Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync TUF cache used for sigstore bundle verification #166

Merged
merged 5 commits into from
Jun 19, 2024

Conversation

malancas
Copy link
Contributor

@malancas malancas commented Jun 6, 2024

Part of https://github.com/github/package-security/issues/1732

Update GetTrustedRoot to sync the TUF cache every 24 hours. I will look into threading the new trustroot-resync-period flag down to this function to the resync period is no longer hardcoded in a follow up.

malancas added 4 commits June 6, 2024 13:06
Signed-off-by: Meredith Lancaster <[email protected]>
Signed-off-by: Meredith Lancaster <[email protected]>
Signed-off-by: Meredith Lancaster <[email protected]>
@malancas malancas changed the title Sync tuf cache used for sigstore bundle verification Sync TUF cache used for sigstore bundle verification Jun 14, 2024
@malancas malancas marked this pull request as ready for review June 14, 2024 13:38
@malancas malancas requested review from steiza and a team as code owners June 14, 2024 13:38
Copy link
Member

@phillmv phillmv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, suggested minor change.

pkg/tuf/repo.go Outdated
)

// GetTrustedRoot returns the trusted root for the TUF repository.
func GetTrustedRoot() (*root.TrustedRoot, error) {
once.Do(func() {
now := time.Now().UTC()
if timestamp.IsZero() || timestamp.Before(now.Add(-24*time.Hour)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 Before(now.Add(-24*Hour) doesn't quite roll off the tongue. What about,

is now 24hrs after the last time we checked?
now.After(timestamp.Add(24*time.Hour))

(assuming I didn't mess up the math, time math is notoriously tricky)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems easier to understand to me

Signed-off-by: Meredith Lancaster <[email protected]>
Copy link
Collaborator

@codysoyland codysoyland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, looks good!

@malancas malancas merged commit e2bccf2 into release Jun 19, 2024
14 of 73 checks passed
@malancas malancas deleted the tuf-cache-sync branch June 19, 2024 14:31
codysoyland pushed a commit that referenced this pull request Jun 24, 2024
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
codysoyland pushed a commit that referenced this pull request Jul 9, 2024
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
codysoyland pushed a commit that referenced this pull request Sep 16, 2024
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
codysoyland pushed a commit that referenced this pull request Oct 10, 2024
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
codysoyland pushed a commit that referenced this pull request Nov 18, 2024
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
codysoyland pushed a commit that referenced this pull request Jan 7, 2025
* sync tuf cache used for sigstore bundle verification

Signed-off-by: Meredith Lancaster <[email protected]>

* remove singleton err

Signed-off-by: Meredith Lancaster <[email protected]>

* start adding lock

Signed-off-by: Meredith Lancaster <[email protected]>

* Use RWMutex

Signed-off-by: Meredith Lancaster <[email protected]>

* pr feedback

Signed-off-by: Meredith Lancaster <[email protected]>

---------

Signed-off-by: Meredith Lancaster <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants