Description
Currently, using a private Sigstore instance requires manually constructing and providing a full ClientTrustConfig JSON file via --trust-config. This is cumbersome and error-prone.
sigstore-python 4.2 supports resolving trust configuration automatically from a TUF repository URL via ClientTrustConfig.from_tuf().
This should be exposed in model-signing as:
- A trust-instance CLI command to bootstrap trust from a root.json (one-time setup)
- An --instance flag on sign and verify to use the bootstrapped instance by URL
Description
Currently, using a private Sigstore instance requires manually constructing and providing a full ClientTrustConfig JSON file via --trust-config. This is cumbersome and error-prone.
sigstore-python 4.2 supports resolving trust configuration automatically from a TUF repository URL via ClientTrustConfig.from_tuf().
This should be exposed in model-signing as: