From 49dfa3f6d530d2e9462edae4b69d59be932e8211 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 20 Mar 2024 15:18:19 -0600 Subject: [PATCH] use CLI cache dir to store tuf metadata Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/verification/tuf.go | 5 +++++ pkg/cmd/attestation/verification/tuf_test.go | 3 +++ 2 files changed, 8 insertions(+) diff --git a/pkg/cmd/attestation/verification/tuf.go b/pkg/cmd/attestation/verification/tuf.go index ad4b43670..b87f466e8 100644 --- a/pkg/cmd/attestation/verification/tuf.go +++ b/pkg/cmd/attestation/verification/tuf.go @@ -3,7 +3,9 @@ package verification import ( _ "embed" "os" + "path/filepath" + "github.com/cli/go-gh/v2/pkg/config" "github.com/sigstore/sigstore-go/pkg/tuf" ) @@ -23,6 +25,9 @@ func DefaultOptionsWithCacheSetting() *tuf.Options { opts.DisableLocalCache = true } + // Set the cache path to a directory owned by the CLI + opts.CachePath = filepath.Join(config.CacheDir(), ".sigstore", "root") + return opts } diff --git a/pkg/cmd/attestation/verification/tuf_test.go b/pkg/cmd/attestation/verification/tuf_test.go index 348f9b222..7d816bf82 100644 --- a/pkg/cmd/attestation/verification/tuf_test.go +++ b/pkg/cmd/attestation/verification/tuf_test.go @@ -2,8 +2,10 @@ package verification import ( "os" + "path/filepath" "testing" + "github.com/cli/go-gh/v2/pkg/config" "github.com/stretchr/testify/require" ) @@ -14,4 +16,5 @@ func TestGitHubTUFOptions(t *testing.T) { require.Equal(t, GitHubTUFMirror, opts.RepositoryBaseURL) require.NotNil(t, opts.Root) require.True(t, opts.DisableLocalCache) + require.Equal(t, filepath.Join(config.CacheDir(), ".sigstore", "root"), opts.CachePath) }