From a86b7cbe7767cb1d180b35824574da3a3cd42d59 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 13 May 2024 07:26:08 -0400
Subject: [PATCH] _cli: emit .sigstore.json by default (#1007)

* _cli: emit .sigstore.json by default

Closes #814.

Signed-off-by: William Woodruff <william@trailofbits.com>

* CHANGELOG: record changes

Signed-off-by: William Woodruff <william@trailofbits.com>

* README: update `--help`

Signed-off-by: William Woodruff <william@trailofbits.com>

---------

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 CHANGELOG.md     | 4 ++++
 README.md        | 4 ++--
 sigstore/_cli.py | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c90f3352..5c0cd62b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,6 +58,10 @@ All versions prior to 0.9.0 are untracked.
 * **BREAKING API CHANGE**: `Verifier.verify(...)` now takes a `sigstore.models.Bundle`,
   instead of a `VerificationMaterials` ([#937](https://github.com/sigstore/sigstore-python/pull/937))
 
+* **BREAKING CLI CHANGE**: `sigstore sign` now emits `{input}.sigstore.json`
+  by default instead of `{input}.sigstore`, per the client specification
+  ([#1007](https://github.com/sigstore/sigstore-python/pull/1007))
+
 * sigstore-python now requires inclusion proofs in all signing and verification
   flows, regardless of bundle version of input types. Inputs that do not
   have an inclusion proof (such as detached materials) cause an online lookup
diff --git a/README.md b/README.md
index b6b71ca2..8f115fda 100644
--- a/README.md
+++ b/README.md
@@ -162,8 +162,8 @@ OpenID Connect options:
                         False)
 
 Output options:
-  --no-default-files    Don't emit the default output files ({input}.sigstore)
-                        (default: False)
+  --no-default-files    Don't emit the default output files
+                        ({input}.sigstore.json) (default: False)
   --signature FILE, --output-signature FILE
                         Write a single signature to the given file; does not
                         work with multiple input files (default: None)
diff --git a/sigstore/_cli.py b/sigstore/_cli.py
index 1835bc29..ebb2c348 100644
--- a/sigstore/_cli.py
+++ b/sigstore/_cli.py
@@ -283,7 +283,7 @@ def _parser() -> argparse.ArgumentParser:
         "--no-default-files",
         action="store_true",
         default=_boolify_env("SIGSTORE_NO_DEFAULT_FILES"),
-        help="Don't emit the default output files ({input}.sigstore)",
+        help="Don't emit the default output files ({input}.sigstore.json)",
     )
     output_options.add_argument(
         "--signature",
@@ -559,7 +559,7 @@ def _sign(args: argparse.Namespace) -> None:
         output_dir.mkdir(parents=True, exist_ok=True)
 
         if not bundle and not args.no_default_files:
-            bundle = output_dir / f"{file.name}.sigstore"
+            bundle = output_dir / f"{file.name}.sigstore.json"
 
         if not args.overwrite:
             extants = []