From e321ad7d988b7bd32085094688c74be5f4fc8fbf Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 21 May 2026 10:09:06 +0300 Subject: [PATCH] TUF: Update embedded roots * Update sigstore.dev TUF root * Update sigstage.dev TUF root (and trustedroot) Signed-off-by: Jussi Kukkonen --- .../root.json | 8 ++++---- .../trusted_root.json | 14 ++++++++++++++ .../root.json | 14 +++++++------- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/root.json b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/root.json index 0ccb503a7..f68bebe29 100644 --- a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/root.json +++ b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/root.json @@ -2,11 +2,11 @@ "signatures": [ { "keyid": "aa61e09f6af7662ac686cf0c6364079f63d3e7a86836684eeced93eace3acd81", - "sig": "3045022100d404545c87d31829c26820dc963389ef8497dbb1a712e08f5e81ce5a92c3ec600220314d108bc9e827c1a67610d1c90d5fb9a426ccc8bde009fb663c292b1728e6a4" + "sig": "304502201419a6f003291be4cd00c110a00e9d9b152a78181ed3c54edf9d22a79938276f022100f751058c6c3eb6aecf277db367b4858d3612abd1ad96c40fd71ebbd26c944055" }, { "keyid": "61f9609d2655b346fcebccd66b509d5828168d5e447110e261f0bcc8553624bc", - "sig": "304402204cbe823ca173f04c4fd59cb01941efbd9f2b9452f405a3cd1c5bcb7481a818f902201cb4223b74b8e54f5de44936ae3c7adef32959da8d7d9625d23e464263c39e97" + "sig": "3045022007313e0afd5f282a1383a4f8f7a150e266a059420e1036eee222ce0053e36a67022100dfb05a4d1e6be2f43ce30f030783ff7a747cda5d84f341fd03b06dff32fba5bd" }, { "keyid": "9471fbda95411d10109e467ad526082d15f14a38de54ea2ada9687ab39d8e237", @@ -20,7 +20,7 @@ "signed": { "_type": "root", "consistent_snapshot": true, - "expires": "2026-05-22T19:23:14Z", + "expires": "2026-10-16T19:39:43Z", "keys": { "0374a9e18a20a2103736cb4277e2fdd7f8453642c7d9eaf4ad8aee9cf2d47bb5": { "keytype": "ecdsa", @@ -100,7 +100,7 @@ } }, "spec_version": "1.0", - "version": 13, + "version": 14, "x-tuf-on-ci-expiry-period": 182, "x-tuf-on-ci-signing-period": 35 } diff --git a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/trusted_root.json b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/trusted_root.json index 64ae1b314..7cec954d0 100644 --- a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/trusted_root.json +++ b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstage.dev/trusted_root.json @@ -126,6 +126,20 @@ "logId": { "keyId": "KzC83GiIyeLh2CYpXnQfSDkxlgLynDPLXkNA/rKshno=" } + }, + { + "baseUrl": "https://log2026-1.ctfe.sigstage.dev", + "hashAlgorithm":"SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEv8+Fp+klTMlOd0FU+eekotPzlaF9orvv9ZgdLXq5+MmoGThLNigXIapXjW0lujsU6+ZHKZ6UPzSuz+V8YxLoQw==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "2026-01-14T00:00:00Z" + } + }, + "logId": { + "keyId": "PmBxU3RuGJLgkLI2sUl2Jy9ntE1vks5vdxFKtyKgprY=" + } } ], "timestampAuthorities": [ diff --git a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/root.json b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/root.json index 93e19f3a0..55115df10 100644 --- a/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/root.json +++ b/sigstore/_store/https%3A%2F%2Ftuf-repo-cdn.sigstore.dev/root.json @@ -2,29 +2,29 @@ "signatures": [ { "keyid": "e71a54d543835ba86adad9460379c7641fb8726d164ea766801a1c522aba7ea2", - "sig": "3046022100e04c9706299be5d8c2b14fb50bcd5b9c241f10597153dfe22f943efe896b5150022100cfd7b9f06a5900784e312d02b8e336edbb3b2fab61ac14550b3112b4f9e33df4" + "sig": "3045022100ea2f374f409810e2db950749d9cfed09a15b6a5e25f3d5ffd0799459d7bee167022028d3acdde6dbd5034cfad222d31b41090ee21894e2c46cb8974198ab0377db44" }, { "keyid": "22f4caec6d8e6f9555af66b3d4c3cb06a3bb23fdc7e39c916c61f462e6f52b06", - "sig": "" + "sig": "304402207ebb24e3237e470691d7875903a7754d0ef2ae7e7b5024a7888c9a38a52deecd02206ed5ad1c6f4fab46995843ab6b23f9420c5a4cf6ce1cb2cb2a6fc2e87e2ef3e1" }, { "keyid": "61643838125b440b40db6942f5cb5a31c0dc04368316eb2aaa58b95904a58222", - "sig": "3045022100cc308ae7d390fa782ee3376ddfaa929835016e86dad81f69e2de7ec1e174432e02205fb19906a31cce146c29624443c0d0c2f33ee80dac39d72114f939607cc22937" + "sig": "304602210089d9dfd8e106cc958088a4da3c8cf7254ab6f65a9647d37ada730ef4763c5163022100d882ee744615be79861e214e1eeb9e1eddf6a1e203a201b4c5d03f5224d71d16" }, { "keyid": "a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70", - "sig": "304502203f8aff7a30e05a8c3d904b671ab1a6e4e8a6f508b7cfa0c780e72976bee7a227022100f64c9b765526f34d9ea16339cf238893e1c3368b4f0910a61a1af27dda01ebb9" + "sig": "304502210088bd4b88e83f586ce568d27d04214c4ab3fd1894178ef015303d56afa939205302205538ebab93876abb9075ad77114bff28a0d79a7cc229b534a0c5ced5526b48e7" }, { "keyid": "183e64f37670dc13ca0d28995a3053f3740954ddce44321a41e46534cf44e632", - "sig": "304502202363ca249aefa6d5f61c408a32cdd079b034a7888ddf2136dc4515ed4a728418022100b04eca42bc510ccbbf5d30783aaa936b1f137ca7a017ee9d90d3710432da0427" + "sig": "3045022100f35b07e938d4949caf82e69e86cc9db3b69b6dbc6740c1f343d06893f996fbeb022001e847d816259a96a49e42779a2350dab97b71c8ae7e26b2380c6fa7f58131b3" } ], "signed": { "_type": "root", "consistent_snapshot": true, - "expires": "2026-06-22T13:27:01Z", + "expires": "2026-11-20T13:58:18Z", "keys": { "0c87432c3bf09fd99189fdc32fa5eaedf4e4a5fac7bab73fa04a2e0fc64af6f5": { "keyid_hash_algorithms": [ @@ -134,7 +134,7 @@ } }, "spec_version": "1.0", - "version": 14, + "version": 15, "x-tuf-on-ci-expiry-period": 197, "x-tuf-on-ci-signing-period": 46 }