Failed to fetch https://tuf-repo-cdn.sigstore.dev/13.root.json

[kravciak]

In airgap environments policy-server starts with following message:

2025-08-25T09:00:43.880862Z  WARN policy_server: Cannot create Sigstore trust root, verification relying on Rekor and Fulcio will fail e=Failed to fetch https://tuf-repo-cdn.sigstore.dev/13.root.json: Transport 'other' error fetching 'https://tuf-repo-cdn.sigstore.dev/13.root.json': error sending request for url (https://tuf-repo-cdn.sigstore.dev/13.root.json)

Caused by:
    0: Transport 'other' error fetching 'https://tuf-repo-cdn.sigstore.dev/13.root.json': error sending request for url (https://tuf-repo-cdn.sigstore.dev/13.root.json)
    1: error sending request for url (https://tuf-repo-cdn.sigstore.dev/13.root.json)
    2: client error (Connect)
    3: dns error
    4: failed to lookup address information: Try again
2025-08-25T09:00:43.881580Z  WARN policy_evaluator::callback_handler::sigstore_verification: Sigstore Verifier created without Fulcio data: keyless signatures are going to be discarded because they cannot be verified
2025-08-25T09:00:43.881591Z  WARN policy_evaluator::callback_handler::sigstore_verification: Sigstore Verifier created without Rekor data: transparency log data won't be used
2025-08-25T09:00:43.881597Z  WARN policy_evaluator::callback_handler::sigstore_verification: Sigstore capabilities are going to be limited
2025-08-25T09:00:43.881604Z  INFO sigstore::cosign::client_builder: Rekor public key not provided. Rekor integration disabled
2025-08-25T09:00:43.881609Z  INFO sigstore::cosign::client_builder: No Fulcio cert has been provided. Fulcio integration disabled

Could you confirm this is expected and does not affect functionality?

[viccuad]

Could you confirm this is expected and does not affect functionality?

This is expected, as the policy-server doesn't have the Sigstore's trust root, since it cannot indeed connect out of the airgap.
Though only policies that make use of Sigstore-based host calls will fail, the rest will be fine.

It should be possible to obtain this trust root JSON file from kwctl or another policy-server, and mount the file in the path of --sigstore-cache-dir (default ./sigstore-data). But this is undocumented. We should document this for the Airgap case.

We should open a new card to

1. Investigate the best approach to backup these Sigstore trust root certs.

• Is it under ~/.cache/kubewarden when using kwctl, or we only use the embedded Sigstore certs inside kwctl?
• What happens with a:

$ kwctl scaffold verification-config > default-verification-config.yml
$ kwctl verify registry://ghcr.io/kubewarden/policies/verify-image-signatures:v1.0.3 --verification-config-path default-verification-config.yml
2025-08-25T12:42:44.697776Z  INFO kwctl::verify: Policy successfully verified    

2. Once we know, add a new optional section under https://docs.kubewarden.io/howtos/airgap/install that documents how to obtain these Sigstore certs, and mount them into the PolicyServer Deployments.

[flavio]

We decided that we need to get rid of the stack trace that is printed at the beginning of the warning message. This is misleading and can cause confusion.

There's also little value in providing a way to import the TUF of sigstore's into an airgapped environment. The sigstore client won't be able to reach out to the transparency log service given it's hosted inside of the public cloud, hence not reachable from the airgap env.

When running inside of an airgap enviroment, the users can still perform verification based on gpg keys/certifcates. We also expect them to perform verification prior, for example using hauler to import the images and policies from the non-airgapped environment into the airgapped one.