Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor verification to use consistent verification options. #55

Merged
merged 1 commit into from Jun 2, 2022
Merged

Refactor verification to use consistent verification options. #55

merged 1 commit into from Jun 2, 2022

Conversation

wlynch
Copy link
Member

@wlynch wlynch commented Jun 2, 2022
edited

Summary

  • Fixes attached signature verification to respect the same options as
    detached signatures.
  • Adds tests for attached signature verification.
  • Exports useful functions to allow other libraries to validate commits.
  • Adds package documentation for what should go into git vs signature
    packages (because if I was getting getting tripped up, other people
    will too).
  • Removed found signature / found tlog entry claims - I'm not sure how
    useful these are on their own, and my gut instinct is the yes / no for
    the validation is probably sufficient.
  • Changes smimesign output in verification info to gitsign.

Signed-off-by: Billy Lynch billy@chainguard.dev

Ticket Link

Fixes #52

Release Note

Fixed attached signature verification.

@wlynch wlynch requested review from imjasonh and nsmith5 June 2, 2022 19:29
@wlynch
Refactor verification to use consistent verification options.
536737d 
- Fixes attached signature verification to respect the same options as
  detached signatures.
- Adds tests for attached signature verification.
- Exports useful functions to allow other libraries to validate commits.
- Adds package documentation for what should go into git vs signature
  packages (because if I was getting getting tripped up, other people
  will too).
- Removed found signature / found tlog entry claims - I'm not sure how
  useful these are on their own, and my gut instinct is the yes / no for
  the validation is probably sufficient.
- Changes smimesign output in verification info to gitsign.

Signed-off-by: Billy Lynch <billy@chainguard.dev>
@wlynch wlynch merged commit 9817dc0 into sigstore:main Jun 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imjasonh imjasonh imjasonh approved these changes

@nsmith5 nsmith5 Awaiting requested review from nsmith5

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Refactor attached verification to use same code path as detached
2 participants
@wlynch @imjasonh