Skip to content

feat: add --instance support for TUF-based trust bootstrapping#617

Open
SequeI wants to merge 1 commit intosigstore:mainfrom
SequeI:instanceTrust
Open

feat: add --instance support for TUF-based trust bootstrapping#617
SequeI wants to merge 1 commit intosigstore:mainfrom
SequeI:instanceTrust

Conversation

@SequeI
Copy link
Copy Markdown
Contributor

@SequeI SequeI commented Mar 2, 2026
edited
Loading

Summary

Allow users to bootstrap and use a Sigstore instance by its TUF repository URL instead of requiring a full ClientTrustConfig JSON file. Adds a trust-instance CLI command to seed the local TUF cache from a root.json, and an --instance option on sign/verify to resolve trust configuration via TUF at runtime. Bumps sigstore dependency to >=4.2.

# Fetch the public goods root.json
curl -o /tmp/root.json https://tuf-repo-cdn.sigstore.dev/root.json

# Bootstrap trust for the instance
model_signing trust-instance --instance https://tuf-repo-cdn.sigstore.dev /tmp/root.json

# Sign the model
model_signing sign --instance https://tuf-repo-cdn.sigstore.dev --signature /tmp/test-model.sig bert_based_uncased

# Verify the model
model_signing verify sigstore --instance https://tuf-repo-cdn.sigstore.dev \
--signature /tmp/test-model.sig \
--identity $EMAIL \
--identity-provider https://accounts.google.com \
bert_based_uncased

Also tested with personal private RH sigstore instance, worked perfect.

Closes #618

Checklist
  • All commits are signed-off, using DCO
  • All new code has docstrings and type annotations
  • All new code is covered by tests. Aim for at least 90% coverage. CI is configured to highlight lines not covered by tests.
  • Public facing changes are paired with documentation changes
  • Release note has been added to CHANGELOG.md if needed

@SequeI
feat: add --instance support for TUF-based trust bootstrapping
1865fb7 
Allow users to bootstrap and use a Sigstore instance by its TUF
repository URL instead of requiring a full ClientTrustConfig JSON file.
Adds a trust-instance CLI command to seed the local TUF cache from a
root.json, and an --instance option on sign/verify to resolve trust
configuration via TUF at runtime. Bumps sigstore dependency to >=4.2.

Signed-off-by: SequeI <asiek@redhat.com>
@SequeI SequeI requested review from a team as code owners March 2, 2026 01:42
@SequeI
Copy link
Copy Markdown
Contributor Author

SequeI commented Mar 2, 2026

Tests fail rn because of the OIDC pulling action, I noticed it seems to fail around this time period I opened the PR at. Will rerun tests in a different time period.

@mihaimaruseac
Copy link
Copy Markdown
Member

mihaimaruseac commented Mar 30, 2026

Should we use instead the tooling that already exists in the Sigstore ecosystem for this? I'm wary of creating divergences in the future.

CC @Hayden-IO as this also relates to the way we interoperate within the wider Sigstore ecosystem

@mihaimaruseac mihaimaruseac added the discusion pending Label for PRs and Issues that we should discuss at a Model Signing SIG Meeting label Mar 30, 2026
@Hayden-IO
Copy link
Copy Markdown
Collaborator

Hayden-IO commented Mar 31, 2026

This is a necessary feature to be able to support private deployments, so I'm supportive of it.

I don't love add model_signing trust-instance, but I'm not sure another way around it that wouldn't involve downloading and using Cosgin. Though, you could also say that sign is sufficient to cache the trust root, it's just the first time you call it, it does an extra call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

discusion pending Label for PRs and Issues that we should discuss at a Model Signing SIG Meeting

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add --instance flag for TUF-based trust bootstrapping as alternative to --trust-config

3 participants

@SequeI @mihaimaruseac @Hayden-IO