Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: deprecate verify --cert #151

Closed
wants to merge 3 commits into from
Closed

cli: deprecate verify --cert #151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
935c677
cli: deprecate `verify --cert`
woodruffw Jul 5, 2022
6bcc694
workflows/release: prefer `--certificate` over `--cert`
woodruffw Jul 5, 2022
9e6e6d0
Merge branch 'main' into ww/verify-cert-deprecate
woodruffw Jul 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ jobs:

./smoketest-env/bin/python -m \
sigstore verify "${dist}" \
--cert "smoketest-artifacts/${dist_base}.crt" \
--certificate "smoketest-artifacts/${dist_base}.crt" \
--signature "smoketest-artifacts/${dist_base}.sig" \
--cert-oidc-issuer https://token.actions.githubusercontent.com \

Expand Down
10 changes: 5 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,9 @@ Verifying:

<!-- @begin-sigstore-verify-help@ -->
```
usage: sigstore verify [-h] [--certificate FILE] [--signature FILE]
[--cert-email EMAIL] [--cert-oidc-issuer URL]
[--rekor-url URL] [--staging]
usage: sigstore verify [-h] [--cert FILE] [--certificate FILE]
[--signature FILE] [--cert-email EMAIL]
[--cert-oidc-issuer URL] [--rekor-url URL] [--staging]
FILE [FILE ...]

positional arguments:
Expand All @@ -135,8 +135,8 @@ options:
-h, --help show this help message and exit

Verification inputs:
--certificate FILE, --cert FILE
The PEM-encoded certificate to verify against; not
--cert FILE A deprecated alias for --certificate (default: None)
--certificate FILE The PEM-encoded certificate to verify against; not
used with multiple inputs (default: None)
--signature FILE The signature to verify against; not used with
multiple inputs (default: None)
Expand Down
20 changes: 19 additions & 1 deletion sigstore/_cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,10 +186,15 @@ def _parser() -> argparse.ArgumentParser:

input_options = verify.add_argument_group("Verification inputs")
input_options.add_argument(
"--certificate",
"--cert",
metavar="FILE",
type=Path,
help="A deprecated alias for --certificate",
)
input_options.add_argument(
"--certificate",
metavar="FILE",
type=Path,
help="The PEM-encoded certificate to verify against; not used with multiple inputs",
)
input_options.add_argument(
Expand Down Expand Up @@ -365,6 +370,19 @@ def _sign(args: argparse.Namespace) -> None:


def _verify(args: argparse.Namespace) -> None:
# Legacy behavior: treat `--cert` as an alias for `--certificate`, but warn
# users that we'll be removing it soon.
if args.cert:
if args.certificate:
args._parser.error(
"--cert and --certificate can't be used at the same time"
)
logger.warning(
"--cert has been replaced with --certificate and will be removed in "
"an upcoming stable release",
)
args.certificate = args.cert

# Fail if `--certificate` or `--signature` is specified and we have more than one input.
if (args.certificate or args.signature) and len(args.files) > 1:
args._parser.error(
Expand Down