Release 1.7 (#4099)

* cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove TUF initialization from main (#4098) Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2024-12-15 17:51:20 +00:00 · 2022-06-10 02:40:47 -07:00 · 2022-06-10 02:40:47 -07:00 · 5baa956e11
commit 5baa956e11
parent 6589fd2137
3 changed files with 3 additions and 21 deletions
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -379,11 +379,6 @@ func main() {
 		os.Exit(1)
 	}

-	if err := cosign.Init(); err != nil {
-		setupLog.Error(err, "initialization failed")
-		os.Exit(1)
-	}
-
 	// WEBHOOK
 	// - https server to provide endpoints called based on rules defined in Mutating & Validation webhook configuration
 	// - reports the results based on the response from the policy engine:
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@ -183,6 +183,9 @@ func buildCosignOptions(opts Options) (*cosign.CheckOpts, error) {
 			// if key, cert, and roots are not provided, default to Fulcio roots
 			if cosignOpts.RootCerts == nil {
 				cosignOpts.RootCerts = fulcio.GetRoots()
+				if cosignOpts.RootCerts == nil {
+					return nil, fmt.Errorf("failed to initialize roots")
+				}
 			}
 		}
 	}
--- a/pkg/cosign/init.go
+++ b/pkg/cosign/init.go
@ -1,16 +0,0 @@
-package cosign
-
-import (
-	"fmt"
-
-	"github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
-)
-
-func Init() error {
-	certs := fulcio.GetRoots()
-	if certs == nil {
-		return fmt.Errorf("failed to initialize Fulcio roots")
-	}
-
-	return nil
-}