Skip to content

Commit 8a7b9db

Browse files
Hayden-IOHayden-IO
authored
Bump TUF root version (#1312)
* Bump TUF root version Also update the embedded targets. Signed-off-by: Hayden Blauzvern <[email protected]>
1 parent c75fa95 commit 8a7b9db

File tree

17 files changed

+202
-508
lines changed

17 files changed

+202
-508
lines changed

pkg/tuf/client.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@ import (
3737
"github.com/theupdateframework/go-tuf/client"
3838
tuf_leveldbstore "github.com/theupdateframework/go-tuf/client/leveldbstore"
3939
"github.com/theupdateframework/go-tuf/data"
40-
_ "github.com/theupdateframework/go-tuf/pkg/deprecated/set_ecdsa"
4140
"github.com/theupdateframework/go-tuf/util"
4241
)
4342

pkg/tuf/client_test.go

Lines changed: 0 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -821,42 +821,6 @@ func TestConcurrentAccessInitialize(t *testing.T) {
821821
resetForTests()
822822
}
823823

824-
func TestKeyFormatMigration(t *testing.T) {
825-
// Override the expiration time so the test doesn't fail on
826-
// expiration.
827-
oldIsExpired := verify.IsExpired
828-
verify.IsExpired = func(_ time.Time) bool { return false }
829-
defer func() {
830-
verify.IsExpired = oldIsExpired
831-
}()
832-
td := t.TempDir()
833-
ctx := context.Background()
834-
// Set the TUF_ROOT so we don't interact with other tests and local TUF roots.
835-
t.Setenv("TUF_ROOT", td)
836-
837-
// Serve remote repository.
838-
s := httptest.NewServer(
839-
http.FileServer(http.Dir("./test_data/hex_to_ecdsa_migration")))
840-
defer s.Close()
841-
842-
rootBytes, err := os.ReadFile("./test_data/hex_to_ecdsa_migration/1.root.json")
843-
if err != nil {
844-
t.Fatal(err)
845-
}
846-
847-
if err := Initialize(ctx, s.URL, rootBytes); err != nil {
848-
t.Error(err)
849-
}
850-
851-
defer resetForTests()
852-
853-
tuf, err := NewFromEnv(ctx)
854-
if err != nil {
855-
t.Fatal(err)
856-
}
857-
checkTargetsAndMeta(t, tuf, []string{"fulcio.crt.pem"})
858-
}
859-
860824
// Test to validate that sigstore TUF client can cache targets that
861825
// are located in sub-folders.
862826
func TestTargetsSubfolder(t *testing.T) {

