Add a log message if user doesn't provide --trusted-root

So the user knows that we're assuming the public good instance and fetching the trusted root via TUF. Signed-off-by: Zach Steindler <[email protected]>
sigstore · Nov 11, 2024 · 4414cc8 · 4414cc8
1 parent ad5bc3b
commit 4414cc8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/cmd/cosign/cli/verify/verify_bundle.go b/cmd/cosign/cli/verify/verify_bundle.go
@@ -39,6 +39,7 @@ import (
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
 
+	"github.com/sigstore/cosign/v2/internal/ui"
 	"github.com/sigstore/cosign/v2/pkg/cosign"
 	"github.com/sigstore/cosign/v2/pkg/cosign/pivkey"
 	sigs "github.com/sigstore/cosign/v2/pkg/signature"
@@ -62,6 +63,7 @@ func verifyNewBundle(ctx context.Context, bundlePath, trustedRootPath, keyRef, s
 	var trustedroot *root.TrustedRoot
 
 	if trustedRootPath == "" {
+		ui.Infof(ctx, "no --trusted-root specified; fetching public good instance verification material via TUF")
 		// Assume we're using public good instance; fetch via TUF
 		trustedroot, err = root.FetchTrustedRoot()
 		if err != nil {