sigstore-rs
sigstore-rs copied to clipboard
An experimental Rust crate for sigstore
> Potential segfault in `localtime_r` invocations | Details | | | ------------------- | ---------------------------------------------- | | Package | `chrono` | | Version | `0.4.19` | | URL | [https://github.com/chronotope/chrono/issues/499](https://github.com/chronotope/chrono/issues/499) |...
Signed-off-by: Avery Blanchard #### Summary This addresses issue #109. These changes add a TreeSize alias (i64) for Rekor. @lkatalin #### Release Note #### Documentation
The `LogEntry.body` for example should not just be a String, but a typed struct where you can access subfields and extract data.
**Description** The Fulcio V1 API will be turned down in the coming months. https://github.com/sigstore/sigstore-rs/blob/main/src/fulcio/mod.rs#L20 will need to be updated to https://github.com/sigstore/fulcio/blob/main/fulcio.proto#L65. Fulcio V2 supports either gRPC or HTTP.
**Description** Like the counterpart in `sigstore/cosign`, implement OCI container image signing.
cargo vet from mozilla allows us to benefit from crate audits performed by other communities such as mozilla, bytecodealliance etc. This PR sets a baseline which will pass. If we...
**Description** In the next root-signing, we'll be migrating targets for `fulcio` under a `fulcio` subdirectory, and `rekor` under a `rekor` subdirectory (and keeping old targets for compatibility before we remove...
Current implementation of the OIDC flows requires blocking tasks. This is limiting when applications are otherwise using `awc` which leads to using `actix_rt` for async executors. Providing `async_http_client` variants for...
Find examples of `unwrap()` and replace with more descriptive error handling.
The README specifies that we can: - [x] Verify using a given key - [ ] Verify bundle produced by transparency log (Rekor) - [ ] Verify signature produced in...