Skip to content

Commit f7c2c84

Browse files
committed
_internal/trust: Fix bug in rekor key lookup
Rekor keyring can (and in future will) have multiple keys: logs not only get sharded but once rekor-tiles is integrated in the public good instance, there will be two writable logs for a while. As far as I can tell all calling code is already capable of handling the keyring. Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
1 parent c9c603a commit f7c2c84

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

sigstore/_internal/trust.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -382,8 +382,8 @@ def rekor_keyring(self, purpose: KeyringPurpose) -> RekorKeyring:
382382
"""Return keyring with keys for Rekor."""
383383

384384
keys: list[_PublicKey] = list(self._get_tlog_keys(self._inner.tlogs, purpose))
385-
if len(keys) != 1:
386-
raise MetadataError("Did not find one Rekor key in trusted root")
385+
if len(keys) == 0:
386+
raise MetadataError("Did not find any Rekor keys in trusted root")
387387
return RekorKeyring(Keyring(keys))
388388

389389
def ct_keyring(self, purpose: KeyringPurpose) -> CTKeyring:

0 commit comments

Comments
 (0)