Skip to content

Commit

Permalink
Add a log message if user doesn't provide --trusted-root (#3933)
Browse files Browse the repository at this point in the history
So the user knows that we're assuming the public good instance and
fetching the trusted root via TUF.

Signed-off-by: Zach Steindler <steiza@github.com>
  • Loading branch information
steiza authored Nov 13, 2024
1 parent ad5bc3b commit 93b72d2
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions cmd/cosign/cli/verify/verify_bundle.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
"github.com/sigstore/sigstore/pkg/cryptoutils"
"github.com/sigstore/sigstore/pkg/signature"

"github.com/sigstore/cosign/v2/internal/ui"
"github.com/sigstore/cosign/v2/pkg/cosign"
"github.com/sigstore/cosign/v2/pkg/cosign/pivkey"
sigs "github.com/sigstore/cosign/v2/pkg/signature"
Expand All @@ -62,6 +63,7 @@ func verifyNewBundle(ctx context.Context, bundlePath, trustedRootPath, keyRef, s
var trustedroot *root.TrustedRoot

if trustedRootPath == "" {
ui.Infof(ctx, "no --trusted-root specified; fetching public good instance verification material via TUF")
// Assume we're using public good instance; fetch via TUF
trustedroot, err = root.FetchTrustedRoot()
if err != nil {
Expand Down

0 comments on commit 93b72d2

Please sign in to comment.