Installation of Policy Controller v1.1.2 fails with the following error message:
panic: Failed to initialize TUF client from : updating local metadata and targets:
error updating to TUF remote mirror: tuf: invalid key
Policy Controller tries to initialize TUF keys during installation. The initialization fails because of a breaking change in go-tuf when using the Official Sigstore TUF root. See go-tuf in GitHub.
Policy Controller v1.1.3 contains a fix with the updated go-tuf.
One workaround is to exclude Policy Controller during installation. Another workaround is to use a self-deployed Sigstore Stack.
Option 1: Exclude the Policy Controller package in all profile installations by adding Policy Controller to the excluded_packages list in tap-values.yaml. Example:
profile: PROFILE-VALUE
excluded_packages:
- policy.apps.tanzu.vmware.com
Option 2: Install Sigstore Stack and use the generated TUF system as the mirror and root of Policy Controller. For more information, see Install Sigstore Stack.
