Releases · sigstore/sigstore-python · GitHub

04 Jun 18:34

woodruffw

Release 0.5.1rc2 Pre-release

Pre-release

sigstore: 0.5.1rc2

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 8

04 Jun 18:29

woodruffw

Release 0.5.1rc1 Pre-release

Pre-release

workflows/release: put sigs and certs in their own directory

To avoid confusing twine.

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 4

03 Jun 14:26

woodruffw

Release 0.5.0

What's Changed

_internal/fulcio: refactor SCT model by @woodruffw in #94
oidc/ambient: Google: fail softly if the SMBIOS product name doesn't match by @woodruffw in #98
oauth: Fix race in OIDC token retrieval by @tetsuo-cpp in #99
cli: add --output-signature and --output-certificate by @woodruffw in #101
_cli, _sign, _verify, oidc: Add --fulcio-url and --rekor-url by @tetsuo-cpp in #103
_cli: Add --staging convenience flag by @tetsuo-cpp in #104
Support verifying embedded SCTs by @tetsuo-cpp in #84
fulcio, _sign: Request certificates via CSR by @tetsuo-cpp in #80
_verify: Add Fulcio intermediate certificate by @tetsuo-cpp in #110
_cli, _verify: Wrap OpenSSL error with user-friendly text by @tetsuo-cpp in #113
sigstore: 0.5.0 by @woodruffw in #111

Full Changelog: v0.4.2...v0.5.0

Contributors

woodruffw and tetsuo-cpp

Assets 2

17 May 22:48

di

Release 0.4.2

What's Changed

treewide: ratchet down typing, move mypy config to pyproject by @woodruffw in #85
sigstore: fix build by removing version indirection by @woodruffw in #87
bandit: merge config into pyproject by @woodruffw in #86
run through stepsecurity hardener by @wallies in #73
Google Cloud ambient credential detection by @di in #88
oidc/ambient: constrain nosec by @woodruffw in #89
Support Google Cloud impersonation by @di in #91
sigstore, test: more unit tests, rename mods by @woodruffw in #92
Version 0.4.2 by @di in #93

New Contributors

@wallies made their first contribution in #73

Full Changelog: v0.4.1...v0.4.2

Contributors

di, wallies, and woodruffw

Assets 2

11 May 16:54

woodruffw

Release 0.4.1

What's Changed

sigstore, README: add --version flag by @woodruffw in #79
pyproject, sigstore: use flit as our build backend by @woodruffw in #81
workflows/release: smoke-test each distribution by @woodruffw in #83
version: 0.4.1 by @woodruffw in #82

Full Changelog: v0.4.0...v0.4.1

Contributors

woodruffw

Assets 2

10 May 21:07

woodruffw

Release 0.4.0

What's Changed

cli: add a flag for disabling ambient OIDC detection by @woodruffw in #68
build: move almost everything to pyproject.toml by @woodruffw in #70
Support configurable OIDC issuers by @tetsuo-cpp in #62
cli, verify: refactor, add logging by @woodruffw in #71
fulcio, _sign: Request certificates via CSR by @tetsuo-cpp in #74
Revert "fulcio, _sign: Request certificates via CSR (#74)" by @woodruffw in #75
Update gitignore by @di in #76
pyproject: pin pyjwt>=2.1 by @woodruffw in #77
version: 0.4.0 by @woodruffw in #78

Full Changelog: v0.3.1...v0.4.0

Contributors

di, woodruffw, and tetsuo-cpp

Assets 2

02 May 23:09

woodruffw

Release 0.3.1

v0.3.1

version: 0.3.1

Assets 2

02 May 23:05

woodruffw

Release 0.3.0

Publish cert to Rekor instead of pubkey (#66)

* Publish cert to Rekor instead of pubkey

* Remove unused variable

Assets 2

30 Apr 06:17

woodruffw

Release 0.2.0

v0.2.0

version: 0.2.0

Assets 2

29 Apr 22:16

woodruffw

Release 0.1.0

version: 0.1.0

Bump to beta.

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 2