Error: Failed to verify targets during signing + verifying

[SequeI]

Description

We have a recurrent failure in our sign/verify workflow. It appears to be a client-side TUF issue; our use of the sigstore-python client seems to be exposing an incompatibility with the current TUF repository metadata, similar to issues I have seen opened previously on this repo. Something expired perhaps? This is blocking full successful signing and verifying without errors.

❯ hatch run python -m model_signing sign test.json
Key a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70 failed to verify targets
Waiting for browser interaction...
Opening in existing browser session.
Signing succeeded

❯ hatch run python -m model_signing verify sigstore --identity <>@redhat.com --identity_provider https://accounts.google.com --signature model.sig bert-base-uncased
Key a687e5bf4fab82b0ee58d46e05c9535145a2c9afb458f43d42b45ca0fdce2a70 failed to verify targets
Verification succeeded

Version

Built from source, main branch - latest