Ramon Petgrave c789437815 feat: refactor: use sigstore-go for fetching TrustedRoot (#791) ...

Uses the `sigstore-go` library for fetching the `TrustedRoot`, which
contains the Sigstore infrastructure certificates needed to validate the
leaf ephemeral certificates used to sign artifacts.

Refactors:

- replace `TrustedRootSingleton()` with `getDefaultCosignCheckOpts()`,
since only `VerifyImage()` will now need that data.
- replace `cosign.ValidateAndUnpackCert`
with`sigstoreVerify.VerifyLeafCertificate()`
- use `sync.Once` for sigstore and rekor clients, and the `TrustedRoot`

## Testing

- existing tests continue to pass
- [negative tests
](d96b977709/cli/slsa-verifier/main_regression_test.go (L450-L471))
against rekor TLogs
- manual invocations of `verify-artifact`.

---------

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>

2024-08-02 21:47:50 +00:00

..

container

chore: update slsa provenance to v1 (#579)

2023-05-08 15:18:16 +00:00

builder_test.go

feat: Use tags vX.Y.Z-<language> for JReleaser builders (#644)

2023-07-10 16:42:48 +00:00

builder.go

feat: Use tags vX.Y.Z-<language> for JReleaser builders (#644)

2023-07-10 16:42:48 +00:00

dsse_test.go

feat: npm default runner support (#495)

2023-03-02 21:53:29 +00:00

dsse.go

feat: vsa support (#777)

2024-07-10 21:25:16 -04:00

git_test.go

refactor: Add more git utils (#645)

2023-07-01 09:03:52 +09:00

git.go

refactor: Add more git utils (#645)

2023-07-01 09:03:52 +09:00

sigstore_tuf.go

feat: refactor: use sigstore-go for fetching TrustedRoot (#791)

2024-08-02 21:47:50 +00:00

source_tag.go

feat: GCB tag and versioned-tag support for containers (#540)

2023-03-23 16:57:34 +00:00

structures.go

feat: BYOB verification support (#604)

2023-05-23 01:41:17 +00:00