Noticed the rekorV2 tests are wishy washy

Noticed the rekorV2 tests are wishy washy

If you mean that the signing tests using staging rekor2 fail with 50x errors more often then is reasonable: yes this seems to be the case. I'm following up in sigstore/rekor-tiles repo

sizeable new main commit; rebased pr

/gcbrun

Thanks @SequeI!

Exposing this as public makes sense to me. Two thoughts:

• What do you think about exposing this via sigstore.models instead? I've tried to centralize more of our data models there, especially when shared between signing and verification. The upside is fewer top-level modules in the sigstore.* namespace; the downside is that module gets chunkier.
• Is there anything else that we should expose from sigstore._internal.trust? I can't think of anything else off the top of my head, but I figure you'd have a better sense as a downstream user.

@SequeI Could you avoid force-pushing unless absolutely necessary? It causes a notification to me (and presumably anything one else subscribed on the PR) each time you do 🙂

(It's okay to have a non-clean history on this PR -- we'll clean it up with the actual merge.)

@woodruffw Apologies! Won't do that anymore

Would it make sense to have a new public module (trust like previously) and just expose trustedRoot and SigningConfig alongside ClientTrustConfig due to it's dependence on it? Putting it into models creates a lot of circular import errors with rekor and rekorv2 unfortunately

Putting it into models creates a lot of circular import errors with rekor and rekorv2 unfortunately

Hmm, could you paste those? I think we'd ideally eliminate those potential circularities are part of v4 anyways; they should all be refactorable.

Sure :

    from sigstore._internal.rekor.client import RekorClient
../../.local/lib/python3.13/site-packages/sigstore/_internal/rekor/client.py:41: in <module>
    from sigstore.models import TransparencyLogEntry
../../.local/lib/python3.13/site-packages/sigstore/models.py:65: in <module>
    from sigstore._internal.trust import SigningConfig, TrustedRoot
../../.local/lib/python3.13/site-packages/sigstore/_internal/trust.py:43: in <module>
    from sigstore._internal.rekor.client_v2 import RekorV2Client
../../.local/lib/python3.13/site-packages/sigstore/_internal/rekor/client_v2.py:41: in <module>
    from sigstore.models import TransparencyLogEntry
E   ImportError: cannot import name 'TransparencyLogEntry' from partially initialized module 'sigstore.models' (most likely due to a circular import) (/home/.local/lib/python3.13/site-packages/sigstore/models.py)

test/unit/conftest.py:40: in <module>
    from sigstore._internal.rekor.client import RekorClient
../../.local/lib/python3.13/site-packages/sigstore/_internal/rekor/client.py:41: in <module>
    from sigstore.models import TransparencyLogEntry
../../.local/lib/python3.13/site-packages/sigstore/models.py:65: in <module>
    from sigstore._internal.trust import SigningConfig, TrustedRoot
../../.local/lib/python3.13/site-packages/sigstore/_internal/trust.py:44: in <module>
    from sigstore._internal.rekor.client import RekorClient
E   ImportError: cannot import name 'RekorClient' from partially initialized module 'sigstore._internal.rekor.client' (most likely due to a circular import) (/home/.local/lib/python3.13/site-packages/sigstore/_internal/rekor/client.py)

I wasn't sure if this would be in the scope of the PR, or if I should fix this etc, but I'll fix these in this case

I wasn't sure if this would be in the scope of the PR, or if I should fix this etc, but I'll fix these in this case

Thank you! Yes, I'd consider it in scope, and I appreciate you fixing them 🙂

Resolved; I had thought it would be much more involved but was just a small issue with RekorV1/V2 placement