MCPcopy
hub / github.com/cli/cli / getTrustedRoot

Function getTrustedRoot

pkg/cmd/attestation/trustedroot/trustedroot.go:125–194  ·  view source on GitHub ↗
(makeTUF tufClientInstantiator, opts *Options, hc *http.Client)

Source from the content-addressed store, hash-verified

123}
124
125func getTrustedRoot(makeTUF tufClientInstantiator, opts *Options, hc *http.Client) error {
126 var tufOptions []tufConfig
127 var defaultTR = "trusted_root.json"
128
129 tufOpt := verification.DefaultOptionsWithCacheSetting(o.None[string](), hc)
130 // Disable local caching, so we get up-to-date response from TUF repository
131 tufOpt.CacheValidity = 0
132
133 // Target will be either the default trusted root, or the trust domain-qualified one
134 ghTR := defaultTR
135 if opts.TrustDomain != "" {
136 ghTR = fmt.Sprintf("%s.%s", opts.TrustDomain, defaultTR)
137 }
138
139 if opts.TufUrl != "" && opts.TufRootPath != "" {
140 tufRoot, err := os.ReadFile(opts.TufRootPath)
141 if err != nil {
142 return fmt.Errorf("failed to read root file %s: %v", opts.TufRootPath, err)
143 }
144
145 tufOpt.Root = tufRoot
146 tufOpt.RepositoryBaseURL = opts.TufUrl
147 tufOptions = append(tufOptions, tufConfig{
148 tufOptions: tufOpt,
149 targets: []string{ghTR},
150 })
151 } else {
152 // Get from both Sigstore public good and GitHub private instance
153 tufOptions = append(tufOptions, tufConfig{
154 tufOptions: tufOpt,
155 targets: []string{defaultTR},
156 })
157
158 tufOpt = verification.GitHubTUFOptions(o.None[string](), hc)
159 tufOpt.CacheValidity = 0
160 tufOptions = append(tufOptions, tufConfig{
161 tufOptions: tufOpt,
162 targets: []string{ghTR},
163 })
164 }
165
166 for _, tufOpt := range tufOptions {
167 tufClient, err := makeTUF(tufOpt.tufOptions)
168 if err != nil {
169 return fmt.Errorf("failed to create TUF client: %v", err)
170 }
171
172 for _, target := range tufOpt.targets {
173 t, err := tufClient.GetTarget(target)
174 if err != nil {
175 return fmt.Errorf("failed to retrieve trusted root %s via TUF: %w",
176 target, err)
177 }
178
179 output := new(bytes.Buffer)
180 err = json.Compact(output, t)
181 if err != nil {
182 return err

Callers 2

NewTrustedRootCmdFunction · 0.85
TestGetTrustedRootFunction · 0.85

Calls 5

GitHubTUFOptionsFunction · 0.92
PrintlnMethod · 0.80
ErrorfMethod · 0.65
PrintfMethod · 0.65

Tested by 1

TestGetTrustedRootFunction · 0.68