Installation of Policy Controller v1.1.2 fails with the following error message:
panic: Failed to initialize TUF client from : updating local metadata and targets: error updating to TUF remote mirror: tuf: invalid key
Policy Controller tries to initialize TUF keys during installation. The initialization fails because of a breaking change in go-tuf when using the Official Sigstore TUF root. See go-tuf in GitHub.
Policy Controller v1.1.3 contains a fix with the updated go-tuf.
One workaround is to exclude Policy Controller during installation. Another workaround is to use a self-deployed Sigstore Stack.
Option 1: Exclude the Policy Controller package in all profile installations by adding Policy Controller to the
excluded_packages list in
profile: PROFILE-VALUE excluded_packages: - policy.apps.tanzu.vmware.com
Option 2: Install Sigstore Stack and use the generated TUF system as the mirror and root of Policy Controller. For more information, see Install Sigstore Stack.