feat: Add configuration verification for targets config #294

asraa · 2022-06-28T21:18:50Z

Description

Not for docs: Another thing that might be useful to verify with a verification script, that usage and status are set for all targets

haydentherapper · 2024-09-04T15:53:10Z

@kommendorkapten I think this is still relevant, could we use trtool to verify the trusted root file?

kommendorkapten · 2024-09-05T05:31:38Z

Yes, that is correct @haydentherapper

jku · 2024-09-05T06:52:42Z

I'm not sure what the description means but if this is about validating changes to artifacts like trusted_root.json:

We should add a separate artifact validation workflow that runs on artifact changes to sign/* branches -- this would not be part of tuf-on-ci but a root-signing workflow that runs in every signing event
the workflow should run at least one sigstore client with the trusted_root.json (without using TUF)
the workflow could also run some external validation tooling like trtool

asraa added the enhancement New feature or request label Jun 28, 2022

asraa added this to the v5 milestone Jun 28, 2022

asraa mentioned this issue Jun 28, 2022

docs: add orchestration playbook and fix rotation #292

Merged

asraa mentioned this issue Sep 26, 2022

fix: fix targets metadata and add test #393

Merged

Provide feedback