sign: init #310
Merged
sign: init #310
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jleightcap
force-pushed
the
jl/sign
branch
6 times, most recently
from
001a365
to
de3f146
Compare
woodruffw
reviewed
Nov 16, 2023
woodruffw
reviewed
Nov 16, 2023
jleightcap
commented
Nov 16, 2023
jleightcap
commented
Nov 16, 2023
Comment on lines
+268
to
+274
| // TODO(tnytown): Implement SCT extraction. | ||
| // see: https://github.com/RustCrypto/formats/pull/1134 | ||
| if sct_embedded { | ||
| debug!("PrecertificateSignedCertificateTimestamps isn't implemented yet in x509_cert."); | ||
| } else { | ||
| // No embedded SCT, Fulcio instance that provides detached SCT: | ||
| if let SigningCertificate::SignedCertificateDetachedSct(_sct) = response {} | ||
| }; |
There was a problem hiding this comment.
Detached SCT verification is currently blocked by the linked issue. @tnytown mentioned having the availability to push that issue forward (CC @woodruffw)
There was a problem hiding this comment.
Assume you meant embedded SCT verification, since that's the missing branch here 🙂
But yeah, we should get that in; xref RustCrypto/formats#1134
jleightcap
commented
Nov 16, 2023
jleightcap
commented
Nov 16, 2023
tnytown
force-pushed
the
jl/sign
branch
2 times, most recently
from
04ed874
to
207b1c6
Compare
woodruffw
reviewed
Nov 17, 2023
flavio
reviewed
Nov 27, 2023
woodruffw
reviewed
Nov 28, 2023
tnytown
force-pushed
the
jl/sign
branch
2 times, most recently
from
4d4c060
to
ac2a88a
Compare
tnytown
reviewed
Nov 29, 2023
|
I've done a quick pass on this, and it LGTM overall -- thanks @jleightcap and @tnytown! @flavio Is there anything else we can or should do here? I see #310 (comment) as one (small) outstanding thing, but there might be others I've missed 🙂 |
Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com> Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com> Co-authored-by: Jack Leightcap <jack.leightcap@trailofbits.com>
Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>
Signed-off-by: Andrew Pan <3821575+tnytown@users.noreply.github.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Co-authored-by: Flavio Castelli <flavio@castelli.me> Signed-off-by: Andrew Pan <3821575+tnytown@users.noreply.github.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
Signed-off-by: Andrew Pan <andrew.pan@trailofbits.com>
This was referenced Dec 6, 2023
Merged
flavio
reviewed
Dec 13, 2023
Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>
tnytown
reviewed
Dec 13, 2023
Co-authored-by: Andrew Pan <3821575+tnytown@users.noreply.github.com> Signed-off-by: Jack Leightcap <30168080+jleightcap@users.noreply.github.com>
flavio
approved these changes
Dec 21, 2023
|
@woodruffw merged! thanks to all the people involved ❤️ |
flavio
added a commit
to flavio/sigstore-rs
that referenced
this pull request
Mar 27, 2024
== What's Changed * sign: init by @jleightcap in sigstore#310 * cargo audit: ignore RUSTSEC-2023-0071 by @jleightcap in sigstore#321 * chore(deps): Update json-syntax requirement from 0.9.6 to 0.10.0 by @dependabot in sigstore#319 * chore(deps): Update cached requirement from 0.46.0 to 0.47.0 by @dependabot in sigstore#323 * chore(deps): Update serial_test requirement from 2.0.0 to 3.0.0 by @dependabot in sigstore#322 * dep: update rustls-webpki, fold in pki_types by @jleightcap in sigstore#324 * chore(deps): Update cached requirement from 0.47.0 to 0.48.0 by @dependabot in sigstore#325 * chore(deps): Update json-syntax requirement from 0.10.0 to 0.11.1 by @dependabot in sigstore#327 * chore(deps): Update cached requirement from 0.48.0 to 0.49.2 by @dependabot in sigstore#329 * chore(deps): Update json-syntax requirement from 0.11.1 to 0.12.2 by @dependabot in sigstore#330 * lint: fix lint error of chrono and tokio by @Xynnn007 in sigstore#334 * chore(deps): Update base64 requirement from 0.21.0 to 0.22.0 by @dependabot in sigstore#332 * The `Repository` trait and `ManualRepository` struct no longer require a feature flag by @tannaurus in sigstore#331 * chore(deps): Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in sigstore#336 * chore(deps): Update reqwest requirement from 0.11 to 0.12 by @dependabot in sigstore#341 * update tough dep by @astoycos in sigstore#340 == New Contributors * @tannaurus made their first contribution in sigstore#331 * @astoycos made their first contribution in sigstore#340 **Full Changelog**: sigstore/sigstore-rs@v0.8.0...v0.9.0 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add ability to sign artifacts à la sigstore-python, towards Bundle signing and verification.
Follow-up from #305, and the prerequisite motivation to #311.
Release Note
Expose added
bundleandsignmodules. No breaking changes to existing modules.Documentation