmI9RBBT1{%$6~UzAJTbVkqDtCQ%ziAj5?v+TD68jdTp-wt7Kn2Q_T&bmGfaj$)adhH7C4F{v% zFeG82KdPhNx<2fWGKQ@W?WkWm9rnf*RPRmsVR{+LN0_qJZoqv>3|kVLbd ze}zHQxq2)59R8y8nXi@cMSRm5&PJzUGgr*_hU7?vq=vv{ow(V%_Y< zol@lKZKD{Sl7sOS<%=;n2UUnx!|J*zj;j^MV;hZ2V_QDrWRSXA;~+_HZ-yn3=zcX_ znrU;L&IiM_n!T1nk4?oE<_DuC3lTVuCI@R4lC)2UsP)Gb+6dZe0o1TE8r0jc+CA2_ z1}~wA#`!WnoiD|tgFDx)vOFPKjNo#7+#FSo$FNYr`es3L9z&w3-`-s5cHnuQ`X7V(B=+fI9^+#R3}W2(^T8>kN~~OM z##}>5g$3R?02T8TBgwGQ#u`Z#v4UzK88yIT?*xM$K?s#qj53coWd_h49`9r)JK4#v SCjSlq0RR6ta>UyJQ~&^|!1B}p diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar index 57603be41883a5a19fab3f1b22f61c070f4f956c..d3f9fd24fc613af3b41d04f5a51a11573862bff7 100644 GIT binary patch literal 3544 zcmV;}4JYy+iwFP!00000|Lj}YavDjq_O+ivpCWPTxH3hUYBOd`!77_ejxY9{}Orh ze*wN(CQ0^YoF?<{+edB>M#!J}pCG_K@;`$JzB+gjBmUz4|Ks(+VHywT&K|x!_~Z4# z!QuOCyKskZ4-WHaIQ&oElrEfkf9;lOoXqnx@C~><@z@4$zPrsLUb-~D1_8u=1MoKh zBZ%K3_!f{O0N;YUJ11_N-t~BJNGYI}5&ETR<3o9^;4n30=(?!?4xWBY!j($RZ09VW{-8_jan{`cne z!C^X5h_bt@Z@yB94sX8w{`iP%HGRL`_td!>wpT*9B&SjK2(xv&BfXtj_A8zA#okd`~iq~XS6E3|}617)F8 z5Nbpa5&$bg<)_AyMpH=~CR`~6sE|@=Z?IPa8A+6Y&><_4luBTrJmrLG1|$<&X(JT> ziH#*3pbQ$UpyE~_2OTj~8f>9Q0663gB8+1xrIt__hk)^#8bvh)hO5sQ%XsF!z}^T1 zFc+3WYd!Le0qHy>`Qt6%-T{gQ!rC*aiJ%fPiiBt4XEqiz6cYb%7Q zNrEl%7#e0EP}msm7{)>|Ot_;26V0BzhOh4ocDPKY?h(Xp;PR;jV*6D8Z;r%gL(N7@ zmyVKYj@s~v3)8t;q@yn?^3C}1Rf=S4Idob21wFnw+P+SYc;?bf%@$wKdGx-&}FS#420eQfRK;ZD`$SoQLr@2hm-W#KZh)fLQ`1zzTX` zjbP9rq75-tLy4rO-b$~LQ=DsRjWdoijv(ZM5(E&|R5?MU)fBFu7$3FfF|1pLi<39szS z6#hrS|3_1V!)&=qGiTpFR3Se@1DMON-~q~v_DFN7tp^$q=bS^v5G)lZmz2@9+Pmgp>XL-uk z@I6ZDADiZ*BS4ftiv@rvBk0w^<|Pbp@Bf$R>n9Y*>A^x}qj#SPgnxS(<;^E6La+aA zbN#=QmvH-Ee5y0Y%qPLn}> zHwLAk)vw=uE(a}BZViKquXjST2;#wVZTV?88foB%%k;Pz!tkWI8P-U%d^EF125f7U z0qdsCHtinMTF@w5m1#POBGWrrb(+a=aA67?*SsEeqV>CX4~pKV^<|f-czUDN`DwlP zzEUc8g7@c$viF@@@N8uH%t1|Kdz>tv4efR*c$wWyz9a{C6Dt7T-uxRJK3w_X?$d_{ zV@;D`-99(e#BFby4*RqAtdHun83nj8yBIgiLmEcmwoyJF_s0`5h|D&O3~5BuaU*Jv z`q3!vM|Rd2hr2LpZ9{Y%H!thBfm(1dZfzRXE^P+y-rei-xGw$sZ4t~Zv)Jbm=7Lo= z%6%NW&qPeR(qm_`=UOMrp_<3Lo9N7y_p7Oili!{-KQW|9X0v48P`4H5yNhodf1Bs6 zpIGW{P5nMbZ*Td0kmds^jZ{2;uHuvNJt;CCJRRHTVzpi`o|j8SdK#32VWpJ+4}+vy zDqU4OA(6!(EQJBsly<>MaoD&h24NJ;8l$jCdgZ7N!?Ib2QDqa3E9(#@y>b+O+_o<7 zDvdBms{!m*f=yV_)r-+!TpWbOuv*;S_7e;%4}AvfN-Y5Opjc{G8l7n|jbzEV6&o@z zDQpYZyY_j=Mp_h4^i|p`Y&PV4p?gi-oq^F&sZm(4%iv^GAd{qbc2QI9D49%;CJj?) zhNFeN9EZDL69y#L$ClTXVqx8?1nYWrT@HLc##$$=RLjBTuo#6EeaZ?KSDlkmqqA7F z(PdKP@ow5n%fV@JIJ_E7#?A9qs~ij)wV+(A1aYy~9@W=vJMV6(n#ao3kFV0XYL5HX zR#zhfSA_y=yY9}fhxMVWmHja*p7Q2w-n}*qwVEfcb2;XvwmVv%ShcPLo@9y8Iaux=Yd;gaDsItC{f~Yt&clN0lA8i#Di|a-y2s-j= zc3kY(mPm(hx zGvR1)xifsOMXRmsb$8=!cYcf(RW-|!0XaG=^@2DcyYf}PvlAz0=e6M?$a=>(E}--6 zRj+!wm98^gEbBpkIN;;qyXQWC`271P`0-ij{yO0P1Sr3rN=@e7zs;nDv-bFCGBD@$ zCce0wmfULEWS7U8g%^{gDnO%WM(J=-?3W?QYTT-(?XM>8Y}Yv|UbT*k$}ejtTWoi& zZX=3o>qWfngu#CklQwoIlg6w)8bp(Ae_Y3ds4;Gg2jf9x$6>j@38NuymQO~_vYj-> z?Qws6Jnl#BNh2Cf`jL$XQ9B-t2cyO;Bw^IwHBgH-zQCjpYg^yWqgkrHl0@?>{|Ge#2^1Q#5%O$)h!|SSY^|NSKZSv{bwRHO^ zyFAY_ll7XB3$J+d+;7GyP}9@#k^58ntW-Xs&ki3~Bi2e!McO>;o|eywrMR`IlOQea z{**rFXSMMqJlgq_aw8ojiNCnQdb!(>i@AWcmLU^aHC^wca9AG}OWSRAa&n}$XTkX_ z>`r=oelbw6T@+-wt6fljUhf2pOklcUL5>H4f3!_siOZY7h`PBSd9czJi~rjy{McU zc)e-VXXy*m=YFB#tL4-B&-dQ~`VaR16GHa&pO=vR{{Q{{|NZ{|Uss;u|NV60rGNhg z*~ja@```b*lza*QAGS`u$OfQi+s{4&{S2YMMt-IZSH?1hB}4=QiVP!63xt*8ieY9w z0!k!z`S?q9L}ucv2NxE4#e{ zL~gIQ@(L2pF-Cv@{0cyf33_!vf1OH?vPv_xd>{m^YX3G1o+`pg5{q?^@9{qm= z-!79Rdpk*!`Oh6Aw+AES&-_miV4wJ(5&~WwyoeG1;r{>k>w`iXM{{Qj?+*U``rx4O zA=@lm;oU(YkA}j(@}_j*%!g~YOygvp-+^zz?TyDaxO?wz7V*-hc^?E2eFMQ8fO?R< zBk&!TZvc4*?ml_xHtF4n2L*)`G1yXMBo`ON;-6pml#ws0uP}3+`#@Tq5tM>nQw+{;G zSRu;pdhgy+hzh%Re>{H0wVFO?aZp&S^fWg4V8RQ?C9{q&#UbYoAVYyP%sWcGAdE4{ zl&2UI#SC#sS|c^^0DCHwb+-e3%>RDejaD#3Xv;OC&S@kK77}U)t?-sw%!xx9VJfxe z0$4AImJlfkwUM5Bj0OLVjioR_013#5BwSkQsIeSSCp`wrBP|TkjB}!amQo6Vh$B)F z!HJg^81%WZJZH>1hJf`5Dqx`TSYabLH_CEo1#-wafv_PQ3r7S4R5Hz&7t$)veq&=H zLL}f&XeNnuo*;stSK3kzgh7Z}fiyEjIRPExULr&#M_39A2`5Z`$ygjS;)R0}5~97J z7J7!Uq})m6jg!z~<&hAWN-3DNf;;0OK@ww0#BXdYOdw?p3XKs2mMU!oQQ9iO6h_(s zDh0Nh2_~F15^%jo1}iL+se1&m9b7)OKy07t|HH<8Hq~srbm=&m z=BN#yxGVmXXWSujui^IQD&d#50#>YPR^QYkm+UzM;uOz?fv7 z#%bo}*@q{N%9bnlde>ve#420eQfRK;ZD{Q@&cpbJgXk_w;%N6!K*AFn_D-C58-SDxkn_d)rS*8tzh{~@HG=Kl;sy3hY# zLcWs!KS0#4S_8~nrXJ|?jxcti_lVU~H;=M$;oSj8@(y3~6ycF}A5(#M2L&UkG@5B( zIh4p4D7bSF5pA3aj!T~Kh z!PpT>G?WfAEdkZu1IPi#)^H0slMWEaU;&VG2PLVke;umJemJOC}Vlvzy~byQo<5K+=vYmKJPAkR3_m}3hKS5`@k zJz*Rf02F2fK?Ja3++(Y}qKt4Xk>}oOs4b$JB49NDf=J7a#?~8w7$e3a?YQxja`Bu8 z%qq>2*;7U1D9w_kdu%!=tWp*2tlpnr&Xe{0exZ9%NHdkKcJ>TR7GJx^JF8`!H{XtS zyEuKaMEy>x`Qc^QbE@%#3&^x|z!IoD0$y@$i8lF~L=gs%g^md51tp$2VDqK8K?rk0 zv4_GCX$f`+YYQpSN;^b^=J|L~Nr#XUkRoioRRBtWf#pUJATiL$0kx-^zbH@e{})yN z|D*ap25^u6FCqK-|GxhJ+ZbzK|KHdD_x1mM{eNHo-`D^5@*?si|NlkR|Np4|pEvFE z{}+&b{eNHo-`D^Dx$*@6@1DS)KgM4_|4RYH`}4mqA)ovIsH1LbPFc51--4r`QA+>R zG@o1nqWoDb07MBvuMTcr!T|UFe~GbvLxG$gEL1jr|Aj#KySGu^ezqg@`tLT^|D3#p z+rN?jbBytG{Ko(>ywCq%LjHZ5h}&58?$Um>SWIK1vN)L^UC-@X>#pD4?^xbHk@*98 zm_LyJ?=H!G58lGNUEOICJr-9U_BXXkU4J>v2N-ABB7Jvsv~-ur@~yj3v&GcCHOcI8 zXEV?7gZnCA{+Y8{fId8_|J~R2nr`!C7xmzvuvF{fCc9mJgvXcb%6eF9CZqax0!l%5 zSigH+4!Wk?je?43&(%fL;qA%M(R6xhJDgQd%dPs2*z{%>Gm$M7yE2z>p5f7~b*+1* z**1uoX>Eh;aBzMZ4*DeAR={v_ ziATLl7?z81SiYpKa-Fs&-Su$LMXkZE4GH@*NdHAsYshaIfyEy{C^lE)l%uI zdKMB{48l?vfSb}bXcVK?c`*ok!K^h7i{zr*tHZF|U5AtUx>c@h+vmwexfg!gwk~fg ztuRQd0qj?To3Ns*=i||&I0}nlwYa$*Cx|K!V+QL=EdcePSdQn{e%hOq+sh-Ca4_}Z zpm>@M=c-|b^}4M#7KpE}>t|b5(ih2=tXCsFjB(PQuGy;W>|u8ic6~!tO;iKbuAGPL zdNT>P!A%&DTpwFrSBgjLZY5aPtLt*$^EuYe!b-Iq45DIpUTh~v$Ias=?WXftRvO?+ z|D+XhB_=_$7)4j(%SpS_?UsY6RS(L=;~=gCiFTc3yv^c6*o&>(j+S<$J7$|K1MFIj zi#CLptl>5TdwR{=mnY5Rt4m4dH$zo;;>M5v z`hNeOZA(R=9{gMU>Hh6iPQu{w-oK?Gs;mdSpjV8{oqg)XM_Yx(;<{A|g5EGZcIswe zgZXiY=hY$)d&Ha%YU{ztqLx)%X^`~~ZS~};I6daG@Tfbn)!7JF6i&6cgq@L};ThVP zMz(^psbkaW$)uKm`np>V+B-jXMKSQAlFu=Sy6f_KSUx`my`Wn=DhB;^ko$fc*xSCO zavXL0jdky;b8|L6TlG&GblII|H^-&zu#K+k>r(W9<9WQ4&$_|-G^&q-dbe9rs(F?8 z!QyDy>f@`;d5c|DhqbFkF+8RHT62hIDeJ3R9v?SdFs!X^E^5PV9M+OHt!zY8*Yn<) zUzGZ1)2!JXkLY3%E&K1E`TXJaAD`jJ7oq$6fcrC`{C+AmnRkCTliKb=pM%qM+mI0| z_h;AeG#Fm=2WN-VKphTsOZ8b-j`YPW=+!R{ONV6M*HOq;AV~(&UEE~z{&}!2SI<|q z>L6Rv^X=v&`fp;=A?mM3y?