From d1d76983debd4374a6bc81915dbb419b8c6ee48c Mon Sep 17 00:00:00 2001
From: Radoslav Dimitrov <radoslav@stacklok.com>
Date: Wed, 17 Jan 2024 03:48:26 +0200
Subject: [PATCH 1/2] Switch to offline Sigstore verification

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
---
 internal/verifier/sigstore/sigstore.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/verifier/sigstore/sigstore.go b/internal/verifier/sigstore/sigstore.go
index 12b25c5964..c7a1734bb8 100644
--- a/internal/verifier/sigstore/sigstore.go
+++ b/internal/verifier/sigstore/sigstore.go
@@ -49,7 +49,7 @@ func New(trustedRoot, accessToken, cacheDir string) (*Sigstore, error) {
 		return nil, err
 	}
 	sev, err := verify.NewSignedEntityVerifier(trustedMaterial, verify.WithSignedCertificateTimestamps(1),
-		verify.WithTransparencyLog(1), verify.WithOnlineVerification(), verify.WithObserverTimestamps(1))
+		verify.WithTransparencyLog(1), verify.WithObserverTimestamps(1))
 	if err != nil {
 		return nil, err
 	}

From c00233d84aa9d361f2b360c363e12f5b1af15109 Mon Sep 17 00:00:00 2001
From: Radoslav Dimitrov <radoslav@stacklok.com>
Date: Wed, 17 Jan 2024 03:50:37 +0200
Subject: [PATCH 2/2] Set TimestampVerificationData to nil since it's fetched
 from the SET

Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
---
 internal/verifier/sigstore/container/container.go | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/internal/verifier/sigstore/container/container.go b/internal/verifier/sigstore/container/container.go
index 788f35eda5..ac1d5def3d 100644
--- a/internal/verifier/sigstore/container/container.go
+++ b/internal/verifier/sigstore/container/container.go
@@ -253,15 +253,9 @@ func getBundleVerificationMaterial(params *verifyResult, manifestLayer *v1.Descr
 	}
 	// 3. Construct the verification material
 	return &protobundle.VerificationMaterial{
-		Content:     signingCert,
-		TlogEntries: tlogEntries,
-		TimestampVerificationData: &protobundle.TimestampVerificationData{
-			Rfc3161Timestamps: []*protocommon.RFC3161SignedTimestamp{
-				{
-					SignedTimestamp: tlogEntries[0].InclusionPromise.SignedEntryTimestamp,
-				},
-			},
-		},
+		Content:                   signingCert,
+		TlogEntries:               tlogEntries,
+		TimestampVerificationData: nil,
 	}, nil
 }