Billy Lynch
Billy Lynch
**Description** Generally tracking issue for removing the dependency on cosign to reduce the dependency sprawl. Ideally all shared code should be moved to `sigstore/sigstore` if possible.
This commit should have no change in existing behavior, but does the following: 1. Pulls the sign/verify commands into its own package that can be invoked directly instead of needing...
# Changes These fields were previously deprecated. This is change is removing the fields. Clients should use UUID instead. Fixes #1070 # Submitter Checklist These are the criteria that every...
## Motivating Use Case Be able to run/test Tekton Trigger configurations ephemerally without needing to apply it permanently to the cluster. e.g. how do I test a change to a...
#### Summary Merge 'cosign/pkg/providers' into sigstore/sigstore. This upstream's cosign's provider packages into `sigstore/sigstore` so that other tools like `gitsign` can use them without needing to depend on cosign. These packages...
This is a pretty large, but overdue version bump of rekor. (also bumps deps of other packages like cosign as a consequence). This mirrors a hack introduced in https://github.com/sigstore/policy-controller/pull/112 to...
**Description** @eddiezane and I stumbled on this today - verify-blob has logic for handling DSSE messages https://github.com/sigstore/cosign/blob/128f8fbd5f1bed0f7f1069d01c7e33cd52f6c381/cmd/cosign/cli/verify/verify_blob.go#L234-L237 but when this is combined with COSIGN_EXPERIMENTAL, it fails: ```sh $ cat test.json.sig...
**Question** I found out recently that the policy-controller has a dependency on cosign in order to use it's Fulcio certificate verification - https://github.com/sigstore/policy-controller/blob/05108e3476df8d9078d7cbc3d181f0060dd23df8/pkg/webhook/validation.go#L111-L116 A good chunk of this appears to...
Adds variadic options (to keep this compatible with existing callers) to CertificateText to allow formatting of custom OIDs. Also adds go module information.
When trying this out against freetsa.org, I got the following error: ``` runtime error: makeslice: cap out of range ``` This seems to stem from the buffer allocation if ContentLength...