Merge pull request cli#11511 from cli/eugene/trusted_root_flag_for_release_verify

ejahnGithub · web-flow · commit 5ae174b6b368 · 2025-08-15T16:58:19.000-04:00
Hidden trusted root flag for release verify
diff --git a/pkg/cmd/release/shared/attestation.go b/pkg/cmd/release/shared/attestation.go
@@ -25,9 +25,10 @@ type Verifier interface {
 }
 
 type AttestationVerifier struct {
-	AttClient  api.Client
-	HttpClient *http.Client
-	IO         *iostreams.IOStreams
+	AttClient   api.Client
+	HttpClient  *http.Client
+	IO          *iostreams.IOStreams
+	TrustedRoot string
 }
 
 func (v *AttestationVerifier) VerifyAttestation(art *artifact.DigestedArtifact, att *api.Attestation) (*verification.AttestationProcessingResult, error) {
@@ -41,6 +42,7 @@ func (v *AttestationVerifier) VerifyAttestation(art *artifact.DigestedArtifact,
 		Logger:       att_io.NewHandler(v.IO),
 		NoPublicGood: true,
 		TrustDomain:  td,
+		TrustedRoot:  v.TrustedRoot,
 	})
 	if err != nil {
 		return nil, err
diff --git a/pkg/cmd/release/verify-asset/verify_asset.go b/pkg/cmd/release/verify-asset/verify_asset.go
@@ -24,6 +24,7 @@ type VerifyAssetOptions struct {
 	BaseRepo      ghrepo.Interface
 	Exporter      cmdutil.Exporter
 	AssetFilePath string
+	TrustedRoot   string
 }
 
 type VerifyAssetConfig struct {
@@ -93,9 +94,10 @@ func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*VerifyAssetConfig) error)
 			attClient := api.NewLiveClient(httpClient, baseRepo.RepoHost(), att_io.NewHandler(io))
 
 			attVerifier := &shared.AttestationVerifier{
-				AttClient:  attClient,
-				HttpClient: httpClient,
-				IO:         io,
+				AttClient:   attClient,
+				HttpClient:  httpClient,
+				IO:          io,
+				TrustedRoot: opts.TrustedRoot,
 			}
 
 			config := &VerifyAssetConfig{
@@ -114,6 +116,8 @@ func NewCmdVerifyAsset(f *cmdutil.Factory, runF func(*VerifyAssetConfig) error)
 		},
 	}
 	cmdutil.AddFormatFlags(cmd, &opts.Exporter)
+	cmd.Flags().StringVarP(&opts.TrustedRoot, "custom-trusted-root", "", "", "Path to a trusted_root.jsonl file; likely for offline verification.")
+	cmd.Flags().MarkHidden("custom-trusted-root")
 
 	return cmd
 }
diff --git a/pkg/cmd/release/verify/verify.go b/pkg/cmd/release/verify/verify.go
@@ -23,9 +23,10 @@ import (
 )
 
 type VerifyOptions struct {
-	TagName  string
-	BaseRepo ghrepo.Interface
-	Exporter cmdutil.Exporter
+	TagName     string
+	BaseRepo    ghrepo.Interface
+	Exporter    cmdutil.Exporter
+	TrustedRoot string
 }
 
 type VerifyConfig struct {
@@ -87,9 +88,10 @@ func NewCmdVerify(f *cmdutil.Factory, runF func(config *VerifyConfig) error) *co
 			attClient := api.NewLiveClient(httpClient, baseRepo.RepoHost(), att_io.NewHandler(io))
 
 			attVerifier := &shared.AttestationVerifier{
-				AttClient:  attClient,
-				HttpClient: httpClient,
-				IO:         io,
+				AttClient:   attClient,
+				HttpClient:  httpClient,
+				IO:          io,
+				TrustedRoot: opts.TrustedRoot,
 			}
 
 			config := &VerifyConfig{
@@ -107,6 +109,8 @@ func NewCmdVerify(f *cmdutil.Factory, runF func(config *VerifyConfig) error) *co
 		},
 	}
 	cmdutil.AddFormatFlags(cmd, &opts.Exporter)
+	cmd.Flags().StringVarP(&opts.TrustedRoot, "custom-trusted-root", "", "", "Path to a trusted_root.jsonl file; likely for offline verification.")
+	cmd.Flags().MarkHidden("custom-trusted-root")
 
 	return cmd
 }
