attest: force https for rekor client (#610)

wlynch · web-flow · commit 9fc97de55fc1 · 2025-01-03T20:00:20.000Z
For some reason this defaults to http, which results in the server
terminating the request (my guess is this was previously redirecting
http-&gt;https before). This changes forces the https scheme (hopefully
this isn't disruptive for non-public good instances, but we can revisit
other changes later if we need to).

Signed-off-by: Billy Lynch &lt;billy@chainguard.dev&gt;
diff --git a/internal/attest/attest.go b/internal/attest/attest.go
@@ -251,6 +251,7 @@ func (a *Attestor) signPayload(ctx context.Context, sha plumbing.Hash, b []byte,
 	tc := &rekorclient.TransportConfig{
 		Host:     rekorHost,
 		BasePath: rekorBasePath,
+		Schemes:  []string{"https"},
 	}
 	rcfg := rekorclient.NewHTTPClientWithConfig(strfmt.Default, tc)
 

Original file line number	Diff line number	Diff line change
`@@ -251,6 +251,7 @@ func (a *Attestor) signPayload(ctx context.Context, sha plumbing.Hash, b []byte,`
`251`	`251`	`tc := &rekorclient.TransportConfig{`
`252`	`252`	`Host: rekorHost,`
`253`	`253`	`BasePath: rekorBasePath,`
	`254`	`+ Schemes: []string{"https"},`
`254`	`255`	`}`
`255`	`256`	`rcfg := rekorclient.NewHTTPClientWithConfig(strfmt.Default, tc)`
`256`	`257`