sigstore-rs v0.5.0

Enhancements

• update user-agent value to be specific to sigstore-rs (#122)
• remove /api/v1/version from client by (#121)
• crate async fulcio client (#132)
• Removed ring dependency (#127)

Others

• Update dependencies
• Refactoring and examples for key interface (#123)
• Fix doc test failures (#136)

Contributors

• Bob Callaway (@bobcallaway)
• Bob McWhirter (@bobmcwhirter)
• Flavio Castelli (@flavio)
• Luke Hinds (@lukehinds)
• Xynnn (@Xynnn007)

sigstore-rs v0.4.0

What's Changed

• fix clippy lints by @cpanato in #98
• feat: add signing key module by @Xynnn007 in #87
• feat: add example case and docs for key interface by @Xynnn007 in #99
• add clippy config and ignore derive_partial_eq_without_eq by @cpanato in #102
• Update xsalsa20poly1305 requirement from 0.7.1 to 0.9.0 by @tarcieri in #101
• Integrate Rekor with Sigstore-rs by @jyotsna-penumaka in #88
• Refactor examples to support subfolder execution by @lukehinds in #111
• Add RUSTSEC-2021-0139 to audit.toml by @lukehinds in #112
• Update tough dependency by @flavio in #114
• Update readme to include new features by @lukehinds in #113
• feat: from and to interface for signing and verification keys by @Xynnn007 in #115
• bump crate version by @cpanato in #118

New Contributors

• @Xynnn007 made their first contribution in #87
• @tarcieri made their first contribution in #101
• @jyotsna-penumaka made their first contribution in #88

Full Changelog: v0.3.3...v0.4.0

sigstore-rs v0.3.3

Changes since v0.3.2:

• Ensure certificates using ECDSA keys keep working (bf90807)
• Extend README to cover OIDC usage
• Update dependencies

sigstore-rs v0.3.2

These are the changes since v0.3.1

• fix: add Fulcio intermediate CA certificate to intermediate pool - fixes issue #70
• Update some dependencies to latest stable releases

sigstore-rs v0.3.1

These are the changes since v0.2.0:

• fix: Add a license entry inside of Cargo.toml. This is needed in order to publish the crate on creates.io
• feat: public key verification - handle different kind of algorithms
• fix [break API]: replace the filter_signature_layers function with cosign::filter_constraints
• feat: add new Error type SigstoreVerifyConstraintsError to keep track of the verification constraints that are not satisfied
• feat: rewrite certificate verification code to leverage a CertificatePool. This allows more Fulcio certificates to be added to the pool.
• fix: handle all the Fulcio certificates found inside of the TUF repository of Sigstore
• feat: cosign client - introduce caching option
• feat: add helpers for retrieving a OpenID Connect ID Token and scope from the sigstore project

Full Changelog: v0.3.0...v0.3.1

sigstore-rs v0.3.0

These are the changes since v0.2.0:

• feat: public key verification - handle different kind of algorithms
• fix [break API]: replace the filter_signature_layers function with cosign::filter_constraints
• feat: add new Error type SigstoreVerifyConstraintsError to keep track of the verification constraints that are not satisfied
• feat: rewrite certificate verification code to leverage a CertificatePool. This allows more Fulcio certificates to be added to the pool.
• fix: handle all the Fulcio certificates found inside of the TUF repository of Sigstore
• feat: cosign client - introduce caching option
• feat: add helpers for retrieving a OpenID Connect ID Token and scope from the sigstore project

v0.1.0

What's Changed

• Internal refactoring by @flavio in #5
• Implement verification of cosign bundles - no fulcio integration. Warning: this breaks the old API

Full Changelog: v0.0.1...v0.1.0