pkg/tuf/repository/root.json

Lines changed: 70 additions & 74 deletions
Original file line numberDiff line numberDiff line change
@@ -1,144 +1,140 @@
11
{
2-
"signatures": [
3-
{
4-
"keyid": "2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
5-
"sig": "3046022100d3ea59490b253beae0926c6fa63f54336dea1ed700555be9f27ff55cd347639c0221009157d1ba012cead81948a4ab777d355451d57f5c4a2d333fc68d2e3f358093c2"
6-
},
7-
{
8-
"keyid": "bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
9-
"sig": "304502206eaef40564403ce572c6d062e0c9b0aab5e0223576133e081e1b495e8deb9efd02210080fd6f3464d759601b4afec596bbd5952f3a224cd06ed1cdfc3c399118752ba2"
10-
},
11-
{
12-
"keyid": "eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
13-
"sig": "304502207baace02f56d8e6069f10b6ff098a26e7f53a7f9324ad62cffa0557bdeb9036c022100fb3032baaa090d0040c3f2fd872571c84479309b773208601d65948df87a9720"
14-
},
15-
{
16-
"keyid": "f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
17-
"sig": "304402205180c01905505dd88acd7a2dad979dd75c979b3722513a7bdedac88c6ae8dbeb022056d1ddf7a192f0b1c2c90ff487de2fb3ec9f0c03f66ea937c78d3b6a493504ca"
18-
},
19-
{
20-
"keyid": "f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209",
21-
"sig": "3046022100c8806d4647c514d80fd8f707d3369444c4fd1d0812a2d25f828e564c99790e3f022100bb51f12e862ef17a7d3da2ac103bebc5c7e792237006c4cafacd76267b249c2f"
22-
}
23-
],
242
"signed": {
253
"_type": "root",
26-
"consistent_snapshot": false,
27-
"expires": "2022-05-11T19:09:02.663975009Z",
4+
"spec_version": "1.0",
5+
"version": 7,
6+
"expires": "2023-10-04T13:08:11Z",
287
"keys": {
29-
"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97": {
8+
"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": {
9+
"keytype": "ecdsa-sha2-nistp256",
10+
"scheme": "ecdsa-sha2-nistp256",
3011
"keyid_hash_algorithms": [
3112
"sha256",
3213
"sha512"
3314
],
34-
"keytype": "ecdsa-sha2-nistp256",
3515
"keyval": {
36-
"public": "04cbc5cab2684160323c25cd06c3307178a6b1d1c9b949328453ae473c5ba7527e35b13f298b41633382241f3fd8526c262d43b45adee5c618fa0642c82b8a9803"
37-
},
38-
"scheme": "ecdsa-sha2-nistp256"
16+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n"
17+
}
3918
},
40-
"b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d": {
19+
"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": {
20+
"keytype": "ecdsa-sha2-nistp256",
21+
"scheme": "ecdsa-sha2-nistp256",
4122
"keyid_hash_algorithms": [
4223
"sha256",
4324
"sha512"
4425
],
45-
"keytype": "ecdsa-sha2-nistp256",
4626
"keyval": {
47-
"public": "04fa1a3e42f2300cd3c5487a61509348feb1e936920fef2f83b7cd5dbe7ba045f538725ab8f18a666e6233edb7e0db8766c8dc336633449c5e1bbe0c182b02df0b"
48-
},
49-
"scheme": "ecdsa-sha2-nistp256"
27+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n"
28+
}
5029
},
51-
"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62": {
30+
"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": {
31+
"keytype": "ecdsa-sha2-nistp256",
32+
"scheme": "ecdsa-sha2-nistp256",
5233
"keyid_hash_algorithms": [
5334
"sha256",
5435
"sha512"
5536
],
56-
"keytype": "ecdsa-sha2-nistp256",
5737
"keyval": {
58-
"public": "04a71aacd835dc170ba6db3fa33a1a33dee751d4f8b0217b805b9bd3242921ee93672fdcfd840576c5bb0dc0ed815edf394c1ee48c2b5e02485e59bfc512f3adc7"
59-
},
60-
"scheme": "ecdsa-sha2-nistp256"
38+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n"
39+
}
6140
},
62-
"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b": {
41+
"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": {
42+
"keytype": "ecdsa-sha2-nistp256",
43+
"scheme": "ecdsa-sha2-nistp256",
6344
"keyid_hash_algorithms": [
6445
"sha256",
6546
"sha512"
6647
],
67-
"keytype": "ecdsa-sha2-nistp256",
6848
"keyval": {
69-
"public": "04117b33dd265715bf23315e368faa499728db8d1f0a377070a1c7b1aba2cc21be6ab1628e42f2cdd7a35479f2dce07b303a8ba646c55569a8d2a504ba7e86e447"
70-
},
71-
"scheme": "ecdsa-sha2-nistp256"
49+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n"
50+
}
7251
},
73-
"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb": {
52+
"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": {
53+
"keytype": "ecdsa-sha2-nistp256",
54+
"scheme": "ecdsa-sha2-nistp256",
7455
"keyid_hash_algorithms": [
7556
"sha256",
7657
"sha512"
7758
],
78-
"keytype": "ecdsa-sha2-nistp256",
7959
"keyval": {
80-
"public": "04cc1cd53a61c23e88cc54b488dfae168a257c34fac3e88811c55962b24cffbfecb724447999c54670e365883716302e49da57c79a33cd3e16f81fbc66f0bcdf48"
81-
},
82-
"scheme": "ecdsa-sha2-nistp256"
60+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n"
61+
}
8362
},
84-
"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209": {
63+
"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": {
64+
"keytype": "ecdsa-sha2-nistp256",
65+
"scheme": "ecdsa-sha2-nistp256",
8566
"keyid_hash_algorithms": [
8667
"sha256",
8768
"sha512"
8869
],
89-
"keytype": "ecdsa-sha2-nistp256",
9070
"keyval": {
91-
"public": "048a78a44ac01099890d787e5e62afc29c8ccb69a70ec6549a6b04033b0a8acbfb42ab1ab9c713d225cdb52b858886cf46c8e90a7f3b9e6371882f370c259e1c5b"
