Skip to content

Commit

Permalink
Update TSA config names to match cosign. (#198)
Browse files Browse the repository at this point in the history 
TIMESTAMP_URL  -> TIMESTAMP_SERVER_URL
TIMESTAMP_CERT -> TIMESTAMP_CERT_CHAIN

Signed-off-by: Billy Lynch <billy@chainguard.dev>

Signed-off-by: Billy Lynch <billy@chainguard.dev>
  • Loading branch information
@wlynch
wlynch committed Nov 30, 2022
1 parent 5bb2d9b commit 4db581a
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 28 deletions.
48 changes: 24 additions & 24 deletions README.md
View file
Expand Up @@ -62,33 +62,33 @@ $ git config --local gitsign.fulcio https://fulcio.example.com

The following config options are supported:

| Option | Default | Description |
| ------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| fulcio | https://fulcio.sigstore.dev | Address of Fulcio server |
| logPath | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| clientID | sigstore | OIDC client ID for application |
| issuer | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| redirectURL | | OIDC Redirect URL |
| rekor | https://rekor.sigstore.dev | Address of Rekor server |
| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |
| timestampURL | | Address of timestamping authority. If set, a trusted timestamp will be included in the signature. |
| timestampCert | | Path to PEM encoded certificate for RFC3161 Timestamp Authority verification. |
| Option | Default | Description |
| ------------------ | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| fulcio | https://fulcio.sigstore.dev | Address of Fulcio server |
| logPath | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| clientID | sigstore | OIDC client ID for application |
| issuer | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| redirectURL | | OIDC Redirect URL |
| rekor | https://rekor.sigstore.dev | Address of Rekor server |
| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |
| timestampServerURL | | Address of timestamping authority. If set, a trusted timestamp will be included in the signature. |
| timestampCertChain | | Path to PEM encoded certificate chain for RFC3161 Timestamp Authority verification. |

### Environment Variables

| Environment Variable | Sigstore<br>Prefix | Default | Description |
| ------------------------- | ------------------ | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| GITSIGN_CREDENTIAL_CACHE || | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
| GITSIGN_CONNECTOR_ID || | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |
| GITSIGN_FULCIO_URL || https://fulcio.sigstore.dev | Address of Fulcio server |
| GITSIGN_LOG || | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| GITSIGN_OIDC_CLIENT_ID || sigstore | OIDC client ID for application |
| GITSIGN_OIDC_ISSUER || https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| GITSIGN_OIDC_REDIRECT_URL || | OIDC Redirect URL |
| GITSIGN_REKOR_URL || https://rekor.sigstore.dev | Address of Rekor server |
| GITSIGN_TIMESTAMP_URL || | Address of timestamping authority. If set, a trusted timestamp will be included in the signature. |
| GITSIGN_TIMESTAMP_CERT || | Path to PEM encoded certificate for RFC3161 Timestamp Authority verification. |
| GITSIGN_FULCIO_ROOT || | Path to PEM encoded certificate for Fulcio CA (additional alias: SIGSTORE_ROOT_FILE) |
| Environment Variable | Sigstore<br>Prefix | Default | Description |
| ---------------------------- | ------------------ | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| GITSIGN_CREDENTIAL_CACHE || | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
| GITSIGN_CONNECTOR_ID || | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:<br>- `https://github.com/login/oauth`<br>- `https://accounts.google.com`<br>- `https://login.microsoftonline.com` |
| GITSIGN_FULCIO_URL || https://fulcio.sigstore.dev | Address of Fulcio server |
| GITSIGN_LOG || | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
| GITSIGN_OIDC_CLIENT_ID || sigstore | OIDC client ID for application |
| GITSIGN_OIDC_ISSUER || https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| GITSIGN_OIDC_REDIRECT_URL || | OIDC Redirect URL |
| GITSIGN_REKOR_URL || https://rekor.sigstore.dev | Address of Rekor server |
| GITSIGN_TIMESTAMP_SERVER_URL || | Address of timestamping authority. If set, a trusted timestamp will be included in the signature. |
| GITSIGN_TIMESTAMP_CERT_CHAIN || | Path to PEM encoded certificate chain for RFC3161 Timestamp Authority verification. |
| GITSIGN_FULCIO_ROOT || | Path to PEM encoded certificate for Fulcio CA (additional alias: SIGSTORE_ROOT_FILE) |

For environment variables that support `Sigstore Prefix`, the values may be
provided with either a `GITSIGN_` or `SIGSTORE_` prefix - e.g.
Expand Down
8 changes: 4 additions & 4 deletions internal/config/config.go
View file
Expand Up @@ -97,8 +97,8 @@ func Get() (*Config, error) {
out.RedirectURL = envOrValue(fmt.Sprintf("%s_OIDC_REDIRECT_URL", prefix), out.RedirectURL)
out.Issuer = envOrValue(fmt.Sprintf("%s_OIDC_ISSUER", prefix), out.Issuer)
out.ConnectorID = envOrValue(fmt.Sprintf("%s_CONNECTOR_ID", prefix), out.ConnectorID)
out.TimestampURL = envOrValue(fmt.Sprintf("%s_TIMESTAMP_URL", prefix), out.TimestampURL)
out.TimestampCert = envOrValue(fmt.Sprintf("%s_TIMESTAMP_CERT", prefix), out.TimestampCert)
out.TimestampURL = envOrValue(fmt.Sprintf("%s_TIMESTAMP_SERVER_URL", prefix), out.TimestampURL)
out.TimestampCert = envOrValue(fmt.Sprintf("%s_TIMESTAMP_CERT_CHAIN", prefix), out.TimestampCert)
}

out.LogPath = envOrValue("GITSIGN_LOG", out.LogPath)
Expand Down Expand Up @@ -163,9 +163,9 @@ func applyGitOptions(out *Config, cfg map[string]string) {
out.LogPath = v
case strings.EqualFold(k, "gitsign.connectorID"):
out.ConnectorID = v
case strings.EqualFold(k, "gitsign.timestampURL"):
case strings.EqualFold(k, "gitsign.timestampServerURL"):
out.TimestampURL = v
case strings.EqualFold(k, "gitsign.timestampCert"):
case strings.EqualFold(k, "gitsign.timestampCertChain"):
out.TimestampCert = v
}
}
Expand Down

0 comments on commit 4db581a

Please sign in to comment.