sigstore-rs
sigstore-rs copied to clipboard
sigstore
An experimental Rust crate for sigstore
The current example [reports that it may return an error](https://github.com/sigstore/sigstore-rs/blob/main/examples/rekor/create_log_entry/main.rs#L41-L66). We should change the example to (by default) create fresh entry data (this requires either a new test file or...
**Description** [Key-based verification](https://github.com/sigstore/sigstore-rs/tree/main/examples/verify#key-based-verification) [uses the TUF root](https://sigstore.slack.com/archives/C022FBCBPTJ/p1661334809609759?thread_ts=1660856477.593179&cid=C022FBCBPTJ) and therefore requires knowing the location of the Rekor pub key and Fulcio cert files (these are generated with `cosign init` and live...
It would be helpful to have more explanation on: - downloading cosign separately from this repo - possibly, how to use the example with some other signed container of choice...
From @lukehinds Currently sigstore-rs verifies a cosign signature stashed in an OCI registy, but we might also want to attest blobs locally (exist in rekor and signed with an ODIC...
It would be helpful for someone running the example to know: - what to do with the access token after receiving it - should it be placed in a file...
As per cosign and the sigstore-python library, implement ambient credential detection. https://github.com/sigstore/sigstore-python/issues/31 https://dlorenc.medium.com/a-bit-of-ambiance-comes-to-sigstore-f80d1d6b1c30
We should introduce some level of integration / e2e testing.
**Description** Hi! First big thanks to @flavio for leading so much here :) Is the intent of this crate to allow online verification with Rekor as well? Without a rust...
The error message returned when an OCI artifact doesn't have a sigstore manifest should be improved. # How to reproduce Attempt the verification of a container image that has not...
> Potential segfault in the time crate | Details | | | ------------------- | ---------------------------------------------- | | Package | `time` | | Version | `0.1.43` | | URL | [https://github.com/time-rs/time/issues/293](https://github.com/time-rs/time/issues/293)...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}