File: disable-kms.patch

package info (click to toggle)

rekor 1.4.0-1

links: PTS, VCS
area: main
in suites: sid
size: 4,564 kB
sloc: sh: 1,639; makefile: 147; sql: 80

file content (46 lines) | stat: -rw-r--r-- 1,724 bytes

From: Simon Josefsson <simon@josefsson.org>
Subject: [PATCH] Disable kms
Forwarded: not-needed
Last-Update: 2025-08-16

diff --git a/pkg/signer/signer.go b/pkg/signer/signer.go
index d7b7762..0f8938d 100644
--- a/pkg/signer/signer.go
+++ b/pkg/signer/signer.go
@@ -20,22 +20,13 @@ import (
 	"context"
 	"crypto"
 	"strings"
-	"time"
 
-	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/kms"
 	"golang.org/x/exp/slices"
 
-	"google.golang.org/api/option"
-	"google.golang.org/grpc"
-
-	"github.com/sigstore/sigstore/pkg/signature/kms/gcp"
-
 	// these are imported to load the providers via init() calls
 	_ "github.com/sigstore/sigstore/pkg/signature/kms/aws"
-	_ "github.com/sigstore/sigstore/pkg/signature/kms/azure"
-	_ "github.com/sigstore/sigstore/pkg/signature/kms/hashivault"
 )
 
 // SigningConfig initializes the signer for a specific shard
@@ -59,12 +50,7 @@ func New(ctx context.Context, signer, pass, tinkKEKURI, tinkKeysetPath string, g
 		func(s string) bool {
 			return strings.HasPrefix(signer, s)
 		}):
-		opts := make([]signature.RPCOption, 0)
-		if strings.HasPrefix(signer, gcp.ReferenceScheme) {
-			callOpts := []grpc_retry.CallOption{grpc_retry.WithMax(gcpkmsretries), grpc_retry.WithPerRetryTimeout(time.Duration(gcpkmstimeout) * time.Second)}
-			opts = append(opts, gcp.WithGoogleAPIClientOption(option.WithGRPCDialOption(grpc.WithUnaryInterceptor(grpc_retry.UnaryClientInterceptor(callOpts...)))))
-		}
-		return kms.Get(ctx, signer, crypto.SHA256, opts...)
+		return kms.Get(ctx, signer, crypto.SHA256)
 	case signer == MemoryScheme:
 		return NewMemory()
 	case signer == TinkScheme: