Skip to content

cli: Support using other Sigstore instances #1548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Oct 6, 2025
Merged

cli: Support using other Sigstore instances #1548

merged 14 commits into from
Oct 6, 2025

Conversation

jku
Copy link
Member

@jku jku commented Sep 22, 2025
edited
Loading

I started prototyping #1546 and I think this turned out quite nice (since all of the internals already support this).

Summary

We already support --staging to change the used sigstore instance (and --trust-config to completely manually define the instance) but supporting any sigstore instance would be nice (it would also be directly useful in the root-signing testing as that essentially uses other sigstore instances like https://sigstore.github.io/root-signing/).

The complication is that there are two separate things that need to be supported:

  1. initializing trust to a new instance
  2. doing a sigstore action (sign/verify/...) with that instance

This PR solves this by adding a top level subcommand trust-instance for 1 and a flag --instance for 2. The former takes a TUF root metadata file and latter takes the URL as argment. I think this is the best compromise as

  • trust only needs to be provided once, it will then be cached
  • Provided trust will only be used if the --instance flag is used so there is never any accidental or unexpected trust
  • --staging is now basically a shortcut for --instance https://tuf-repo-cdn.sigstage.dev and likewise you could say that the default is --instance https://tuf-repo-cdn.sigstore.dev

Similar implementations

Other clients have similar functionality: cosign via cosign initialize and sigstore-js with sigstore initialize but these have the unpleasant side effect of modifying the default that the client uses from that point on: I think this is a bad idea and requiring a --instance ... flag on every command is better. Users who want to always use a private instance should write a wrapper over sigstore-python to do that.

example

$ # The example unsafely fetches root for demonstration purposes only
$ URL=https://sigstore.github.io/root-signing
$ curl -o root.json $URL/13.root.json
$ sigstore --instance $URL trust-instance root.json
$ sigstore --instance $URL sign README.md

Review items

  • names: I'm not sure if "instance" is a great name (but I also did not want "TUF" in there since that's an implementation detail). I wish we had used trust.sigstore.dev as the tuf url to make it clearer but 🤷.
  • error checks on trust-instance:
    • currently both incorrect root metadata and incorrect instance URL lead to an error message about a failed tuf refresh, --verbose will show a stack trace that looks useful. I think that's reasonable.
    • trying to initialize trust again for an already trusted repository works -- but the embedded trust overrides this: so the embedded roots for sigstore.dev and sigstage.dev will always be used and cannot be "overwritten"
  • sub-command location: we could hide the subcommand under plumbing too: sigstore plumbing trust-instance but that does not feel quite right
  • do we want to expose the currently trusted instances somewhere in UI? I don't think it's really necessary (since you can't accidentally use an instance) but we could print the URLs and the local metadata paths somewhere (like sigstore trust-instance --list)

@jku jku force-pushed the support-other-instances branch from 8dcbda4 to 6be6ef7 Compare September 22, 2025 10:13
@jku
cli: Support using other Sigstore instances
f853732 
example:

$ sigstore --instance https://sigstore.github.io/root-signing \
  init-instance ~/src/root-signing/metadata/root.json

$ sigstore --instance https://sigstore.github.io/root-signing \
  sign README.md

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the support-other-instances branch from 6be6ef7 to f853732 Compare September 22, 2025 10:16
jku added 2 commits September 23, 2025 10:50
@jku
cli: Rename init-instance to trust-instance
b22a1db 
The intent seems clearer with new name.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
trust-instance: Do TUF update when initializing trust
58f82b8 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the support-other-instances branch from 7f66ddf to 2473f4e Compare September 23, 2025 10:51
@jku
tuf: wrap constructor in try-except as well
90e14c5 
This way issues with initial root will also lead to TUFError

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the support-other-instances branch from 2473f4e to 90e14c5 Compare September 23, 2025 10:59
@jku jku marked this pull request as ready for review September 23, 2025 11:02
@jku
cli: Remove special case error handling
8afdc68 
This case now leads to TUFError that is already handled upstream.
The error is now a little less specific but still good.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku
Copy link
Member Author

jku commented Sep 23, 2025
edited
Loading

A note on the security aspect here: the instances with embedded trust roots (currently sigstore.dev, sigstage.dev) are more secure than instances trusted with trust-instance:

  • there is less chicken-and-egg problem with establishing trust as root.json comes with sigstore-python
  • if sigstore-python is installed in non-user-writable location (such as part of the OS install), the embedded roots are better protected than the ones that are runtime trusted (as runtime trusted roots necessarily have to remain in user-writable locations)
  • the embedded roots are always used when available: trust roots for those instances cannot be overwritten with trust-instance

@jku jku mentioned this pull request Oct 2, 2025
Open
di
di previously approved these changes Oct 6, 2025
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with/without my suggestions.

@jku jku force-pushed the support-other-instances branch from 48c9cd3 to c658b73 Compare October 6, 2025 15:36
@jku
cli: Add help text about argument exclusivity
8efbe66 
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
@jku jku force-pushed the support-other-instances branch from c658b73 to 8efbe66 Compare October 6, 2025 15:38
@jku
Copy link
Member Author

jku commented Oct 6, 2025

Thanks for comments: I updated the help texts with "Mutually exclusive with other instance configuration arguments", and maybe finally got check-README to approve...

woodruffw
woodruffw approved these changes Oct 6, 2025
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jku!

@woodruffw woodruffw added enhancement New feature or request component:cli CLI components labels Oct 6, 2025
@woodruffw woodruffw merged commit 64dbeba into sigstore:main Oct 6, 2025
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di left review comments

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
component:cli CLI components enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jku @di @woodruffw