_cli: add warnings when --rekor-bundle is used

Signed-off-by: William Woodruff <[email protected]>
sigstore · Nov 1, 2022 · ea45d3e · ea45d3e
1 parent 592ec32
commit ea45d3e
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/sigstore/_cli.py b/sigstore/_cli.py
@@ -337,6 +337,14 @@ def main() -> None:
 
 
 def _sign(args: argparse.Namespace) -> None:
+    # `--rekor-bundle` is a temporary option, pending stabilization of the
+    # Sigstore bundle format.
+    if args.rekor_bundle:
+        logger.warning(
+            "--rekor-bundle is a temporary format, and will be removed in an "
+            "upcoming release of sigstore-python in favor of Sigstore-style bundles"
+        )
+
     # `--no-default-files` has no effect on `--{signature,certificate,rekor-bundle}`, but we
     # forbid it because it indicates user confusion.
     if args.no_default_files and (
@@ -448,6 +456,14 @@ def _sign(args: argparse.Namespace) -> None:
 
 
 def _verify(args: argparse.Namespace) -> None:
+    # `--rekor-bundle` is a temporary option, pending stabilization of the
+    # Sigstore bundle format.
+    if args.rekor_bundle:
+        logger.warning(
+            "--rekor-bundle is a temporary format, and will be removed in an "
+            "upcoming release of sigstore-python in favor of Sigstore-style bundles"
+        )
+
     # The presence of --rekor-bundle implies --require-rekor-offline.
     args.require_rekor_offline = args.require_rekor_offline or args.rekor_bundle