diff --git a/cmd/cosign/cli/initialize/init.go b/cmd/cosign/cli/initialize/init.go index a44909c312e..d629550aeb3 100644 --- a/cmd/cosign/cli/initialize/init.go +++ b/cmd/cosign/cli/initialize/init.go @@ -86,6 +86,12 @@ func doInitialize(ctx context.Context, root, mirror, rootChecksum string, forceS return fmt.Errorf("storing remote: %w", err) } + // Cache the signing config from the TUF repository + _, err = tufroot.FetchSigningConfigWithOptions(opts) + if err != nil { + ui.Warnf(ctx, "Could not fetch signing_config.json from the TUF mirror (encountered error: %v). It is recommended to use a signing config file rather than provide service URLs when signing.", err) + } + // Cache the trusted root from the TUF repository trustedRoot, err := tufroot.NewLiveTrustedRoot(opts) if err != nil { ui.Warnf(ctx, "Could not fetch trusted_root.json from the TUF mirror (encountered error: %v), falling back to individual targets. It is recommended to update your TUF metadata repository to include trusted_root.json.", err) diff --git a/cmd/cosign/cli/initialize/init_test.go b/cmd/cosign/cli/initialize/init_test.go index 0586a93e5d8..e2932a329ca 100644 --- a/cmd/cosign/cli/initialize/init_test.go +++ b/cmd/cosign/cli/initialize/init_test.go @@ -155,13 +155,16 @@ func TestDoInitialize(t *testing.T) { expectV2 bool }{ { - name: "tuf v2 with trusted root", - targets: map[string][]byte{"trusted_root.json": []byte(`{"mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1"}`)}, + name: "tuf v2 with trusted root and signing config", + targets: map[string][]byte{ + "trusted_root.json": []byte(`{"mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1"}`), + "signing_config.v0.2.json": []byte(`{"mediaType": "application/vnd.dev.sigstore.signingconfig.v0.2+json"}`), + }, root: "1.root.json", wantStdOut: "", wantStdErr: "", wantErr: false, - wantFiles: []string{filepath.Join("targets", "trusted_root.json")}, + wantFiles: []string{filepath.Join("targets", "trusted_root.json"), filepath.Join("targets", "signing_config.v0.2.json")}, expectV2: true, }, {