}wIGhyY_MpFQO+q~EU7}&Hj)#-+bT|n~SRPGV zXt-@nM$?>OTN67SRZl0wSsk?obugL~9pJ0woW$sv~)9eS1WmB zy8S2)f@zLnnqaZKZ7&;=q@{YdRHTau zINwV&LENuKp5C-8 z(J48cEl{ZvlXK93XftVSJL0%eXFRsitU9x`BTmMdYqk%QC!Ez+%TQ?Y(w z3f*rue3yJ)|M~exK>zyrf6DjupO=yS`Tza-|NZ&@f37^m|NG^{OaJ~0vQPJa_rL#r zDft@yKOCKWkpn=_j-P!2`WZssMt&=>M?^u0xL3*%t(|pDXyhFfOd#MOb Date: Tue, 1 Jul 2025 13:53:55 +0200 Subject: [PATCH 19/19] update tuf testdata Signed-off-by: Carlos Panato --- .../policy/v1alpha1/trustroot_validation_test.go | 12 ++++++++++-- pkg/tuf/repo_test.go | 13 ++++++++++--- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/pkg/apis/policy/v1alpha1/trustroot_validation_test.go b/pkg/apis/policy/v1alpha1/trustroot_validation_test.go index df81b64d..2373d917 100644 --- a/pkg/apis/policy/v1alpha1/trustroot_validation_test.go +++ b/pkg/apis/policy/v1alpha1/trustroot_validation_test.go @@ -29,14 +29,22 @@ import ( // encoded. These are vars because conversion to []byte seems to make them not // constant var ( - validRepository = `H4sIAAAAAAAA/+x9WVMbydK2r/UrCN3iA7Uv/mIuurUDLZCsBXFiwlGrFrSh1sqE//sXLcBgsJHPCMt+Z/SEw6DqpruUVZX5VGVm1cSNR3F3Opqs3v00AAAAp/QdgJxzTh5/PuIdJBxDRADH+B2AhFLw7oD+vCo9YhZP1eQdAMPRcDIaTb9736brD1/k4ef/ETy2/zE8Sr7gUS8eDd/2HYk8GCHfa3+CAHzW/owR+O5gJ0L8l7f/X6mDdNxtD51Nfzj4K3VwkP40XY1d+sNBOvm66fdJUTx25tPcTeLuaJhcgUfg7sJjGVx/dstxd+Li5B4EEP0PYP9BoAbBB8A/IHx190fXbhXfv+wgDYVVhDrupfeSEs2Rh1ITpy3HzAmhGRMGYeuJdYY4KjxTAHOovNQaM/bwoPVjH2ruLKIUyvXrkuqbjht868K1W3Xtp46KO59Uvz2adKedQVK1/64vH6TjjkKU3d+9/kghSq8//fn4iLnqf6nFQXo80/2uSV7GpMbSOsk4sU5zzp2iAiAPEJXIYSW4IdpiBSBwxEIjhaNYWcSNBIZocfeiz8n/n9dvSzOHoeTYJt/CGgmtUQIIRzCHHjujEMJMAsuQcsprRZCFRAPssWBYYiB+Y2EZTohTgmImpBbSMOSBB8xogYQSkipFuGBOQuwU90oaowyxQkDLodbefUtYVHNOMTMACQO9NggQazRxkmPEjLOWMam9JtRLaRX3mnjEEBUKYCl+557liACUeGiENwQTCo1izAmvKCKCg0R6Snif9D6RjBMErdXCMIW54cjZl8KyzBPIiZdUY64UUsALDZ2hxHppgTHeWYEIxhBZKD2CylCpLAVQG6aY/o2FBYyWGBoKsFFYA8OI4YpjnvxTHisBEGBOMsMl8YICySWWkigogcIG46fCSt0LLD0Z9d2jEltryqcS6Nqn9d+6J371VaediYs7o36isOGTJoyHahx3Xq3I1q38QxWZqknbTeNX6rG10v+xenQHLp6qwfjVptlSo26oyZcOY0bDuBtP3XD66UlDTSczl1rfsTbCajq7s55J9e661rrGa2uybSe67yXddvI0jzVCGFDJvMOOUgyYTDSuIBYiBD1hRihgvSAYaCmpQcwiaA3iikmFpbeAKoowBsBQKJ1TBmCmrMVOeysx154jTB0HjEplEBDICGeIoEh6D0Ait8+pgz9Tn381AfqX4yv+/9Az33gOsIH/Q0jRM/7PKeR7/r8LvML/v+ipnzAHGLip+mI+7w3Gutc96uq+G7annfSHA0QlvVewCUd4tLuPXCB5l/dOIwAlsdAziDBwgjBmmXUSqUSZKcEdlZZJwqW0DAMMnTTEAwAQ4EAAb4FFSHGFNdOECc6tpE54T6inilMEJMaCKmSdUNQYqLCziV1kWN7bpM/3FX0ilC924AcV/dZG+itFTwWBzCDNOOdWUcmJQQA4ZyF0yFJDKE3qjyzDyFMlKJReIEmkExQ4R5SnxnKBKVdSJfxIcAogFYAjqbwACiiHDIQcUmapx5JZ6wSVSisiHYB7Rf974yv9/3QgvuE7Nuh/Cgh+rv8xJnv9vwu8ov8fePxPUP/PpghpM/XuaDzT39D+kIsfUP4Oc+adRVJgAYl3SEDIhISKGWIBcgBQDwW2hDIsEGCQEGKZog5ZhRGW1BoFhXaYa0wM5YAR6Il2miINKVTSWeAVEMoIRixhTlCkICROIW81/lr5m1k8HQ2eVrTbjqejiXssOkjPYtVeizlTy+ce5rYH6XiqprO19AIz7c7d45XZpJsU373qbj761RTez/qmO/o0h0dmMj0au8E3hCkQ2yxMQqBWlnFFSKLLCVRMQE8ZZwp6xLk1AgAtMcGUEi8hFEQpjx0XVGFkGHdSOM2VQ5QY6ZTCGEtjtCdEY+Qg0BJACJFDBCMoLeXaAQmAYxpz6ck2wsyvhfAW4py469Fkmz6pudXWESgRR44rKK1ObDGCxEmMkeTcUC200Nw6TgHTziBrvCPGGCCMlo4RSIWDXmsLlbWGIY0ZUoZCpQU2SHCiENUUGMIgZwYbCwxeO1ugNtuIsZp8+beQ4nQyi6fOfvriWfiGNDFnaLM4rQJUaqQFQx57ZThHzgrhrSAaW+YUgoJyRKBgiiBiAUdYQUPWq6tEIG0k1gAbaICyQErpAPLrlVgpmLJScYwR9IAQzQwGXkFBCaaIE+elJuTlmtk0Vp+6w6mbDJztqqn7BF4ZeUzCzd9ROq0YlprRpB2dgpJip5kkjmIAKMeCWIu0EVQCr4ECFGmmgSQQaAgMdZIrybV0jktGPJGeasggYMYri4FVhBivgCRAYQP8msfhRD9ixCyHfJsuU/sYvEmHidWnvlP+NVEK/AOi1BpoAbSgXhCKudCSCUuVwMwiDLwmVFuAvZVCMcm1EVwKBAR2yhpssIXGCC+cVIRJIA0AGHhEIdPCE64FlMmMwHHgoIaQYMG4V8it+xvByv0molyPu1dECX7AHlDrHIWKUYMkp0xSpqlT0EhlCBGWAwyA5ARa5ykA1hvhGQOOCAW4TfqgsN4mUy5HoUdQE+858cRBQozmQHOnKANWOyAUU9ZIbKwmxBBkrHd6K3uwtSj/h4nb1quaX03crLMIMWOVkRgQyi3yzGirPQZKcAyIow5gx5UniDDjKTKMOAkoRoDxxCIgz5TlCdNxGHJiEiXpFRcKQGol4A4bZy33mihoESEKaCKFBdogBOx+4vavwJP530/y/v8t/z8FaD//2wX2/v+9//93ENbe/7/3/+/9/3v//97/v/f/77E7POH/P8n7/7f8/5iBPf/fBfb+/73/f+////fiif6/H4Zv/47/Pf+HIQT3+T+7wMv2P75Qy6JT1k3iI3D8Fp7156J59hMgwr7qC0kBg+8OlrsQwEP77+JdvyEgYwdjNe388Y2O8KujKo4ewkJSv1pK/1zspNlf5/8AsWf8HwPG9/l/O8F/EoS5Qql8cFEPz0qZg9Nca12YivLXi9yiVTwdXZVueyATVFql+9+zQcVkK+0g59xgcgM7zTjMTupdNtA10FzJxRVf9H0qboCWizUg3d55eWTqo1XhapCtyMvzWj5TDqeynfXFRf4C8JurxUkfT7Lqtn2a7561//gjta5Drpx9Ua1fLbF/FjbZ/7cIBtto/yl/Zv8pRGRv/3cByOl37f+vDgQ8ehHSuB/8b41dNPum9T/Cn9t/iCnd2/9d4In9z+SqtVK+lAlquXsCUCplyr1MJrCoHSxKYdAulcqt3BjF5WIzriwy7S+EIBcsSgvfy0VRMCoEsJ4LO1E21WiUw6gaLXKVVrZRqZRyi3G21VyOrwZypQf9TlRtLfLB+loxt4C1VpO0q8OTjh6UxwaV56knN5zkFgCWs+12rZlfKdQApXwZRBWyyN5dr+YWdVi+LeFyNncVhWZdi1SmE1Vqhf7MXrbb1YGEelDt2EJ/rnuByy/AqpzNraJesIyyASpn82pdVnssSyWFUZEss9ngNGyXG2HQqgWwUavUcrUozK3fkgmj0wrKx6p5NTcDOm7Vcs0orNzVIFxG5TrKz0q5q1WrSXvqstzTt483ZKpRuVyrkFIOdsxg2reZsGazufMoWNw9IFeN8uWaWZVvK8tCLbi8q8Wolsstx3rYIKXc1dw26XXrsjrWiCyataAWts1N57p3flEphamw3b7/EIXhopwJgspFLW6G3PcrozzNNDK9BoDwzLcOdfWyF5zPRNG1u4VDmNGzTjBMHePZKR3ekIy7mUM8XM4bs1N0WG4qcpqdtC5vztwNB4eRH4H6onIbnCc1LFZEGHiRC4MokwoqrUWu3co2qqAWVIrHYdBehO1ceJx0qlpg7/6A5PLtSp2M/GV8jj+WDk3tJMRhsdlepU5uitkovn7e47LVRbCoBqV2WNeud3PuLSaVfP+mOw/7oHiR7R4WivHNeEVTo2m+GlwW6ysRZ0r50aqZj0sKB9mJGjdbTEFYmTameDm0U3J8yautk/NjCH2fPdLQF6PjV4/ct8Em/vcWwZ+b+d/z9R+KKdrzv10AcvJd/verA3+Pnkcw/0PG3O+EXTT7Jv4HMXvB//g+/nMn2MD/wn42kwlqNw/8r66btdvVKAouPzYzpeOYlKPGpHWIK71m6wUfTJ0+4TGZTpTXBdlrNRfLfC+o39GYqJZtVPsGV9qNfDks5U/mGlcWxY4pR73KMhX1SouoFiyiXoCaSeFtZflQVr4NULMXjJ5wwNPcohFrVO7o7B3BSiVvDpZRuVFo3NpMWK+DXLs+kHObDa+iMCqEq5vCx4jIoJ0rZDL3vy9yxQCUgvAsW06NCnMSBTE5Bp1T0ldm2AtvOuGy2Juw0/bN0nWLpVNwblm52q4cH7rGqn1YGMv5bf0ij6fjy1GqfXHcqJDckub6g8YksGfDQq/SC4MoIIlcbHaR8KBKIrAw7AUXay5Uje7IUy3IphLCFIXg7uZ2pRmGtZNst1ybwJ6+6BfH3cnF4bR7Ct2KfES3CUt9oHuVbNAul1JBNswH3Vww757XT4BAzK7mYnxdJNeFfnuaGdaLPicBREOznLavW322aGdKubN2D+v4FCxuU4XCNa5GlYZr8GYnuMixyvKytmiVLvPt/vlV6eb7JOlX9+49NmET/3uLPKq/wf8I3vv/doLX+N+vzqE7ep4MuOd/b46dNPsG/ocofs7/yD7/ZzfYxP9ua5lMcHn6hf9lWyjXRpPRddmNIp+dd6fTVb/Zsdf93Ev+F32H/xV7gXngf/mn/C/Xn9lCY6WbjWvVzIPUVe3FMh2IslcqvwC30e2XMpyURdlgme0F0cP6WNhczlMtlI+jKlkU7whiNrds1K8uy6CUr9YqH8O6asK+wdWOvgzHemB+ZPGs2oEje128PYxWccacr855