92-
},
93-
"scheme": "ecdsa-sha2-nistp256"
71+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n"
72+
}
9473
},
95-
"fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451": {
74+
"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": {
75+
"keytype": "ecdsa-sha2-nistp256",
76+
"scheme": "ecdsa-sha2-nistp256",
9677
"keyid_hash_algorithms": [
9778
"sha256",
9879
"sha512"
9980
],
100-
"keytype": "ecdsa-sha2-nistp256",
10181
"keyval": {
102-
"public": "044c7793ab74b9ddd713054e587b8d9c75c5f6025633d0fef7ca855ed5b8d5a474b23598fe33eb4a63630d526f74d4bdaec8adcb51993ed65652d651d7c49203eb"
103-
},
104-
"scheme": "ecdsa-sha2-nistp256"
82+
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n"
83+
}
10584
}
10685
},
10786
"roles": {
10887
"root": {
10988
"keyids": [
110-
"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
111-
"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
112-
"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
113-
"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
114-
"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209"
89+
"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c",
90+
"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
91+
"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
92+
"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
93+
"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"
11594
],
11695
"threshold": 3
11796
},
11897
"snapshot": {
11998
"keyids": [
120-
"fc61191ba8a516fe386c7d6c97d918e1d241e1589729add09b122725b8c32451"
99+
"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b"
121100
],
122101
"threshold": 1
123102
},
124103
"targets": {
125104
"keyids": [
126-
"2f64fb5eac0cf94dd39bb45308b98920055e9a0d8e012a7220787834c60aef97",
127-
"bdde902f5ec668179ff5ca0dabf7657109287d690bf97e230c21d65f99155c62",
128-
"eaf22372f417dd618a46f6c627dbc276e9fd30a004fc94f9be946e73f8bd090b",
129-
"f40f32044071a9365505da3d1e3be6561f6f22d0e60cf51df783999f6c3429cb",
130-
"f505595165a177a41750a8e864ed1719b1edfccd5a426fd2c0ffda33ce7ff209"
105+
"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c",
106+
"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
107+
"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
108+
"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
109+
"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"
131110
],
132111
"threshold": 3
133112
},
134113
"timestamp": {
135114
"keyids": [
136-
"b6710623a30c010738e64c5209d367df1c0a18cf90e6ab5292fb01680f83453d"
115+
"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a"
137116
],
138117
"threshold": 1
139118
}
140119
},
141-
"spec_version": "1.0",
142-
"version": 2
143-
}
120+
"consistent_snapshot": true
121+
},
122+
"signatures": [
123+
{
124+
"keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99",
125+
"sig": "3046022100c0610c0055ce5c4a52d054d7322e7b514d55baf44423d63aa4daa077cc60fd1f022100a097f2803f090fb66c42ead915a2c46ebe7db53a32bf18f2188275cc936f8bdd"
126+
},
127+
{
128+
"keyid": "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f",
129+
"sig": "304502203134f0468810299d5493a867c40630b341296b92e59c29821311d353343bb3a4022100e667ae3d304e7e3da0894c7425f6b9ecd917106841280e5cf6f3496ad5f8f68e"
130+
},
131+
{
132+
"keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b",
133+
"sig": "3045022037fe5f45426f21eaaf4730d2136f2b1611d6379688f79b9d1e3f61719997135c022100b63b022d7b79d4694b96f416d88aa4d7b1a3bff8a01f4fb51e0f42137c7d2d06"
134+
},
135+
{
136+
"keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de",
137+
"sig": "3044022007cc8fcc4940809f2751ad5b535f4c5f53f5b4952f5b5696b09668e743306ac1022006dfcdf94e94c92163eeb1b47796db62cedaa730aa13aa61b573fe23714730f2"
138+
}
139+
]
144140
}

pkg/tuf/repository/targets/ctfe_2022.pub

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiPSlFi0CmFTfEjCUqF9HuCEcYXNK
3+
AaYalIJmBZ8yyezPjTqhxrKBpMnaocVtLJBI1eM3uXnQzQGAJdJ4gs9Fyw==
4+
-----END PUBLIC KEY-----

pkg/tuf/repository/targets/fulcio_intermediate_v1.crt.pem

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw
3+
KjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y
4+
MjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl
5+
LmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C
6+
AQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7
7+
7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS
8+
0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB
9+
BQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp
10+
KFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI
11+
zj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR
12+
nZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP
13+
mygUY7Ii2zbdCdliiow=
14+
-----END CERTIFICATE-----

pkg/tuf/repository/targets/rekor.0.pub

Lines changed: 0 additions & 4 deletions
This file was deleted.

pkg/tuf/repository/targets/rekor.json

Lines changed: 0 additions & 23 deletions
This file was deleted.

0 commit comments

Comments
 (0)