Cache signing config when calling initialize

cmd/cosign/cli/initialize/init.go

@@ -86,6 +86,12 @@ func doInitialize(ctx context.Context, root, mirror, rootChecksum string, forceS
 		return fmt.Errorf("storing remote: %w", err)
 	}
 
+	// Cache the signing config from the TUF repository
+	_, err = tufroot.FetchSigningConfigWithOptions(opts)
+	if err != nil {
+		ui.Warnf(ctx, "Could not fetch signing_config.json from the TUF mirror (encountered error: %v). It is recommended to use a signing config file rather than provide service URLs when signing.", err)
+	}
+	// Cache the trusted root from the TUF repository
 	trustedRoot, err := tufroot.NewLiveTrustedRoot(opts)
 	if err != nil {
 		ui.Warnf(ctx, "Could not fetch trusted_root.json from the TUF mirror (encountered error: %v), falling back to individual targets. It is recommended to update your TUF metadata repository to include trusted_root.json.", err)

cmd/cosign/cli/initialize/init_test.go

@@ -155,13 +155,16 @@ func TestDoInitialize(t *testing.T) {
 		expectV2   bool
 	}{
 		{
-			name:       "tuf v2 with trusted root",
-			targets:    map[string][]byte{"trusted_root.json": []byte(`{"mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1"}`)},
+			name: "tuf v2 with trusted root and signing config",
+			targets: map[string][]byte{
+				"trusted_root.json":        []byte(`{"mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1"}`),
+				"signing_config.v0.2.json": []byte(`{"mediaType": "application/vnd.dev.sigstore.signingconfig.v0.2+json"}`),
+			},
 			root:       "1.root.json",
 			wantStdOut: "",
 			wantStdErr: "",
 			wantErr:    false,
-			wantFiles:  []string{filepath.Join("targets", "trusted_root.json")},
+			wantFiles:  []string{filepath.Join("targets", "trusted_root.json"), filepath.Join("targets", "signing_config.v0.2.json")},
 			expectV2:   true,
 		},
 		{