NtDtixt9CD3lrfPZ5Tg/m/bwzOXp9CoVYXLeNr0sr2d6pHJRbc67dpmfLHF51elVAIp5dlYtDW9GaLRQ2W8snoUkWBQr68Wz8zBs5fIXJ93Dck1bvZjFzUn/LFqOl9KKa9coRKFY88TSotKKQhXkz66vUuGh8T3SbbcmnYzxq2VxiMaTy3InClvrm08qawa6XrrNZOJCUKnnw0VUuvt8U0glpDipSgCugyjXypQqGUm6zVHUiqg7Xl7Nx/MKXWSZPS7nC73D7HKcbZPLk2omzlzOKqVOKiitLtlsMMvP4ktYOkZxKy+uJ3YZUTOonbLo5BiMBqvVTX1AXllx+9VD5R+JjfzvDbYk2Mj/OHjh/8Vgz/92AShe4X+/eDuKo+/vsLFngm+EXTT7Rv7HXvC/dfzHnv/9fGzif2DN/7pf+F9lXji1pDXM1a/PRLXj67fzj3JxeBvPS79m/W/xnfU/F4WLL+t/jafrfx+bFFxdnkyvmtVx67Lafy3OLfUQ6Baf68LoY/Hq+LR+Lk47F8dx5RYfrqZZddNYzGdzcOsug9NZHna7bV0T9dVHZqM2LadcCwZNdEEKnUIEQLZ9Vu93cbZcmgzAiVJlEhVbi+ydb/TizjdayQbtXCEKozU7S51UvkXN7nhe7m7xMB8F6wXDr3ni2fVVQv1S3+Z+z4hidH1egufzZjk+rLvBaXzMUGnS4GedM516IIKPPNAEUa6SKWWudT2EJrZuBMJeb1DJRdPePDPI3eaak6Dcu+mFtZvzMFU/uT4LumGfZGSzqtjtqb9u0WY8Gg3zxcLlx2HmOFuraymLgVBdEEn4VQDgngf+RGzif2+xi9lG/kdexP8xgvf8bxeAjH+X//3qHeyOvuzBt6d7Pwu7aPYN/O8b8f8IMLznf7vAlvH/pShDw5Oz+fUiHKDhMOpUp/kcr7WoQMepcfEwr+PlCPUvJ1Sumo2rfGd83bsytyflQxTiKxX0ZufH3R6/yl6f9U9OGjwDWhcOVPbx/7vCJvv/Fttubvb/vYz/p/v1n53gtfj/X73l6tGL3WP3g/+tsYtm32D/+Uv7DyFle/u/C/yVXq+t1tZ7fqTVeNzvGjXtjobH86E9sm5+9LC/6sNoTKRwmAzG/3e/ycUf4Aim36en/VE7Tn/471/rXTqCh4280h/SH4sB+rTewet+W65Tt0p/+Cs9UYtwNXVx+kN6W66xDdVIv09fu1XWTVW3n9Tl4rR0+SmXyX4MPl0gyj59LAb3tZ+rftfmR5Ok8km3maY/pBFA5D8QPdnjBB1RLoAESPKr9OfP79P9Ubtkk7+5dqvkl3SnDBqXN9VwSVa4dVGQBRadXYB6rXcjbq6CxmzobetCwj7rBH+kP3/+833auMm065OmccFs2klE23V30o5nuufMNHn+aNJWw+7tuv3SH9Jn3eFseZAfzYb2rujz3YMyHdUdJvc/eerds562yJbJH9vmfmyb+rFt5se2iR/b5n1sm/axbdbHtkkf2+Z8bJvy8XczPtKf//z8QyOdfSDwKv0+7Yb27iJ9cfFu6P50xfhaEvY2Odi7V4zFWoeJhhzIbqk2P1zORmY0Ci9Ub3V8EQb5UrTsqEWcOewHWXOvGL9s8vfjarE/Mqqffp82o8FgNCyrQWL5ai6eHtQ+BgfV0Wj6vyrKraJktg2S2TZGZtsQmW0jZLYNkNk2Pmbb8Jhto2P+l+CY9Of3L/reNh66bR102/rntnXPbeud29Y5t61vblvX3Laeub/jmPtWH9wmS2QHffDVHJFtU0S2zRDZNkFk2/yQbdNDNmWH/DChIh8Ae0qoMP6KPiQXP3/+c7+P4Jvi5frP2x8BsWH951vn/0G+3/9hJ9if/7c//+9gf/7f/vy//fl/+/P/fpND6/bn/+3P/9uf/7c//2+Pn4+n87+HpfQdn/8O4fP8X8gp2s//doLX5n9fzk/62QeAfHXyzLfMFPwBvk0dNZwIB5zzhgPNhJTQe0YdY4R7j7ARRHPFtQXea+U59t4gTAjkzBJjKbIccaEY9RRyZJlxVirttJNYaeiE8MZZDDnEVgpDvLaOIaUoo9Ra/2YHgGx9JtVXdsRQ6ySlhKxvokA6KQgXGiZcOpmjGCQZUQmpFpRYxD3TzBkiFOOcWG2MwwhpA4CSijoMEMQcIqe0VFoByUHCobA0zirjJDXMIS6QVZR4iAHe25E99thjj98S/z8AAP//lDffuwCcAAA=` + validRepository = `H4sIAAAAAAAA/+x9WXPayvb9eeZTuHhNrt3zkH+dBwnEYFvYYMzgX51K9cg8GDACTuW7/0s4Thw7iXMvDsk9l/UQQkuWmt27d6/u1cPMTSfz3mIyW//x0wAAAJzSPwDknHPy+fMz/oAUYMAJRSi9j1DC/ziiPy9Ln3E3X6jZHwCMJ+PZZLL45n0vXX/4IQ+f/yX4XP4n8Dj9gcf9+WT8uu9I7cEI+Vb5EwTgk/JnjIA/jvZixP/x8v87c5Sd9zpjZ7Pvjv7OHB1l3y/WU5d9d5RNf272bZo0nzrzfulm895knF6Bx+D+wuc0uP3uVtPezM3TexBA7F8A/gvAOoTvCHuH5M39Hw3cev7xZUdZ4IWhHjOvCQYcIuQ1lxw4hIgmDghGPFFeEUc8w0Q7zoVw0mkrPWJc0IcHbR/7kHNnEaVQbl+XZt903ehrFwZu3bPvu2refa+Gncmst+iO0qz93/byUXbeVYiyj3dvv1KIsttvf31+xFINP+XiKDu908OeSV+GoaUYa4AcFYhoSiDQxiMkiHecWuQ14woCYTR13DLhJadGGmmoYMhQc/+iD+m/H7Zvy0ookKaCOg61pB4AahByxmoCuIWASSUt4loY7JXHwCMHvZGUKKqsNJ79xsZyHHLPCCMGA6U8pkoqjgUwRlCJGVHMQCKQsJ4ogZCi1hsgHTcCWaihfW4sJwzT0CIMOPNICgWRkUBYqQTlFlrnOEScWmq5Ys5JwhTC2AkMgUecqd/YWJQY5bBkGBqttPYeW6eFx4R6joHjXnMtrDAOMu68FsZhwQ2BEEEpuCfPjeWpxxBjzQGWRmHsJbNISoy5pY4g6hSXAiMEIGZMSu2EUJ4y6iTTyLnf2ViKS60sB0pIbRgBQmInNMBUEKE9cpQpJaij3ABDgaCGKOypogZ5B4jHj42V+Wiw7GwydJ+D2DZSPrZAzz7O/86e+MVPXXRnbt6dDNOADR8V4XyspvPudzOycyn/UEYWatZxi/l38rFzHPuxfPRGbr5Qo+l3crJz8/NCTj45jJmM5735wo0X7x8V1GJ25zLbO7aNsFrc3beeafbuXWub422d2dWJPnpJr7ONIMgwJRFR2nkAPDWMEUiExtAaQKykiirpGUXIUQkAQJhqmvJyqIk3nCAIHFXGKEms08gbRQX2RjgmCCOUaMWYgYozQQ0ESAEiudYAOwixRmBbqT5kjv7KfPjVBOh/HF/w/wfPfOU+wAv8H0KKnvB/TiE78P994Dv8/1Oc+gl9gJFbfOIMDw3G1us+x+qhG3cW3ey7I0Ql/RhgU47wud39zAXeHWW1NVxhCjFSGGIOMefEpdSIESqpoR5BYIwRjmum08gFBORGOAMAZgpbnTImy6RAkEMJHUKAaq8NEtICTQj3mEnEsEHICAoQw1xCaxkQHvJPbeOHjxl9ZJRP7cAPBvqdG+kvAr2n2DhjGJOeYsuUs85JrRzkhEhpoTNWKIWE5FwjTxUkCCIkFVaAS4WFER55rRjS1HKitUnppnHOMw0dMlQABLxH3hmKOLCKKsohpJZhiYg4BPrfHV/E/8cV8RXf8UL8p4Dgp/EfY3yI//vAd+L/A4//CeH/SRchaxbeHU/v9FeiP+TiB4K/Js4JwCwRBFujIbYWeMuA91IKD7XRyGDLkTSKSYCFsFw6CbkjFlLACAcOcmkU9UJRwYHThCOGoTOCcqYk95gYgL1TWEDpLOdOA4kUplRrjL8M/uZuvpiMHme015kvJjP3OekoezdXna2Zc/VC9NC3PcrOF2pxt7VeYBa9pft85W7WS5PvX3XfH/2yC383NL3J+yU8NrPF8dSNvmJMgcHLxiSUYGg0RJ4jKK1DhggJIAQaOuIQBIAIBqzBRiourCOWCi4MswBjpxFTBDoKMZGAOcW84VSnH5ZKYQHd0n8KiXWMsdS60DmgATMMKqy49XoXYxa2RngNc87cYDLbxScJs0ZYagTQSmrBlcIOA81T0xDOIOBOE6u9SttUBqAxwIDU9ayRGgEHkRbSAI8EQthR4QWg0jmIoXKWcIINs5JjqRQXXDjnMAFeWYlx2tuSahcz1tIf/xpWXMzu5gtn339SFr5iTcwZ+4Eq7j3miBLElWJQOUWZAcpiLLCFjkukLESaQgwowwRJSZmzQDvAMLKMIYix4EZQaxEV0pDtcIPjjklJBAdQIwaltAhgBxAjXDuEiUXWc6yAJfT5mNlirt73xgs3GznbUwv3Hnyn5jEJX/6NHGLKBGREaaMcNwwI6jzmSmIkvEKWQSAJRFxxySzEyGNutcSMEU2JIgY5aqnBhmImvdVEU+Cx0BYQD7CjEkJjpYYGMAGREM5Yp50yVgMMGGO7uEz9KngVh5mr90On/PdMKfDLpsRCEeSkcZYpoDlDRhmpCaXQMQA0B0I4BkhaSa21UBNtmdNQE4ChF95gp+B2GJAKgbynwhJgBJUcCUCwhsIr6DFx0kFLIAfQecwMR0IYTRGUv4kpt/XuO6YEP1DzPFbWYaMRMwA7Zij22mrtKBIWKywFkhJh4DDHyApqqJKEUy4VhBYAjljac3Dap3VLcKqMFGk5ACcEkNRhDiy0xhlqPBbcQ+8NANxALZH0AO4UyHY25b/Rcdt5VPOLjptwSGqmjVASKu6QZ8g7YizG2gBrpAEaSWeENwAJSJREzgsMCGZEUmYQAQQZarC1Lm17DcMKGkcoRUp57y3wCACBodcAUSY4YkhQxAXHTjkC1KHj9j+BR/2/n6T+/0f6PwXw0P/bBw76/0H//x2MddD/D/r/Qf8/6P8H/f+g/x+wPzzi/z9J/f+P9H9M+YH/7wMH/f+g/x/0//9dPIr/H6vh67/j31//wxACh/U/+8Dz8j+5VKuSU9bN5sfg5DV0lKemefIJEGVf+EKaQOEfR6t9GOCh/Pfxrt8QkJOjqVp0//yKI/xqDe34qRiY+dXW+udhH8X+Ev9H9Mn8LwwZOoz/7wX/ShFGxXLlKBfV6uVCORfUo21qJi6Xw/UmlwtaZ50gKYdBp3xd7aOSb4NatX6LznChDE67hXiRDO/WIMl12uWzyU150wdRkJSTTJyPLuIgKQbwOsp144Iuyn67maxK/cCEnUojDOJ6oVEbGlztNAqVsBwN72yxsdbNxkA1CyBzUw9cIQHrSj3AcT5axfXqJq5XVCEBm0r+UxpK0+J8sMr3g/j+wZN62FwtM21UmMc1kpSCdr5RreajVeP6plUB5UKtXr0Kr1UTDg2udXUrnOqRSZr1oB52zG130L+4rJbDTNjpfPwSh2FSyQXBlTs/H12zE7ai15M3Cs1kw7ftPJHJzWx+s+n6vIhNB5yNRiuteebuFiZnpnmZi27OWvNx69bBeqtxdT5cw7vB8GZYKZRuLy5arQmaJCofXKTZL1VFGHgRhUGcy4QkSErVdr5RAxdh2I4KpQkdmeJJwmByPcwVlvNukis1eWE9nsahSI1ty0m1HYcqKETtSiYuFHUAdNI7E2fL66h91bs5Oeld0zhsb28+rUbhSVKN42BSzOXmxaB6XQiTuHz//baYuYqJTLMSABPEUTVXzuObMmoOYb775uLGRWs5rujxaFwTpWB9wS9mN63WeILp5WbYDHphPyOGQ9e5zWM6FlC3J7paQJVly50Orb2Km+WzpOKvi9NO7aL655+Zre9Flfwzf/zVVeUfiZf432tMBnyZ//Gn/A9QcuB/+wDk9Jv871dPBD1+NqX1QABfG/so9pf4H+HsKf8Dh/Vf+8EL/C93kc/lAose+F/5dEZZLezHIzB5xvd8P9qSiJTuhd04n2k0KmFci5OoumVf5SiZ5tvN1fRmJNd6NOzGtXZSuGdmpSiB9XaTdGrj064eVaYGVZaZRzecRgmAlXynU28W1go1QLlQAXGVJPn767UouYaVTRlX8tFNHJptLjK5blytF4d3ttXp1EYS6lGta4vDpe4/I5Yw3gzVNq3/OS2TJsYlssrng7N7ZtmuB7BRr9ajehxG99Q2jM+qqDBXzZulGdFpux4147B6n4NwFVeuUeGuHN2s203aV61KX28+35CrxZVKvUrKEeya0WJoc2HdPuLNmagWFyp1s65sqqtiPWg98NsoWk31uEHK0c3SNumg3apNNSI/QmFrkYz4NMyfzheDQpS7mK/quMIdndRXN2ySvyq5aNDtnFUr4XRzEmQWZ91KeNO5otCVG5vpoAujrh/F/cpFJUymV/PCcmx7w2o0AddJdfMVChtU20nU2VLYelAtnYRBJwk7Kessh0E9sPd/QKJCp3pd6Mp+X5OLq7XmC/YmQi06yBQCMJly8dTj8lfVIKl1yt3gcj12+cXpWi+xUZuoULZYo3G+8yZk03qxmzlPbskpa70pVrrToBcFi+5N6XbeHqzEG0jql6XGbbODT+u5XiFXbFjGqp1lJTeqzGQdfIeR/gOaoxf53yusYniR/5Fn/I9hfuB/+wBk/Nv87xevYDn+tAbnH1DRflPso9hf4H8AMfSU/1FOD/xvH3jE/y6vw/Ny7ugsan+kf4VBEiXt0scGNxdUPzW++aBq8tVOEFHd6faa+Xn7DJBottg0T4uD8USd+NVkkekvm1XZAqPromuLxeyS9K8Gy+t5rtfIjy99cLpsTeEibmyu6VmxfTYtq5Nqe6Y71H0xDPQ0W7/aYv8svNT+v8aStBfbfw6ejf8gemj/9wEovq3//erliMffXmF5iAKvhH0U+4v6H3um/0F0mP+3F7yk/4F6Lhe0ep/0v+b6HOi5ZufjsAHG6rxRWXXFrOL6jflz/e/sG/pfoR9cP+h/+cf6X+F0qXE1KXVNJe5fJ5nKJljF9QjE9WjTTBM318lDWqUfbZr9IHk0BnQWJY25RpWuzkcuDpNiJn1zsIobjWJjY3Ph9TWIOldNCm5ap4ubZm3abtWG3+M5mQeiA+XVan0WVfqjy9kc9MnyjeO3jcG0fDk6nzXhFF20XJu1LpbuRHbsOgTziEEkZpnVcnTKG1Heny7A8GrIkxmvxpeR65c6UUlVSFxqJ/n7sZHL+7GRaj7oRMU4jLfqXOa0+jVp7l7ni5KtdFeIgzgMvPhSJ4zalbhQ1Jmva39PhMLSOCiWTxYXvFoqNza8eFVZiLy/Jn7kMg9C4DMdMOqe350VzwphbeLzN6WSO69eX5uzZFyfTQY3J3UyOS/BN5UMlqu7oBcsl3VxUeWW322a5HaxMmHT8PaJnJJCDYf5kRttQlUoj007OeiAe8JL/O81dlZ5efzn2fwvCg76314AGfsm//vVu+ocP2wLdGB7Pw37KPb/YPyHkMP4z16w4/hPvpG0bge4qzuzSfGuVzjBC7FpgdWKUpLZzJpX7hJW9CggvN4vtt70JMVLeJJzjdvecno+mE82d6DE18XKOS40MZzerNddehEcxn/2hRfb/1fYdunF9v/Z/B/COT60//vA9+b//Oott46f7R52qPyvjX0U+wvtP0fs+fyfw/6f+8Hf2e3Yan275jOrptNhz6hFbzI+WY7tsXXL44f9tR5qY2qFN2ll/H8fFzn+CY5h9m12MZx05tl3//f3dpVm8LCRQ/Zd9qoUoPfbHRw+bstw5tbZd39nZyoJ1ws3z77L7qo17SI1Zd9mB26ddwvVG6Z5uTwrt95HufxV8P4SUfb+qhR8zP1SDXu2MJmlmU/dZpF9l0UA0X8B/miNqzgWiEqAkOQ32Q8f3maHk07Zpn8zcOv0P1lwEtCaDRFr3J5saO7iTW42umWYi83VqOemt1Uj+RtXX9Ii+DP74cNfb7PGzRY9nxaNC+4W3dS0PXdv7fmd7juzSJ8/mXXUuLfZll/2Xfa8N75bHRUmd2N7n/Th/kG5ruqN0/sfPfX+WY9LZMfJX7vO/dp16teuM792nfi167yvXad97Trra9dJX7vO+dp1ytcuM76yH/768EO1nb7D8ib7NuvG9v4ie3bxvvr+9OD4vY7YLv2w/QfHUr7VAKPB4kpVG2JhCgM/wpv6ipTbiNyd44sbMSSDRhQIRD4Gx08bvfx4aBxOjBpm32bNZDSajCtqlLZ+dTdfHNWvgqPaZLL4d4PlTiuldl0otes6qV2XSe26SmrXRVK7rpHadYnUriuk/p0FUtkPb5/53i4q3a4i3a4a3a4S3a4K3a4C3a763K7y3K7q3H8izn3NB4cpWazffvLB4KQ8AWR0GlM+bzQv6/11W7Z0M6n2B7/CByff8MFPhCxYxZXHPng9kkubD2/Scg7X9/ZNy/3B1kESlQJQDsLSvLUUbHWZzJOb0ugKbKJp0iqviizZhPrWkt6b3CxuquLiQi2vS1eDU1HOL2stka+hhV6fTubVljyzPbbOLev2JHBhgXUGxX61HwZxQLZ+kL/3o9RWYdgPLrfxrxbfx796kE/9Mg7B/b2dajMMazQJe5e8fgfCdcG8WQ362gcYXpTouJ8S2od4nfpypRzkw0JKkobtwSjRMx3K4e28US6uxvXcfFlbNa/MaMRO+p5VTkSEbpf961w5H1cGzfOTN+Zm0iovSa9dMWctEp/7uDzA0VXbjlYJnhB5HZV/mFDhdxA/JlSYfEEf0osfPvx12Evm1fDS+O9rbP798vjvM/0XkcP4717wvf0/fvXG78dPd7A/DP++OvZR7C/N/4P42fgvxof9P/aCl+b/7cLq9jL/77u8LrMrscvsyuwyu1K7zK7cLrMrucu8xO4OU/X+e/E8/r/+ERAvxP+vnf8HOTnE/33gcP7f4fy/o8P5f4fz/w7n/x3O//tNDq07nP93OP/vcP7f4fy/A34+Hvf/HqZR7Pn8dwif7v8LOUWH/t9e8L3+36fzk372ASBfnDzztWYK/gDfxoh6JxxzyBhNuWLAMeCAwdgqzQSGwgnBmHSOeY0ptqkTcg04RloaArnCnGBkBFFYGwQxFYZ4LBGmXjvFEVeGSie0NwoKSLkyTmBIoE+fZ9yrHQCy85lUX7QjREiBjLdWCSSYg5Bvz+8QTkpMEfdIUwSMB0Y4AanCmgKrOKDCW2wcJlxzybDDEDgGMUaIIs8EZVwwSZAjFknlIMaaaaQk1IJRrbilRnpKNXCHduSAAw444LfE/w8AAP//aH82JwCcAAA=` // This is valid base64 (hello world), but should not be able to gunzip // untar. invalidRepository = []byte(`aGVsbG8gd29ybGQK`) // TUF Root json, generated via scaffolding - rootJSON = `ewogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgInNwZWNfdmVyc2lvbiI6ICIxLjAiLAogICJ2ZXJzaW9uIjogMSwKICAiZXhwaXJlcyI6ICIyMDI1LTA2LTIwVDEwOjA3OjIzWiIsCiAgImtleXMiOiB7CiAgICIxOGRhNDVlN2Y5ZmY5NTRiNzJmMTliNGViZDczNmU4OGI2NjhjMjNkZjRkZWM0ZTU4ZjZhMDM3MWFmOWJiMzY2IjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICI2OWIzOWRlOTY3NGRlYjc3N2VhNTgwMmYwMjU5MmUzYTg3YzRiZDNhMDEwZTRkMWM5OGU1M2FkMjdjOTBjNGI4IgogICAgfQogICB9LAogICAiNmUzMTk3M2RkMjU1ZGM5MWRjYTgwOGU0MzcxZjNlY2EyMjM2OTBkNjJhZWFmYmE0MmQxNGIwM2YzODYzOTMwOCI6IHsKICAgICJrZXl0eXBlIjogImVkMjU1MTkiLAogICAgInNjaGVtZSI6ICJlZDI1NTE5IiwKICAgICJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCiAgICAgInNoYTI1NiIsCiAgICAgInNoYTUxMiIKICAgIF0sCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiYzc0NGVhODUzNjg5Yjg5YzYyZjBmMDZjYjgyOGE4OTVhYTQ3ODZlOTEzZWE3ZmE5Y2NhYzRkODgxZDcxYmJmZSIKICAgIH0KICAgfSwKICAgIjZlNWI3NzUzNmMwMjhjMWZiYzIwNGRjYjRlOTczMjZjZWRkNjY5YmZiNDVmOTlkYTdmYjRmMjYyNThhMDM5ODYiOiB7CiAgICAia2V5dHlwZSI6ICJlZDI1NTE5IiwKICAgICJzY2hlbWUiOiAiZWQyNTUxOSIsCiAgICAia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwogICAgICJzaGEyNTYiLAogICAgICJzaGE1MTIiCiAgICBdLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogImU0ODA1NGYxYzhmYzQzNDUxY2E2NmU4ZmE1MjQ4NzA5YzYyYThmZjM5ZGU4ZjliYjIxZGRiOGM2YTM3YzcyZWQiCiAgICB9CiAgIH0sCiAgICJkNmY0MTc0Zjk1YjM3YWEyYTBmOGIxZWM1NGRmOWQwY2NmZWQ4MjQzMzEyZDE5ZjIxYWM1OWFkNTAxYmM2YTZiIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICIwY2I5MzFjNTAzY2EzYjBjNjRjN2E3Mzc3Mzc3YWYzYTgwMjA2ZTk2Yzc5NGY4NTA5NzkzOTk0YTE5MGEzYzMzIgogICAgfQogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiNmU1Yjc3NTM2YzAyOGMxZmJjMjA0ZGNiNGU5NzMyNmNlZGQ2NjliZmI0NWY5OWRhN2ZiNGYyNjI1OGEwMzk4NiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAic25hcHNob3QiOiB7CiAgICAia2V5aWRzIjogWwogICAgICJkNmY0MTc0Zjk1YjM3YWEyYTBmOGIxZWM1NGRmOWQwY2NmZWQ4MjQzMzEyZDE5ZjIxYWM1OWFkNTAxYmM2YTZiIgogICAgXSwKICAgICJ0aHJlc2hvbGQiOiAxCiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiMThkYTQ1ZTdmOWZmOTU0YjcyZjE5YjRlYmQ3MzZlODhiNjY4YzIzZGY0ZGVjNGU1OGY2YTAzNzFhZjliYjM2NiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAidGltZXN0YW1wIjogewogICAgImtleWlkcyI6IFsKICAgICAiNmUzMTk3M2RkMjU1ZGM5MWRjYTgwOGU0MzcxZjNlY2EyMjM2OTBkNjJhZWFmYmE0MmQxNGIwM2YzODYzOTMwOCIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9CiAgfSwKICAiY29uc2lzdGVudF9zbmFwc2hvdCI6IHRydWUKIH0sCiAic2lnbmF0dXJlcyI6IFsKICB7CiAgICJrZXlpZCI6ICI2ZTViNzc1MzZjMDI4YzFmYmMyMDRkY2I0ZTk3MzI2Y2VkZDY2OWJmYjQ1Zjk5ZGE3ZmI0ZjI2MjU4YTAzOTg2IiwKICAgInNpZyI6ICJmM2IyMjMwNTk2ZmUzZTU1MzA2OTJmMGY4NGQxMjIxZjQ2YzhhMGRmODQzMGI5OTVjMjZkMjFkYzI3YTY5YTM5ZmQwNWE1MjMzMDBjNTE5ZWVhYzAzNmFkZDNlYmZkOTM3YmY3MjM1ZTcwNjU5YWMyMDgyYzhlYzQ4NTI5ZmYwMCIKICB9CiBdCn0=` + // IMPORTANT: