@@ -299,29 +299,45 @@ func ClientFromRemote(_ context.Context, mirror string, rootJSON []byte, targets
299299}
300300
301301var (
302- once sync.Once
303- trustedRoot * root.TrustedRoot
302+ mu sync.RWMutex
304303 singletonRootError error
304+ timestamp time.Time
305+ trustedRoot * root.TrustedRoot
305306)
306307
307308// GetTrustedRoot returns the trusted root for the TUF repository.
308309func GetTrustedRoot () (* root.TrustedRoot , error ) {
309- once .Do (func () {
310+ now := time .Now ().UTC ()
311+ // check if timestamp has never been or if the current time is more
312+ // than 24 hours after the current value of timestamp
313+ if timestamp .IsZero () || now .After (timestamp .Add (24 * time .Hour )) {
314+ mu .Lock ()
315+ defer mu .Unlock ()
316+
310317 tufClient , err := tuf .NewFromEnv (context .Background ())
311318 if err != nil {
312319 singletonRootError = fmt .Errorf ("initializing tuf: %w" , err )
313- return
320+ return nil , singletonRootError
314321 }
315322 // TODO: add support for custom trusted root path
316323 targetBytes , err := tufClient .GetTarget ("trusted_root.json" )
317324 if err != nil {
318325 singletonRootError = fmt .Errorf ("error getting targets: %w" , err )
319- return
326+ return nil , singletonRootError
320327 }
321- trustedRoot , singletonRootError = root .NewTrustedRootFromJSON (targetBytes )
322- })
323- if singletonRootError != nil {
324- return nil , singletonRootError
328+ trustedRoot , err := root .NewTrustedRootFromJSON (targetBytes )
329+ if err != nil {
330+ singletonRootError = fmt .Errorf ("error creating trusted root: %w" , err )
331+ return nil , singletonRootError
332+ }
333+
334+ timestamp = now
335+
336+ return trustedRoot , nil
325337 }
338+
339+ mu .RLock ()
340+ defer mu .RUnlock ()
341+
326342 return trustedRoot , nil
327343}
0 commit comments