sigstore
sigstore copied to clipboard
sigstore
Common go library shared across sigstore services and clients
swagger is no longer used in `sigstore/sigstore` so just cleaning it up Signed-off-by: Bob Callaway
#### Summary Closes #622 When passing a wrong public key to the verify function, it will return an unfriendly error. Instead we can just let users know they are passing...
**Description** When doing the quickstart, I have mistakenly passed my private key instead of my public key and got a not so friendly error: ``` cosign verify --key=/Users/rkatz/cosign.key rpkatz/test:v1 Error:...
Signed-off-by: Asra Ali #### Summary Starter implementation of a v2 TUF client. With configured TUFOptions to make it easier to use in external clients, and to implement the specification at...
#### Summary - This will enable the desired code coverage to be met for the project - The coverage is set to 70 to start with. This setting is in...
**Description** The auth process in `gitsign` outputs a URL you should be able to open in the browser to get a verification code, but the oauth2 server redirects to localhost...
**Description** Right now the tests don't have coverage metrics reported. It would help when including a new feature to identify the coverage.
**Description** TUF delegations are delegated certain PATHS. in sigstore, we consume targets via custom metadata, not paths. therefore, if we have a delegation, that delegated key can sign off on...
Signed-off-by: Asra Ali #### Summary * Adds a wrapper method to get rekor public keys, to use in cosign I expect that with this method, we can now set sign/verify...
**Description** Some background here: https://github.com/sigstore/scaffolding/issues/211 Currently, when testing with scaffolding, we create some env variables. It would be preferable to remove env variables and to utilize tuf roots as public...