The next expiration is on '2026-01-01T11:46:29Z' + // Steps to generate: + // 1. cgit clone github.com/sigstore/scaffolding + // 2. run ./hack/setup-kind.sh + // 3. export KO_DOCKER_REPO=registry.local:5001/sigstore + // 4. run ./hack/setup-scaffolding.sh + // 5. get the secrets from the kind cluster + // kubectl get secrets -o yaml -n tuf-system tuf-root + rootJSON = `ewogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgInNwZWNfdmVyc2lvbiI6ICIxLjAiLAogICJ2ZXJzaW9uIjogMSwKICAiZXhwaXJlcyI6ICIyMDI2LTAxLTAxVDExOjQ2OjI5WiIsCiAgImtleXMiOiB7CiAgICIwZjhjNWYzNmZiNDMwNzEyMmZiNzk3MGUyMjRiNGUwODY0ZjRhZmE0ZTRmNjM0YmU3Nzg4ZTllYmQ5ZjI2Nzg1IjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICIzMWQ1MzNiMDJlNTgyNGI1NDEwYmNmMjI4NGZlNzVkMmZiNjdhMTA4Y2I1ZTdkNjhmOTc1YzljOWM1ODYyYzVjIgogICAgfQogICB9LAogICAiOTE4MmI1ODVlNzFiOTVmMDA1YzIyZWNkYjQwN2QxMDY5YTlkMjdiOGMzZmFmMzBmMmUxZmM5NTRhNWFkOWNmNiI6IHsKICAgICJrZXl0eXBlIjogImVkMjU1MTkiLAogICAgInNjaGVtZSI6ICJlZDI1NTE5IiwKICAgICJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCiAgICAgInNoYTI1NiIsCiAgICAgInNoYTUxMiIKICAgIF0sCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiZTcxN2Y2NDY0YzMwYWFmMzVhOWE3MzgwY2M4NTkzNjRhNmMxNDgyOGRmNGE4MjJhNWRmYzA5ZTdjODJkMWIxZCIKICAgIH0KICAgfSwKICAgImU4YzZiMWQyMzA3NmYyOThhMTJjOTA4ZDlhODU3ZDFkZWU3MTI3NWQ1ZDdhNmVlOTQ2YTIzM2U4MzEwZjI3NmEiOiB7CiAgICAia2V5dHlwZSI6ICJlZDI1NTE5IiwKICAgICJzY2hlbWUiOiAiZWQyNTUxOSIsCiAgICAia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwogICAgICJzaGEyNTYiLAogICAgICJzaGE1MTIiCiAgICBdLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogIjU0Y2FlMzk2MzFjYmFiYmZmM2RlYjhmMzQ1ZjczMGU3ZmI3YjhkOGNlMTY3ZWZiOGNlMzg3YzQxMTIxOTg3ZjQiCiAgICB9CiAgIH0sCiAgICJmNWYzMTMzYjcwMzljYTMzZjk2ZDI5OTMzN2Q1ZTQyNWVhNzk4MzIyMDEzNjY5OWJlODhhZjU2NWU5NmIyZWVhIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICJhNzliYWQ3MGE4OWJjNjQwODkzZThiMDM1ODQ4YmYyZTU2YWE4NWU1N2MwYzUwODVjNGEzZjVhNWMyZmUwNGYzIgogICAgfQogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiZThjNmIxZDIzMDc2ZjI5OGExMmM5MDhkOWE4NTdkMWRlZTcxMjc1ZDVkN2E2ZWU5NDZhMjMzZTgzMTBmMjc2YSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAic25hcHNob3QiOiB7CiAgICAia2V5aWRzIjogWwogICAgICJmNWYzMTMzYjcwMzljYTMzZjk2ZDI5OTMzN2Q1ZTQyNWVhNzk4MzIyMDEzNjY5OWJlODhhZjU2NWU5NmIyZWVhIgogICAgXSwKICAgICJ0aHJlc2hvbGQiOiAxCiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiOTE4MmI1ODVlNzFiOTVmMDA1YzIyZWNkYjQwN2QxMDY5YTlkMjdiOGMzZmFmMzBmMmUxZmM5NTRhNWFkOWNmNiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAidGltZXN0YW1wIjogewogICAgImtleWlkcyI6IFsKICAgICAiMGY4YzVmMzZmYjQzMDcxMjJmYjc5NzBlMjI0YjRlMDg2NGY0YWZhNGU0ZjYzNGJlNzc4OGU5ZWJkOWYyNjc4NSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9CiAgfSwKICAiY29uc2lzdGVudF9zbmFwc2hvdCI6IHRydWUKIH0sCiAic2lnbmF0dXJlcyI6IFsKICB7CiAgICJrZXlpZCI6ICJlOGM2YjFkMjMwNzZmMjk4YTEyYzkwOGQ5YTg1N2QxZGVlNzEyNzVkNWQ3YTZlZTk0NmEyMzNlODMxMGYyNzZhIiwKICAgInNpZyI6ICI1MmM2YTkyNGFiZWYwMGY1YzY2NDE0OGIzMWRjMDRkOTVhNWE5ZjY1MjJlNTkwMDAyMzViNTAxNDUxYjRmYzc0MjEwZTVhY2NhOTRkZWIyZmNhNTgzZmM4ZTY4NDY0NTRiYTY2YzFhNzY4NWMxMDJhMDQ5N2JiMDNlMTEzYjIwMyIKICB9CiBdCn0=` ) func TestTrustRootValidation(t *testing.T) { diff --git a/pkg/tuf/repo_test.go b/pkg/tuf/repo_test.go index 56ca7956..05465497 100644 --- a/pkg/tuf/repo_test.go +++ b/pkg/tuf/repo_test.go @@ -68,10 +68,17 @@ N6mY2prOeaBRV2dnsJzC94hOxkM5pSp9nbAK1TBOI45fOOPsH2rSR++HrA== // validRepository is a valid tar/gzipped repository representing an air-gap // TUF repository. - validRepository = `H4sIAAAAAAAA/+x9WVMbydK2r/UrCN3iA7Uv/mIuurUDLZCsBXFiwlGrFrSh1sqE//sXLcBgsJHPCMt+Z/SEw6DqpruUVZX5VGVm1cSNR3F3Opqs3v00AAAAp/QdgJxzTh5/PuIdJBxDRADH+B2AhFLw7oD+vCo9YhZP1eQdAMPRcDIaTb9736brD1/k4ef/ETy2/zE8Sr7gUS8eDd/2HYk8GCHfa3+CAHzW/owR+O5gJ0L8l7f/X6mDdNxtD51Nfzj4K3VwkP40XY1d+sNBOvm66fdJUTx25tPcTeLuaJhcgUfg7sJjGVx/dstxd+Li5B4EEP0PYP9BoAbBB8A/IHx190fXbhXfv+wgDYVVhDrupfeSEs2Rh1ITpy3HzAmhGRMGYeuJdYY4KjxTAHOovNQaM/bwoPVjH2ruLKIUyvXrkuqbjht868K1W3Xtp46KO59Uvz2adKedQVK1/64vH6TjjkKU3d+9/kghSq8//fn4iLnqf6nFQXo80/2uSV7GpMbSOsk4sU5zzp2iAiAPEJXIYSW4IdpiBSBwxEIjhaNYWcSNBIZocfeiz8n/n9dvSzOHoeTYJt/CGgmtUQIIRzCHHjujEMJMAsuQcsprRZCFRAPssWBYYiB+Y2EZTohTgmImpBbSMOSBB8xogYQSkipFuGBOQuwU90oaowyxQkDLodbefUtYVHNOMTMACQO9NggQazRxkmPEjLOWMam9JtRLaRX3mnjEEBUKYCl+557liACUeGiENwQTCo1izAmvKCKCg0R6Snif9D6RjBMErdXCMIW54cjZl8KyzBPIiZdUY64UUsALDZ2hxHppgTHeWYEIxhBZKD2CylCpLAVQG6aY/o2FBYyWGBoKsFFYA8OI4YpjnvxTHisBEGBOMsMl8YICySWWkigogcIG46fCSt0LLD0Z9d2jEltryqcS6Nqn9d+6J371VaediYs7o36isOGTJoyHahx3Xq3I1q38QxWZqknbTeNX6rG10v+xenQHLp6qwfjVptlSo26oyZcOY0bDuBtP3XD66UlDTSczl1rfsTbCajq7s55J9e661rrGa2uybSe67yXddvI0jzVCGFDJvMOOUgyYTDSuIBYiBD1hRihgvSAYaCmpQcwiaA3iikmFpbeAKoowBsBQKJ1TBmCmrMVOeysx154jTB0HjEplEBDICGeIoEh6D0Ait8+pgz9Tn381AfqX4yv+/9Az33gOsIH/Q0jRM/7PKeR7/r8LvML/v+ipnzAHGLip+mI+7w3Gutc96uq+G7annfSHA0QlvVewCUd4tLuPXCB5l/dOIwAlsdAziDBwgjBmmXUSqUSZKcEdlZZJwqW0DAMMnTTEAwAQ4EAAb4FFSHGFNdOECc6tpE54T6inilMEJMaCKmSdUNQYqLCziV1kWN7bpM/3FX0ilC924AcV/dZG+itFTwWBzCDNOOdWUcmJQQA4ZyF0yFJDKE3qjyzDyFMlKJReIEmkExQ4R5SnxnKBKVdSJfxIcAogFYAjqbwACiiHDIQcUmapx5JZ6wSVSisiHYB7Rf974yv9/3QgvuE7Nuh/Cgh+rv8xJnv9vwu8ov8fePxPUP/PpghpM/XuaDzT39D+kIsfUP4Oc+adRVJgAYl3SEDIhISKGWIBcgBQDwW2hDIsEGCQEGKZog5ZhRGW1BoFhXaYa0wM5YAR6Il2miINKVTSWeAVEMoIRixhTlCkICROIW81/lr5m1k8HQ2eVrTbjqejiXssOkjPYtVeizlTy+ce5rYH6XiqprO19AIz7c7d45XZpJsU373qbj761RTez/qmO/o0h0dmMj0au8E3hCkQ2yxMQqBWlnFFSKLLCVRMQE8ZZwp6xLk1AgAtMcGUEi8hFEQpjx0XVGFkGHdSOM2VQ5QY6ZTCGEtjtCdEY+Qg0BJACJFDBCMoLeXaAQmAYxpz6ck2wsyvhfAW4py469Fkmz6pudXWESgRR44rKK1ObDGCxEmMkeTcUC200Nw6TgHTziBrvCPGGCCMlo4RSIWDXmsLlbWGIY0ZUoZCpQU2SHCiENUUGMIgZwYbCwxeO1ugNtuIsZp8+beQ4nQyi6fOfvriWfiGNDFnaLM4rQJUaqQFQx57ZThHzgrhrSAaW+YUgoJyRKBgiiBiAUdYQUPWq6tEIG0k1gAbaICyQErpAPLrlVgpmLJScYwR9IAQzQwGXkFBCaaIE+elJuTlmtk0Vp+6w6mbDJztqqn7BF4ZeUzCzd9ROq0YlprRpB2dgpJip5kkjmIAKMeCWIu0EVQCr4ECFGmmgSQQaAgMdZIrybV0jktGPJGeasggYMYri4FVhBivgCRAYQP8msfhRD9ixCyHfJsuU/sYvEmHidWnvlP+NVEK/AOi1BpoAbSgXhCKudCSCUuVwMwiDLwmVFuAvZVCMcm1EVwKBAR2yhpssIXGCC+cVIRJIA0AGHhEIdPCE64FlMmMwHHgoIaQYMG4V8it+xvByv0molyPu1dECX7AHlDrHIWKUYMkp0xSpqlT0EhlCBGWAwyA5ARa5ykA1hvhGQOOCAW4TfqgsN4mUy5HoUdQE+858cRBQozmQHOnKANWOyAUU9ZIbKwmxBBkrHd6K3uwtSj/h4nb1quaX03crLMIMWOVkRgQyi3yzGirPQZKcAyIow5gx5UniDDjKTKMOAkoRoDxxCIgz5TlCdNxGHJiEiXpFRcKQGol4A4bZy33mihoESEKaCKFBdogBOx+4vavwJP530/y/v8t/z8FaD//2wX2/v+9//93ENbe/7/3/+/9/3v//97/v/f/77E7POH/P8n7/7f8/5iBPf/fBfb+/73/f+////fiif6/H4Zv/47/Pf+HIQT3+T+7wMv2P75Qy6JT1k3iI3D8Fp7156J59hMgwr7qC0kBg+8OlrsQwEP77+JdvyEgYwdjNe388Y2O8KujKo4ewkJSv1pK/1zspNlf5/8AsWf8HwPG9/l/O8F/EoS5Qql8cFEPz0qZg9Nca12YivLXi9yiVTwdXZVueyATVFql+9+zQcVkK+0g59xgcgM7zTjMTupdNtA10FzJxRVf9H0qboCWizUg3d55eWTqo1XhapCtyMvzWj5TDqeynfXFRf4C8JurxUkfT7Lqtn2a7561//gjta5Drpx9Ua1fLbF/FjbZ/7cIBtto/yl/Zv8pRGRv/3cByOl37f+vDgQ8ehHSuB/8b41dNPum9T/Cn9t/iCnd2/9d4In9z+SqtVK+lAlquXsCUCplyr1MJrCoHSxKYdAulcqt3BjF5WIzriwy7S+EIBcsSgvfy0VRMCoEsJ4LO1E21WiUw6gaLXKVVrZRqZRyi3G21VyOrwZypQf9TlRtLfLB+loxt4C1VpO0q8OTjh6UxwaV56knN5zkFgCWs+12rZlfKdQApXwZRBWyyN5dr+YWdVi+LeFyNncVhWZdi1SmE1Vqhf7MXrbb1YGEelDt2EJ/rnuByy/AqpzNraJesIyyASpn82pdVnssSyWFUZEss9ngNGyXG2HQqgWwUavUcrUozK3fkgmj0wrKx6p5NTcDOm7Vcs0orNzVIFxG5TrKz0q5q1WrSXvqstzTt483ZKpRuVyrkFIOdsxg2reZsGazufMoWNw9IFeN8uWaWZVvK8tCLbi8q8Wolsstx3rYIKXc1dw26XXrsjrWiCyataAWts1N57p3flEphamw3b7/EIXhopwJgspFLW6G3PcrozzNNDK9BoDwzLcOdfWyF5zPRNG1u4VDmNGzTjBMHePZKR3ekIy7mUM8XM4bs1N0WG4qcpqdtC5vztwNB4eRH4H6onIbnCc1LFZEGHiRC4MokwoqrUWu3co2qqAWVIrHYdBehO1ceJx0qlpg7/6A5PLtSp2M/GV8jj+WDk3tJMRhsdlepU5uitkovn7e47LVRbCoBqV2WNeud3PuLSaVfP+mOw/7oHiR7R4WivHNeEVTo2m+GlwW6ysRZ0r50aqZj0sKB9mJGjdbTEFYmTameDm0U3J8yautk/NjCH2fPdLQF6PjV4/ct8Em/vcWwZ+b+d/z9R+KKdrzv10AcvJd/verA3+Pnkcw/0PG3O+EXTT7Jv4HMXvB//g+/nMn2MD/wn42kwlqNw/8r66btdvVKAouPzYzpeOYlKPGpHWIK71m6wUfTJ0+4TGZTpTXBdlrNRfLfC+o39GYqJZtVPsGV9qNfDks5U/mGlcWxY4pR73KMhX1SouoFiyiXoCaSeFtZflQVr4NULMXjJ5wwNPcohFrVO7o7B3BSiVvDpZRuVFo3NpMWK+DXLs+kHObDa+iMCqEq5vCx4jIoJ0rZDL3vy9yxQCUgvAsW06NCnMSBTE5Bp1T0ldm2AtvOuGy2Juw0/bN0nWLpVNwblm52q4cH7rGqn1YGMv5bf0ij6fjy1GqfXHcqJDckub6g8YksGfDQq/SC4MoIIlcbHaR8KBKIrAw7AUXay5Uje7IUy3IphLCFIXg7uZ2pRmGtZNst1ybwJ6+6BfH3cnF4bR7Ct2KfES3CUt9oHuVbNAul1JBNswH3Vww757XT4BAzK7mYnxdJNeFfnuaGdaLPicBREOznLavW322aGdKubN2D+v4FCxuU4XCNa5GlYZr8GYnuMixyvKytmiVLvPt/vlV6eb7JOlX9+49NmET/3uLPKq/wf8I3vv/doLX+N+vzqE7ep4MuOd/b46dNPsG/ocofs7/yD7/ZzfYxP9ua5lMcHn6hf9lWyjXRpPRddmNIp+dd6fTVb/Zsdf93Ev+F32H/xV7gXngf/mn/C/Xn9lCY6WbjWvVzIPUVe3FMh2IslcqvwC30e2XMpyURdlgme0F0cP6WNhczlMtlI+jKlkU7whiNrds1K8uy6CUr9YqH8O6asK+wdWOvgzHemB+ZPGs2oEje128PYxWccacr855NtDtixt9CD3lrfPZ5Tg/m/bwzOXp9CoVYXLeNr0sr2d6pHJRbc67dpmfLHF51elVAIp5dlYtDW9GaLRQ2W8snoUkWBQr68Wz8zBs5fIXJ93Dck1bvZjFzUn/LFqOl9KKa9coRKFY88TSotKKQhXkz66vUuGh8T3SbbcmnYzxq2VxiMaTy3InClvrm08qawa6XrrNZOJCUKnnw0VUuvt8U0glpDipSgCugyjXypQqGUm6zVHUiqg7Xl7Nx/MKXWSZPS7nC73D7HKcbZPLk2omzlzOKqVOKiitLtlsMMvP4ktYOkZxKy+uJ3YZUTOonbLo5BiMBqvVTX1AXllx+9VD5R+JjfzvDbYk2Mj/OHjh/8Vgz/92AShe4X+/eDuKo+/vsLFngm+EXTT7Rv7HXvC/dfzHnv/9fGzif2DN/7pf+F9lXji1pDXM1a/PRLXj67fzj3JxeBvPS79m/W/xnfU/F4WLL+t/jafrfx+bFFxdnkyvmtVx67Lafy3OLfUQ6Baf68LoY/Hq+LR+Lk47F8dx5RYfrqZZddNYzGdzcOsug9NZHna7bV0T9dVHZqM2LadcCwZNdEEKnUIEQLZ9Vu93cbZcmgzAiVJlEhVbi+ydb/TizjdayQbtXCEKozU7S51UvkXN7nhe7m7xMB8F6wXDr3ni2fVVQv1S3+Z+z4hidH1egufzZjk+rLvBaXzMUGnS4GedM516IIKPPNAEUa6SKWWudT2EJrZuBMJeb1DJRdPePDPI3eaak6Dcu+mFtZvzMFU/uT4LumGfZGSzqtjtqb9u0WY8Gg3zxcLlx2HmOFuraymLgVBdEEn4VQDgngf+RGzif2+xi9lG/kdexP8xgvf8bxeAjH+X//3qHeyOvuzBt6d7Pwu7aPYN/O8b8f8IMLznf7vAlvH/pShDw5Oz+fUiHKDhMOpUp/kcr7WoQMepcfEwr+PlCPUvJ1Sumo2rfGd83bsytyflQxTiKxX0ZufH3R6/yl6f9U9OGjwDWhcOVPbx/7vCJvv/Fttubvb/vYz/p/v1n53gtfj/X73l6tGL3WP3g/+tsYtm32D/+Uv7DyFle/u/C/yVXq+t1tZ7fqTVeNzvGjXtjobH86E9sm5+9LC/6sNoTKRwmAzG/3e/ycUf4Aim36en/VE7Tn/471/rXTqCh4280h/SH4sB+rTewet+W65Tt0p/+Cs9UYtwNXVx+kN6W66xDdVIv09fu1XWTVW3n9Tl4rR0+SmXyX4MPl0gyj59LAb3tZ+rftfmR5Ok8km3maY/pBFA5D8QPdnjBB1RLoAESPKr9OfP79P9Ubtkk7+5dqvkl3SnDBqXN9VwSVa4dVGQBRadXYB6rXcjbq6CxmzobetCwj7rBH+kP3/+833auMm065OmccFs2klE23V30o5nuufMNHn+aNJWw+7tuv3SH9Jn3eFseZAfzYb2rujz3YMyHdUdJvc/eerds562yJbJH9vmfmyb+rFt5se2iR/b5n1sm/axbdbHtkkf2+Z8bJvy8XczPtKf//z8QyOdfSDwKv0+7Yb27iJ9cfFu6P50xfhaEvY2Odi7V4zFWoeJhhzIbqk2P1zORmY0Ci9Ub3V8EQb5UrTsqEWcOewHWXOvGL9s8vfjarE/Mqqffp82o8FgNCyrQWL5ai6eHtQ+BgfV0Wj6vyrKraJktg2S2TZGZtsQmW0jZLYNkNk2Pmbb8Jhto2P+l+CY9Of3L/reNh66bR102/rntnXPbeud29Y5t61vblvX3Laeub/jmPtWH9wmS2QHffDVHJFtU0S2zRDZNkFk2/yQbdNDNmWH/DChIh8Ae0qoMP6KPiQXP3/+c7+P4Jvi5frP2x8BsWH951vn/0G+3/9hJ9if/7c//+9gf/7f/vy//fl/+/P/fpND6/bn/+3P/9uf/7c//2+Pn4+n87+HpfQdn/8O4fP8X8gp2s//doLX5n9fzk/62QeAfHXyzLfMFPwBvk0dNZwIB5zzhgPNhJTQe0YdY4R7j7ARRHPFtQXea+U59t4gTAjkzBJjKbIccaEY9RRyZJlxVirttJNYaeiE8MZZDDnEVgpDvLaOIaUoo9Ra/2YHgGx9JtVXdsRQ6ySlhKxvokA6KQgXGiZcOpmjGCQZUQmpFpRYxD3TzBkiFOOcWG2MwwhpA4CSijoMEMQcIqe0VFoByUHCobA0zirjJDXMIS6QVZR4iAHe25E99thjj98S/z8AAP//lDffuwCcAAA=` + validRepository = `H4sIAAAAAAAA/+x9WXPayvb9eeZTuHhNrt3zkH+dBwnEYFvYYMzgX51K9cg8GDACTuW7/0s4Thw7iXMvDsk9l/UQQkuWmt27d6/u1cPMTSfz3mIyW//x0wAAAJzSPwDknHPy+fMz/oAUYMAJRSi9j1DC/ziiPy9Ln3E3X6jZHwCMJ+PZZLL45n0vXX/4IQ+f/yX4XP4n8Dj9gcf9+WT8uu9I7cEI+Vb5EwTgk/JnjIA/jvZixP/x8v87c5Sd9zpjZ7Pvjv7OHB1l3y/WU5d9d5RNf272bZo0nzrzfulm895knF6Bx+D+wuc0uP3uVtPezM3TexBA7F8A/gvAOoTvCHuH5M39Hw3cev7xZUdZ4IWhHjOvCQYcIuQ1lxw4hIgmDghGPFFeEUc8w0Q7zoVw0mkrPWJc0IcHbR/7kHNnEaVQbl+XZt903ehrFwZu3bPvu2refa+Gncmst+iO0qz93/byUXbeVYiyj3dvv1KIsttvf31+xFINP+XiKDu908OeSV+GoaUYa4AcFYhoSiDQxiMkiHecWuQ14woCYTR13DLhJadGGmmoYMhQc/+iD+m/H7Zvy0ookKaCOg61pB4AahByxmoCuIWASSUt4loY7JXHwCMHvZGUKKqsNJ79xsZyHHLPCCMGA6U8pkoqjgUwRlCJGVHMQCKQsJ4ogZCi1hsgHTcCWaihfW4sJwzT0CIMOPNICgWRkUBYqQTlFlrnOEScWmq5Ys5JwhTC2AkMgUecqd/YWJQY5bBkGBqttPYeW6eFx4R6joHjXnMtrDAOMu68FsZhwQ2BEEEpuCfPjeWpxxBjzQGWRmHsJbNISoy5pY4g6hSXAiMEIGZMSu2EUJ4y6iTTyLnf2ViKS60sB0pIbRgBQmInNMBUEKE9cpQpJaij3ABDgaCGKOypogZ5B4jHj42V+Wiw7GwydJ+D2DZSPrZAzz7O/86e+MVPXXRnbt6dDNOADR8V4XyspvPudzOycyn/UEYWatZxi/l38rFzHPuxfPRGbr5Qo+l3crJz8/NCTj45jJmM5735wo