Skip to content

feat(verify): private Sigstore trust root for bundle verification #1153

Description

@lockwobr

Problem

Private Sigstore signing (#408) lets an org sign against a self-hosted Fulcio/Rekor, but aicr verify can only verify against the public-good trusted root. verifySigstoreBundle calls trust.GetTrustedMaterial() (pkg/bundler/verifier/trust.go), which has no override for a private CA root or a custom TUF trust root. So privately-signed bundles fail verification.

Proposal

Allow aicr verify to load a custom Sigstore trusted root so bundles signed against private Fulcio/Rekor verify against the matching root of trust.

Behavior

  • A flag (e.g. --trust-root <path> / --certificate-chain) or a TUF root URL supplies the private root of trust to the sigstore-go verifier.
  • Public-good remains the default when unset.
  • Composes with the keyless identity-pinning path (the identity matcher is unchanged; only the root material differs).

Dependencies

Success criteria

  • A bundle signed via aicr bundle --fulcio-url <private> --rekor-url <private> verifies with the corresponding private trust root.
  • Public Sigstore verification is unchanged when no custom root is supplied.
  • make test / make lint pass.

Metadata

Metadata

Assignees

No one assigned

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions