Skip to content

sigstore-rs v0.3.0
Compare
Choose a tag to compare
@flavio flavio released this 25 May 08:55
· 522 commits to main since this release
v0.3.0
e1c0ee2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

These are the changes since v0.2.0:

  • feat: public key verification - handle different kind of algorithms
  • fix [break API]: replace the filter_signature_layers function with cosign::filter_constraints
  • feat: add new Error type SigstoreVerifyConstraintsError to keep track of the verification constraints that are not satisfied
  • feat: rewrite certificate verification code to leverage a CertificatePool. This allows more Fulcio certificates to be added to the pool.
  • fix: handle all the Fulcio certificates found inside of the TUF repository of Sigstore
  • feat: cosign client - introduce caching option
  • feat: add helpers for retrieving a OpenID Connect ID Token and scope from the sigstore project
Assets 2
Loading