remove tuf helpers from client package (#683)

Signed-off-by: Brian DeHamer <bdehamer@github.com>
sigstore · Aug 15, 2023 · 4455f7f · 4455f7f
1 parent e36bbfa
commit 4455f7f
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 110 deletions.
diff --git a/.changeset/happy-turkeys-guess.md b/.changeset/happy-turkeys-guess.md
@@ -0,0 +1,5 @@
+---
+'sigstore': major
+---
+
+Remove TUF helper functions (please use `@sigstore/tuf` package instead)
diff --git a/packages/client/README.md b/packages/client/README.md
@@ -195,37 +195,6 @@ Verifies the signature in the supplied bundle.
   * `keySelector` `<Function>`: Callback invoked to retrieve the public key (as either `string` or `Buffer`) necessary to verify the bundle signature. Not used when the signature was generated from a Fulcio-issued signing certificate.
     * `hint` `<String>`: The hint from the bundle used to identify the the signing key.
 
-### tuf
-
-The `tuf` object contains utility function for working with the Sigstore TUF repository.
-
-#### client([options])
-
-Returns a TUF client which can be used to retrieve targets from the Sigstore TUF repository.
-
-* `options` `<Object>`
-  * `tufMirrorURL` `<string>`: Base URL for the Sigstore TUF repository. Defaults to `'https://tuf-repo-cdn.sigstore.dev'`
-  * `tufRootPath` `<string>`: Path to the initial trusted root for the TUF repository. Defaults to the embedded root.
-  * `tufCachePath` `<string>`: Absolute path to the directory to be used for caching downloaded TUF metadata and targets. Defaults to a directory named "sigstore-js" within the platform-specific application data directory.
-
-The returned object exposes a `getTarget(path)` function which returns the
-contents of the target at the specified path in the Sigstore TUF repository.
-
-#### getTarget(path[, options]) (deprecated)
-
-Returns the contents of the target at the specified path in the Sigstore TUF repository.
-This method has been deprecated and will be removed in the next major version.
-You should use the TUF `client` function to retrieve a stateful TUF client and
-then call `getTarget` against that object. This will avoid re-initializing the
-internal TUF state between requests.
-
-* `path` `<string>`: The [path-relative-url string](https://url.spec.whatwg.org/#path-relative-url-string) that uniquely identifies the target within the Sigstore TUF repository.
-* `options` `<Object>`
-  * `tufMirrorURL` `<string>`: Base URL for the Sigstore TUF repository. Defaults to `'https://tuf-repo-cdn.sigstore.dev'`
-  * `tufRootPath` `<string>`: Path to the initial trusted root for the TUF repository. Defaults to the embedded root.
-  * `tufCachePath` `<string>`: Absolute path to the directory to be used for caching downloaded TUF metadata and targets. Defaults to a directory named "sigstore-js" within the platform-specific application data directory.
-
-
 ### utils
 
 The `utils` object contains a few internal utility functions. These are exposed

diff --git a/packages/client/src/__tests__/index.test.ts b/packages/client/src/__tests__/index.test.ts
@@ -56,12 +56,6 @@ describe('sigstore', () => {
     expect(sigstore.utils.createRekorEntry).toBeInstanceOf(Function);
   });
 
-  it('exports TUF helpers', () => {
-    expect(sigstore.tuf).toBeDefined();
-    expect(sigstore.tuf.getTarget).toBeInstanceOf(Function);
-    expect(sigstore.tuf.client).toBeInstanceOf(Function);
-  });
-
   it('exports errors', () => {
     expect(sigstore.InternalError).toBeInstanceOf(Object);
     expect(sigstore.PolicyError).toBeInstanceOf(Object);

diff --git a/packages/client/src/__tests__/sigstore.test.ts b/packages/client/src/__tests__/sigstore.test.ts
@@ -17,16 +17,15 @@ limitations under the License.
 import type { SerializedBundle } from '@sigstore/bundle';
 import { mockFulcio, mockRekor, mockTSA } from '@sigstore/mock';
 import { TrustedRoot } from '@sigstore/protobuf-specs';
-import { TUFError } from '@sigstore/tuf';
 import { fromPartial } from '@total-typescript/shoehorn';
 import mocktuf, { Target } from '@tufjs/repo-mock';
 import { PolicyError, VerificationError } from '../error';
-import { attest, createVerifier, sign, tuf, verify } from '../sigstore';
+import { attest, createVerifier, sign, verify } from '../sigstore';
 import bundles from './__fixtures__/bundles/v01';
 import bundlesV02 from './__fixtures__/bundles/v02';
 import { trustedRoot } from './__fixtures__/trust';
 
-import type { SignOptions, TUFOptions, VerifyOptions } from '../config';
+import type { SignOptions, VerifyOptions } from '../config';
 
 const fulcioURL = 'https://fulcio.example.com';
 const rekorURL = 'https://rekor.example.com';
@@ -297,41 +296,3 @@ describe('#createVerifier', () => {
     });
   });
 });
-
-describe('tuf', () => {
-  let tufRepo: ReturnType<typeof mocktuf> | undefined;
-  let options: TUFOptions | undefined;
-
-  const target: Target = {
-    name: 'foo',
-    content: 'bar',
-  };
-
-  beforeEach(() => {
-    tufRepo = mocktuf(target, { metadataPathPrefix: '' });
-    options = {
-      tufMirrorURL: tufRepo.baseURL,
-      tufCachePath: tufRepo.cachePath,
-    };
-  });
-
-  afterEach(() => tufRepo?.teardown());
-
-  describe('getTarget', () => {
-    describe('when the target exists', () => {
-      it('returns the target', async () => {
-        const result = await tuf.getTarget(target.name, options);
-        expect(result).toEqual(target.content);
-      });
-    });
-
-    describe('when the target does NOT exist', () => {
-      it('throws an error', async () => {
-        await expect(tuf.getTarget('baz', options)).rejects.toThrowWithCode(
-          TUFError,
-          'TUF_FIND_TARGET_ERROR'
-        );
-      });
-    });
-  });
-});
diff --git a/packages/client/src/sigstore.ts b/packages/client/src/sigstore.ts
@@ -85,45 +85,13 @@ export async function createVerifier(
   };
 }
 
-const tufUtils = {
-  client: (options: config.TUFOptions = {}): Promise<tuf.TUF> => {
-    return tuf.initTUF({
-      mirrorURL: options.tufMirrorURL,
-      rootPath: options.tufRootPath,
-      cachePath: options.tufCachePath,
-      retry: options.retry,
-      timeout: options.timeout,
-    });
-  },
-
-  /*
-   * @deprecated Use tufUtils.client instead.
-   */
-  getTarget: (
-    path: string,
-    options: config.TUFOptions = {}
-  ): Promise<string> => {
-    return tuf
-      .initTUF({
-        mirrorURL: options.tufMirrorURL,
-        rootPath: options.tufRootPath,
-        cachePath: options.tufCachePath,
-        retry: options.retry,
-        timeout: options.timeout,
-      })
-      .then((t) => t.getTarget(path));
-  },
-};
-
 export { ValidationError } from '@sigstore/bundle';
 export type {
   SerializedBundle as Bundle,
   SerializedEnvelope as Envelope,
 } from '@sigstore/bundle';
-export type { TUF } from '@sigstore/tuf';
 export type { SignOptions, VerifyOptions } from './config';
 export { InternalError, PolicyError, VerificationError } from './error';
 export * as utils from './sigstore-utils';
-export { tufUtils as tuf };
 export const DEFAULT_FULCIO_URL = config.DEFAULT_FULCIO_URL;
 export const DEFAULT_REKOR_URL = config.DEFAULT_REKOR_URL;