Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for verifying digests to CLI verify commands #1125

Merged
merged 3 commits into from
Sep 17, 2024
Merged

Add support for verifying digests to CLI verify commands #1125

merged 3 commits into from
Sep 17, 2024

Conversation

facutuesca
Copy link
Contributor

Summary

This PR changes the sigstore verify CLI command so that it accepts digests as inputs (in addition to files).
Concretely:

# Before
sigstore verify identity ..... path/to/artifact.zip  # can only verify an artifact

# After
sigstore verify identity ..... path/to/artifact.zip  # can verify an artifact
sigstore verify identity ... --bundle b.sigstore.json sha256:aaabbbb.....  # can also verify an artifact's digest

This is useful in scenarios where the user doesn't want/need to download the artifact, but has access to its digest.

Related to sigstore/sigstore-conformance#157

Release Note

  • CLI: The sigstore verify command now supports verifying digests. This means
    that the user can now pass a digest like sha256:aaaa.... instead of the
    path to an artifact, and sigstore-python will verify it as if it was the
    artifact with that digest.

Documentation

Example added to the README

cc @woodruffw

woodruffw
woodruffw reviewed Sep 16, 2024
View reviewed changes
sigstore/hashes.py
Comment on lines +59 to +63
def __str__(self) -> str:
"""
Returns a str representation of this `Hashed`.
"""
return f"{self.algorithm.name}:{self.digest.hex()}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small unit test for this, please 🙂

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, see last commit

woodruffw
woodruffw previously approved these changes Sep 16, 2024
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice work @facutuesca! One small request for a unit test.

@woodruffw
Copy link
Member

/gcbrun

di
di reviewed Sep 16, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
di
di reviewed Sep 16, 2024
View reviewed changes
sigstore/_cli.py Show resolved Hide resolved
@di
Copy link
Member

di commented Sep 16, 2024

/gcbrun

@facutuesca
Add unit tests for Hashed
bbdbbb8 
Signed-off-by: Facundo Tuesca <[email protected]>
@jku
Copy link
Member

jku commented Sep 17, 2024

/gcbrun

@woodruffw
Copy link
Member

/gcbrun

@woodruffw woodruffw enabled auto-merge (squash) September 17, 2024 08:37
@woodruffw woodruffw merged commit eea7315 into sigstore:main Sep 17, 2024
25 checks passed
@woodruffw woodruffw deleted the verify-digest branch September 17, 2024 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di left review comments

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@facutuesca @woodruffw @di @jku