0X7x8V1GJ25zLbO7aNsFrc3beeafbuXWub422d2dWJPnpJr7ONIMgwJRFR2nkAPDWMEUiExtAaQKykiirpGUXIUQkAQJhqmvJyqIk3nCAIHFXGKEms08gbRQX2RjgmCCOUaMWYgYozQQ0ESAEiudYAOwixRmBbqT5kjv7KfPjVBOh/HF/w/wfPfOU+wAv8H0KKnvB/TiE78P994Dv8/1Oc+gl9gJFbfOIMDw3G1us+x+qhG3cW3ey7I0Ql/RhgU47wud39zAXeHWW1NVxhCjFSGGIOMefEpdSIESqpoR5BYIwRjmum08gFBORGOAMAZgpbnTImy6RAkEMJHUKAaq8NEtICTQj3mEnEsEHICAoQw1xCaxkQHvJPbeOHjxl9ZJRP7cAPBvqdG+kvAr2n2DhjGJOeYsuUs85JrRzkhEhpoTNWKIWE5FwjTxUkCCIkFVaAS4WFER55rRjS1HKitUnppnHOMw0dMlQABLxH3hmKOLCKKsohpJZhiYg4BPrfHV/E/8cV8RXf8UL8p4Dgp/EfY3yI//vAd+L/A4//CeH/SRchaxbeHU/v9FeiP+TiB4K/Js4JwCwRBFujIbYWeMuA91IKD7XRyGDLkTSKSYCFsFw6CbkjFlLACAcOcmkU9UJRwYHThCOGoTOCcqYk95gYgL1TWEDpLOdOA4kUplRrjL8M/uZuvpiMHme015kvJjP3OekoezdXna2Zc/VC9NC3PcrOF2pxt7VeYBa9pft85W7WS5PvX3XfH/2yC383NL3J+yU8NrPF8dSNvmJMgcHLxiSUYGg0RJ4jKK1DhggJIAQaOuIQBIAIBqzBRiourCOWCi4MswBjpxFTBDoKMZGAOcW84VSnH5ZKYQHd0n8KiXWMsdS60DmgATMMKqy49XoXYxa2RngNc87cYDLbxScJs0ZYagTQSmrBlcIOA81T0xDOIOBOE6u9SttUBqAxwIDU9ayRGgEHkRbSAI8EQthR4QWg0jmIoXKWcIINs5JjqRQXXDjnMAFeWYlx2tuSahcz1tIf/xpWXMzu5gtn339SFr5iTcwZ+4Eq7j3miBLElWJQOUWZAcpiLLCFjkukLESaQgwowwRJSZmzQDvAMLKMIYix4EZQaxEV0pDtcIPjjklJBAdQIwaltAhgBxAjXDuEiUXWc6yAJfT5mNlirt73xgs3GznbUwv3Hnyn5jEJX/6NHGLKBGREaaMcNwwI6jzmSmIkvEKWQSAJRFxxySzEyGNutcSMEU2JIgY5aqnBhmImvdVEU+Cx0BYQD7CjEkJjpYYGMAGREM5Yp50yVgMMGGO7uEz9KngVh5mr90On/PdMKfDLpsRCEeSkcZYpoDlDRhmpCaXQMQA0B0I4BkhaSa21UBNtmdNQE4ChF95gp+B2GJAKgbynwhJgBJUcCUCwhsIr6DFx0kFLIAfQecwMR0IYTRGUv4kpt/XuO6YEP1DzPFbWYaMRMwA7Zij22mrtKBIWKywFkhJh4DDHyApqqJKEUy4VhBYAjljac3Dap3VLcKqMFGk5ACcEkNRhDiy0xhlqPBbcQ+8NANxALZH0AO4UyHY25b/Rcdt5VPOLjptwSGqmjVASKu6QZ8g7YizG2gBrpAEaSWeENwAJSJREzgsMCGZEUmYQAQQZarC1Lm17DcMKGkcoRUp57y3wCACBodcAUSY4YkhQxAXHTjkC1KHj9j+BR/2/n6T+/0f6PwXw0P/bBw76/0H//x2MddD/D/r/Qf8/6P8H/f+g/x+wPzzi/z9J/f+P9H9M+YH/7wMH/f+g/x/0//9dPIr/H6vh67/j31//wxACh/U/+8Dz8j+5VKuSU9bN5sfg5DV0lKemefIJEGVf+EKaQOEfR6t9GOCh/Pfxrt8QkJOjqVp0//yKI/xqDe34qRiY+dXW+udhH8X+Ev9H9Mn8LwwZOoz/7wX/ShFGxXLlKBfV6uVCORfUo21qJi6Xw/UmlwtaZ50gKYdBp3xd7aOSb4NatX6LznChDE67hXiRDO/WIMl12uWzyU150wdRkJSTTJyPLuIgKQbwOsp144Iuyn67maxK/cCEnUojDOJ6oVEbGlztNAqVsBwN72yxsdbNxkA1CyBzUw9cIQHrSj3AcT5axfXqJq5XVCEBm0r+UxpK0+J8sMr3g/j+wZN62FwtM21UmMc1kpSCdr5RreajVeP6plUB5UKtXr0Kr1UTDg2udXUrnOqRSZr1oB52zG130L+4rJbDTNjpfPwSh2FSyQXBlTs/H12zE7ai15M3Cs1kw7ftPJHJzWx+s+n6vIhNB5yNRiuteebuFiZnpnmZi27OWvNx69bBeqtxdT5cw7vB8GZYKZRuLy5arQmaJCofXKTZL1VFGHgRhUGcy4QkSErVdr5RAxdh2I4KpQkdmeJJwmByPcwVlvNukis1eWE9nsahSI1ty0m1HYcqKETtSiYuFHUAdNI7E2fL66h91bs5Oeld0zhsb28+rUbhSVKN42BSzOXmxaB6XQiTuHz//baYuYqJTLMSABPEUTVXzuObMmoOYb775uLGRWs5rujxaFwTpWB9wS9mN63WeILp5WbYDHphPyOGQ9e5zWM6FlC3J7paQJVly50Orb2Km+WzpOKvi9NO7aL655+Zre9Flfwzf/zVVeUfiZf432tMBnyZ//Gn/A9QcuB/+wDk9Jv871dPBD1+NqX1QABfG/so9pf4H+HsKf8Dh/Vf+8EL/C93kc/lAose+F/5dEZZLezHIzB5xvd8P9qSiJTuhd04n2k0KmFci5OoumVf5SiZ5tvN1fRmJNd6NOzGtXZSuGdmpSiB9XaTdGrj064eVaYGVZaZRzecRgmAlXynU28W1go1QLlQAXGVJPn767UouYaVTRlX8tFNHJptLjK5blytF4d3ttXp1EYS6lGta4vDpe4/I5Yw3gzVNq3/OS2TJsYlssrng7N7ZtmuB7BRr9ajehxG99Q2jM+qqDBXzZulGdFpux4147B6n4NwFVeuUeGuHN2s203aV61KX28+35CrxZVKvUrKEeya0WJoc2HdPuLNmagWFyp1s65sqqtiPWg98NsoWk31uEHK0c3SNumg3apNNSI/QmFrkYz4NMyfzheDQpS7mK/quMIdndRXN2ySvyq5aNDtnFUr4XRzEmQWZ91KeNO5otCVG5vpoAujrh/F/cpFJUymV/PCcmx7w2o0AddJdfMVChtU20nU2VLYelAtnYRBJwk7Kessh0E9sPd/QKJCp3pd6Mp+X5OLq7XmC/YmQi06yBQCMJly8dTj8lfVIKl1yt3gcj12+cXpWi+xUZuoULZYo3G+8yZk03qxmzlPbskpa70pVrrToBcFi+5N6XbeHqzEG0jql6XGbbODT+u5XiFXbFjGqp1lJTeqzGQdfIeR/gOaoxf53yusYniR/5Fn/I9hfuB/+wBk/Nv87xevYDn+tAbnH1DRflPso9hf4H8AMfSU/1FOD/xvH3jE/y6vw/Ny7ugsan+kf4VBEiXt0scGNxdUPzW++aBq8tVOEFHd6faa+Xn7DJBottg0T4uD8USd+NVkkekvm1XZAqPromuLxeyS9K8Gy+t5rtfIjy99cLpsTeEibmyu6VmxfTYtq5Nqe6Y71H0xDPQ0W7/aYv8svNT+v8aStBfbfw6ejf8gemj/9wEovq3//erliMffXmF5iAKvhH0U+4v6H3um/0F0mP+3F7yk/4F6Lhe0ep/0v+b6HOi5ZufjsAHG6rxRWXXFrOL6jflz/e/sG/pfoR9cP+h/+cf6X+F0qXE1KXVNJe5fJ5nKJljF9QjE9WjTTBM318lDWqUfbZr9IHk0BnQWJY25RpWuzkcuDpNiJn1zsIobjWJjY3Ph9TWIOldNCm5ap4ubZm3abtWG3+M5mQeiA+XVan0WVfqjy9kc9MnyjeO3jcG0fDk6nzXhFF20XJu1LpbuRHbsOgTziEEkZpnVcnTKG1Heny7A8GrIkxmvxpeR65c6UUlVSFxqJ/n7sZHL+7GRaj7oRMU4jLfqXOa0+jVp7l7ni5KtdFeIgzgMvPhSJ4zalbhQ1Jmva39PhMLSOCiWTxYXvFoqNza8eFVZiLy/Jn7kMg9C4DMdMOqe350VzwphbeLzN6WSO69eX5uzZFyfTQY3J3UyOS/BN5UMlqu7oBcsl3VxUeWW322a5HaxMmHT8PaJnJJCDYf5kRttQlUoj007OeiAe8JL/O81dlZ5efzn2fwvCg76314AGfsm//vVu+ocP2wLdGB7Pw37KPb/YPyHkMP4z16w4/hPvpG0bge4qzuzSfGuVzjBC7FpgdWKUpLZzJpX7hJW9CggvN4vtt70JMVLeJJzjdvecno+mE82d6DE18XKOS40MZzerNddehEcxn/2hRfb/1fYdunF9v/Z/B/COT60//vA9+b//Oott46f7R52qPyvjX0U+wvtP0fs+fyfw/6f+8Hf2e3Yan275jOrptNhz6hFbzI+WY7tsXXL44f9tR5qY2qFN2ll/H8fFzn+CY5h9m12MZx05tl3//f3dpVm8LCRQ/Zd9qoUoPfbHRw+bstw5tbZd39nZyoJ1ws3z77L7qo17SI1Zd9mB26ddwvVG6Z5uTwrt95HufxV8P4SUfb+qhR8zP1SDXu2MJmlmU/dZpF9l0UA0X8B/miNqzgWiEqAkOQ32Q8f3maHk07Zpn8zcOv0P1lwEtCaDRFr3J5saO7iTW42umWYi83VqOemt1Uj+RtXX9Ii+DP74cNfb7PGzRY9nxaNC+4W3dS0PXdv7fmd7juzSJ8/mXXUuLfZll/2Xfa8N75bHRUmd2N7n/Th/kG5ruqN0/sfPfX+WY9LZMfJX7vO/dp16teuM792nfi167yvXad97Trra9dJX7vO+dp1ytcuM76yH/768EO1nb7D8ib7NuvG9v4ie3bxvvr+9OD4vY7YLv2w/QfHUr7VAKPB4kpVG2JhCgM/wpv6ipTbiNyd44sbMSSDRhQIRD4Gx08bvfx4aBxOjBpm32bNZDSajCtqlLZ+dTdfHNWvgqPaZLL4d4PlTiuldl0otes6qV2XSe26SmrXRVK7rpHadYnUriuk/p0FUtkPb5/53i4q3a4i3a4a3a4S3a4K3a4C3a763K7y3K7q3H8izn3NB4cpWazffvLB4KQ8AWR0GlM+bzQv6/11W7Z0M6n2B7/CByff8MFPhCxYxZXHPng9kkubD2/Scg7X9/ZNy/3B1kESlQJQDsLSvLUUbHWZzJOb0ugKbKJp0iqviizZhPrWkt6b3CxuquLiQi2vS1eDU1HOL2stka+hhV6fTubVljyzPbbOLev2JHBhgXUGxX61HwZxQLZ+kL/3o9RWYdgPLrfxrxbfx796kE/9Mg7B/b2dajMMazQJe5e8fgfCdcG8WQ362gcYXpTouJ8S2od4nfpypRzkw0JKkobtwSjRMx3K4e28US6uxvXcfFlbNa/MaMRO+p5VTkSEbpf961w5H1cGzfOTN+Zm0iovSa9dMWctEp/7uDzA0VXbjlYJnhB5HZV/mFDhdxA/JlSYfEEf0osfPvx12Evm1fDS+O9rbP798vjvM/0XkcP4717wvf0/fvXG78dPd7A/DP++OvZR7C/N/4P42fgvxof9P/aCl+b/7cLq9jL/77u8LrMrscvsyuwyu1K7zK7cLrMrucu8xO4OU/X+e/E8/r/+ERAvxP+vnf8HOTnE/33gcP7f4fy/o8P5f4fz/w7n/x3O//tNDq07nP93OP/vcP7f4fy/A34+Hvf/HqZR7Pn8dwif7v8LOUWH/t9e8L3+36fzk372ASBfnDzztWYK/gDfxoh6JxxzyBhNuWLAMeCAwdgqzQSGwgnBmHSOeY0ptqkTcg04RloaArnCnGBkBFFYGwQxFYZ4LBGmXjvFEVeGSie0NwoKSLkyTmBIoE+fZ9yrHQCy85lUX7QjREiBjLdWCSSYg5Bvz+8QTkpMEfdIUwSMB0Y4AanCmgKrOKDCW2wcJlxzybDDEDgGMUaIIs8EZVwwSZAjFknlIMaaaaQk1IJRrbilRnpKNXCHduSAAw444LfE/w8AAP//aH82JwCcAAA=` - // IMPORTANT: