Skip to content

v1.2.0

Choose a tag to compare

View all tags
@sigstore-bot sigstore-bot released this 27 Mar 22:52
· 1041 commits to main since this release
v1.2.0
This tag was signed with the committer’s verified signature.
Hayden-IO Hayden
SSH Key Fingerprint: jzX0b3tCjduspDDUI0+hECHgZQGwB+Mmm4vFFsg3mDY
Verified
Learn about vigilant mode.
8e222e9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

v1.2.0

Fulcio 1.2.0 adds support for additional extensions in certificates issued for
CI platforms, starting with GitHub Actions.

Deprecation warning: OIDs 1.3.6.1.4.1.57264.1.1 through 1.3.6.1.4.1.57264.1.6 have been deprecated,
but are still present in the issued certificates. The new extensions 1.3.6.1.4.1.57264.1.8
through 1.3.6.1.4.1.57264.1.21 are correctly formatted as DER-encoded strings.

Enhancements

  • Implement standardized CI extensions for GitHub (#1073)
  • Allow specifying ChallengeClaim for an Issuer in the Fulcio config (#1007)
  • Support custom OIDC issuers
    • Begin implementing Issuer interface for email and github identities (#1005)
    • Implement Issuer interface for spiffe and kubernetes types (#1033)
    • Implement Issuer interface for username and uri Issuer types (#1035)
    • implement Issuer interface for buildkite (#1037)
    • Create BaseIssuer type to implement Match for all Issuers (#1039)
    • Use Issuer interface to allow for custom issuers (#1008)

Bug Fixes

  • Don't add nil issuers to issuer pool (#1053)

Documentation

  • Standardizing Fulcio Certificate Extensions (#945)
  • Add documentation for adding a new OIDC issuer (#1042)
  • Update TUF instructions in README (#1079)

Contributors

  • Carlos Tadeu Panato Junior
  • Hayden B
  • Philip Harrison
  • priyawadhwa

Full Changelog: v1.1.0...v1.2.0

Assets 31
Loading