@@ -293,29 +293,45 @@ func ClientFromRemote(_ context.Context, mirror string, rootJSON []byte, targets
293293}
294294
295295var (
296- once sync.Once
297- trustedRoot * root.TrustedRoot
296+ mu sync.RWMutex
298297 singletonRootError error
298+ timestamp time.Time
299+ trustedRoot * root.TrustedRoot
299300)
300301
301302// GetTrustedRoot returns the trusted root for the TUF repository.
302303func GetTrustedRoot () (* root.TrustedRoot , error ) {
303- once .Do (func () {
304+ now := time .Now ().UTC ()
305+ // check if timestamp has never been or if the current time is more
306+ // than 24 hours after the current value of timestamp
307+ if timestamp .IsZero () || now .After (timestamp .Add (24 * time .Hour )) {
308+ mu .Lock ()
309+ defer mu .Unlock ()
310+
304311 tufClient , err := tuf .NewFromEnv (context .Background ())
305312 if err != nil {
306313 singletonRootError = fmt .Errorf ("initializing tuf: %w" , err )
307- return
314+ return nil , singletonRootError
308315 }
309316 // TODO: add support for custom trusted root path
310317 targetBytes , err := tufClient .GetTarget ("trusted_root.json" )
311318 if err != nil {
312319 singletonRootError = fmt .Errorf ("error getting targets: %w" , err )
313- return
320+ return nil , singletonRootError
314321 }
315- trustedRoot , singletonRootError = root .NewTrustedRootFromJSON (targetBytes )
316- })
317- if singletonRootError != nil {
318- return nil , singletonRootError
322+ trustedRoot , err := root .NewTrustedRootFromJSON (targetBytes )
323+ if err != nil {
324+ singletonRootError = fmt .Errorf ("error creating trusted root: %w" , err )
325+ return nil , singletonRootError
326+ }
327+
328+ timestamp = now
329+
330+ return trustedRoot , nil
319331 }
332+
333+ mu .RLock ()
334+ defer mu .RUnlock ()
335+
320336 return trustedRoot , nil
321337}
0 commit comments