The next expiration is on '2025-06-20T10:07:23Z' - rootJSON = `ewogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgInNwZWNfdmVyc2lvbiI6ICIxLjAiLAogICJ2ZXJzaW9uIjogMSwKICAiZXhwaXJlcyI6ICIyMDI1LTA2LTIwVDEwOjA3OjIzWiIsCiAgImtleXMiOiB7CiAgICIxOGRhNDVlN2Y5ZmY5NTRiNzJmMTliNGViZDczNmU4OGI2NjhjMjNkZjRkZWM0ZTU4ZjZhMDM3MWFmOWJiMzY2IjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICI2OWIzOWRlOTY3NGRlYjc3N2VhNTgwMmYwMjU5MmUzYTg3YzRiZDNhMDEwZTRkMWM5OGU1M2FkMjdjOTBjNGI4IgogICAgfQogICB9LAogICAiNmUzMTk3M2RkMjU1ZGM5MWRjYTgwOGU0MzcxZjNlY2EyMjM2OTBkNjJhZWFmYmE0MmQxNGIwM2YzODYzOTMwOCI6IHsKICAgICJrZXl0eXBlIjogImVkMjU1MTkiLAogICAgInNjaGVtZSI6ICJlZDI1NTE5IiwKICAgICJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCiAgICAgInNoYTI1NiIsCiAgICAgInNoYTUxMiIKICAgIF0sCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiYzc0NGVhODUzNjg5Yjg5YzYyZjBmMDZjYjgyOGE4OTVhYTQ3ODZlOTEzZWE3ZmE5Y2NhYzRkODgxZDcxYmJmZSIKICAgIH0KICAgfSwKICAgIjZlNWI3NzUzNmMwMjhjMWZiYzIwNGRjYjRlOTczMjZjZWRkNjY5YmZiNDVmOTlkYTdmYjRmMjYyNThhMDM5ODYiOiB7CiAgICAia2V5dHlwZSI6ICJlZDI1NTE5IiwKICAgICJzY2hlbWUiOiAiZWQyNTUxOSIsCiAgICAia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwogICAgICJzaGEyNTYiLAogICAgICJzaGE1MTIiCiAgICBdLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogImU0ODA1NGYxYzhmYzQzNDUxY2E2NmU4ZmE1MjQ4NzA5YzYyYThmZjM5ZGU4ZjliYjIxZGRiOGM2YTM3YzcyZWQiCiAgICB9CiAgIH0sCiAgICJkNmY0MTc0Zjk1YjM3YWEyYTBmOGIxZWM1NGRmOWQwY2NmZWQ4MjQzMzEyZDE5ZjIxYWM1OWFkNTAxYmM2YTZiIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICIwY2I5MzFjNTAzY2EzYjBjNjRjN2E3Mzc3Mzc3YWYzYTgwMjA2ZTk2Yzc5NGY4NTA5NzkzOTk0YTE5MGEzYzMzIgogICAgfQogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiNmU1Yjc3NTM2YzAyOGMxZmJjMjA0ZGNiNGU5NzMyNmNlZGQ2NjliZmI0NWY5OWRhN2ZiNGYyNjI1OGEwMzk4NiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAic25hcHNob3QiOiB7CiAgICAia2V5aWRzIjogWwogICAgICJkNmY0MTc0Zjk1YjM3YWEyYTBmOGIxZWM1NGRmOWQwY2NmZWQ4MjQzMzEyZDE5ZjIxYWM1OWFkNTAxYmM2YTZiIgogICAgXSwKICAgICJ0aHJlc2hvbGQiOiAxCiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiMThkYTQ1ZTdmOWZmOTU0YjcyZjE5YjRlYmQ3MzZlODhiNjY4YzIzZGY0ZGVjNGU1OGY2YTAzNzFhZjliYjM2NiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAidGltZXN0YW1wIjogewogICAgImtleWlkcyI6IFsKICAgICAiNmUzMTk3M2RkMjU1ZGM5MWRjYTgwOGU0MzcxZjNlY2EyMjM2OTBkNjJhZWFmYmE0MmQxNGIwM2YzODYzOTMwOCIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9CiAgfSwKICAiY29uc2lzdGVudF9zbmFwc2hvdCI6IHRydWUKIH0sCiAic2lnbmF0dXJlcyI6IFsKICB7CiAgICJrZXlpZCI6ICI2ZTViNzc1MzZjMDI4YzFmYmMyMDRkY2I0ZTk3MzI2Y2VkZDY2OWJmYjQ1Zjk5ZGE3ZmI0ZjI2MjU4YTAzOTg2IiwKICAgInNpZyI6ICJmM2IyMjMwNTk2ZmUzZTU1MzA2OTJmMGY4NGQxMjIxZjQ2YzhhMGRmODQzMGI5OTVjMjZkMjFkYzI3YTY5YTM5ZmQwNWE1MjMzMDBjNTE5ZWVhYzAzNmFkZDNlYmZkOTM3YmY3MjM1ZTcwNjU5YWMyMDgyYzhlYzQ4NTI5ZmYwMCIKICB9CiBdCn0=` + // IMPORTANT: The next expiration is on '2026-01-01T11:46:29Z' + // Steps to generate: + // 1. cgit clone github.com/sigstore/scaffolding + // 2. run ./hack/setup-kind.sh + // 3. export KO_DOCKER_REPO=registry.local:5001/sigstore + // 4. run ./hack/setup-scaffolding.sh + // 5. get the secrets from the kind cluster + // kubectl get secrets -o yaml -n tuf-system tuf-root + rootJSON = `ewogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgInNwZWNfdmVyc2lvbiI6ICIxLjAiLAogICJ2ZXJzaW9uIjogMSwKICAiZXhwaXJlcyI6ICIyMDI2LTAxLTAxVDExOjQ2OjI5WiIsCiAgImtleXMiOiB7CiAgICIwZjhjNWYzNmZiNDMwNzEyMmZiNzk3MGUyMjRiNGUwODY0ZjRhZmE0ZTRmNjM0YmU3Nzg4ZTllYmQ5ZjI2Nzg1IjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICIzMWQ1MzNiMDJlNTgyNGI1NDEwYmNmMjI4NGZlNzVkMmZiNjdhMTA4Y2I1ZTdkNjhmOTc1YzljOWM1ODYyYzVjIgogICAgfQogICB9LAogICAiOTE4MmI1ODVlNzFiOTVmMDA1YzIyZWNkYjQwN2QxMDY5YTlkMjdiOGMzZmFmMzBmMmUxZmM5NTRhNWFkOWNmNiI6IHsKICAgICJrZXl0eXBlIjogImVkMjU1MTkiLAogICAgInNjaGVtZSI6ICJlZDI1NTE5IiwKICAgICJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCiAgICAgInNoYTI1NiIsCiAgICAgInNoYTUxMiIKICAgIF0sCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiZTcxN2Y2NDY0YzMwYWFmMzVhOWE3MzgwY2M4NTkzNjRhNmMxNDgyOGRmNGE4MjJhNWRmYzA5ZTdjODJkMWIxZCIKICAgIH0KICAgfSwKICAgImU4YzZiMWQyMzA3NmYyOThhMTJjOTA4ZDlhODU3ZDFkZWU3MTI3NWQ1ZDdhNmVlOTQ2YTIzM2U4MzEwZjI3NmEiOiB7CiAgICAia2V5dHlwZSI6ICJlZDI1NTE5IiwKICAgICJzY2hlbWUiOiAiZWQyNTUxOSIsCiAgICAia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwogICAgICJzaGEyNTYiLAogICAgICJzaGE1MTIiCiAgICBdLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogIjU0Y2FlMzk2MzFjYmFiYmZmM2RlYjhmMzQ1ZjczMGU3ZmI3YjhkOGNlMTY3ZWZiOGNlMzg3YzQxMTIxOTg3ZjQiCiAgICB9CiAgIH0sCiAgICJmNWYzMTMzYjcwMzljYTMzZjk2ZDI5OTMzN2Q1ZTQyNWVhNzk4MzIyMDEzNjY5OWJlODhhZjU2NWU5NmIyZWVhIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICJhNzliYWQ3MGE4OWJjNjQwODkzZThiMDM1ODQ4YmYyZTU2YWE4NWU1N2MwYzUwODVjNGEzZjVhNWMyZmUwNGYzIgogICAgfQogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiZThjNmIxZDIzMDc2ZjI5OGExMmM5MDhkOWE4NTdkMWRlZTcxMjc1ZDVkN2E2ZWU5NDZhMjMzZTgzMTBmMjc2YSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAic25hcHNob3QiOiB7CiAgICAia2V5aWRzIjogWwogICAgICJmNWYzMTMzYjcwMzljYTMzZjk2ZDI5OTMzN2Q1ZTQyNWVhNzk4MzIyMDEzNjY5OWJlODhhZjU2NWU5NmIyZWVhIgogICAgXSwKICAgICJ0aHJlc2hvbGQiOiAxCiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiOTE4MmI1ODVlNzFiOTVmMDA1YzIyZWNkYjQwN2QxMDY5YTlkMjdiOGMzZmFmMzBmMmUxZmM5NTRhNWFkOWNmNiIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAidGltZXN0YW1wIjogewogICAgImtleWlkcyI6IFsKICAgICAiMGY4YzVmMzZmYjQzMDcxMjJmYjc5NzBlMjI0YjRlMDg2NGY0YWZhNGU0ZjYzNGJlNzc4OGU5ZWJkOWYyNjc4NSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9CiAgfSwKICAiY29uc2lzdGVudF9zbmFwc2hvdCI6IHRydWUKIH0sCiAic2lnbmF0dXJlcyI6IFsKICB7CiAgICJrZXlpZCI6ICJlOGM2YjFkMjMwNzZmMjk4YTEyYzkwOGQ5YTg1N2QxZGVlNzEyNzVkNWQ3YTZlZTk0NmEyMzNlODMxMGYyNzZhIiwKICAgInNpZyI6ICI1MmM2YTkyNGFiZWYwMGY1YzY2NDE0OGIzMWRjMDRkOTVhNWE5ZjY1MjJlNTkwMDAyMzViNTAxNDUxYjRmYzc0MjEwZTVhY2NhOTRkZWIyZmNhNTgzZmM4ZTY4NDY0NTRiYTY2YzFhNzY4NWMxMDJhMDQ5N2JiMDNlMTEzYjIwMyIKICB9CiBdCn0=` ) func TestCompressUncompressFS(t *testing.T) {