Skip to content

Commit

Permalink
Drop conditional when verifying entry checkpoint (#1917)
Browse files Browse the repository at this point in the history
The log has been returning checkpoints for over a year now.
Additionally, there should be no persisted bundles where the inclusion
proof does not include a checkpoint, because it was marked as a required
field from its inception.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
  • Loading branch information
haydentherapper authored Dec 19, 2023
1 parent 9b0805b commit fe04993
Showing 1 changed file with 3 additions and 7 deletions.
10 changes: 3 additions & 7 deletions pkg/verify/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -220,13 +220,9 @@ func VerifyLogEntry(ctx context.Context, e *models.LogEntryAnon, verifier signat
return err
}

// TODO: Add support for verifying consistency against an optional provided checkpoint.
// See https://github.com/sigstore/rekor/issues/988
// TODO: Remove conditional once checkpoint is always returned by server.
if e.Verification.InclusionProof.Checkpoint != nil {
if err := VerifyCheckpointSignature(e, verifier); err != nil {
return err
}
// Verify checkpoint, which includes a signed root hash.
if err := VerifyCheckpointSignature(e, verifier); err != nil {
return err
}

// Verify the Signed Entry Timestamp.
Expand Down

0 comments on commit fe04993

Please sign in to comment.