`policy.Options` now contains the arguments to `tuf.Client`'s constructor rather than an actual Client. If these arguments are not provided, defaults pointing at Docker's TUF repo will be used. An actual TUF client can be passed in on the context (which is useful for testing). If this is not provided `attest.Verify` will create a TUF client using the options on `policy.Options`. --------- Co-authored-by: Joel Kamp <joel.kamp@docker.com>
19 lines
637 B
Go
19 lines
637 B
Go
package mirror
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/docker/attest/pkg/tuf"
|
|
)
|
|
|
|
func NewTUFMirror(root []byte, tufPath, metadataURL, targetsURL string, versionChecker tuf.VersionChecker) (*TUFMirror, error) {
|
|
if root == nil {
|
|
root = tuf.DockerTUFRootDefault.Data
|
|
}
|
|
tufClient, err := tuf.NewClient(&tuf.ClientOptions{InitialRoot: root, Path: tufPath, MetadataSource: metadataURL, TargetsSource: targetsURL, VersionChecker: versionChecker})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create TUF client: %w", err)
|
|
}
|
|
return &TUFMirror{TUFClient: tufClient, tufPath: tufPath, metadataURL: metadataURL, targetsURL: targetsURL}, nil
|
|
}
|