From c6822599cdadb9a0e90a4a5fe54d1585c25303c8 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Thu, 2 May 2024 10:40:40 +0200 Subject: [PATCH 1/2] Release 1.0.0 Signed-off-by: Lukas Puehringer --- CHANGELOG.md | 33 +++++++++++++++++++++++++++++++++ securesystemslib/__init__.py | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab825141..10763e9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,38 @@ # Changelog +## securesystemslib v1.0.0 + +### Added +* Signer: add public_key attribute to interface (#756) +* CryptoSigner: support ecdsa keytype that is no longer in spec (#711) +* CryptoSigner: add private_bytes property (#799) +* CryptoSigner: add `"file2"` signer uri (#759) +* test: use localstack to test AWSSigner (#777) + +### Removed +* CryptoSigner: remove `"file"` signer uri (#759) +* migration script for legacy keys (#770) +* `SSlibSigner` class and `*_securesystemslib_key` methods (#771) +* legacy key `key*`, `interface`, `util` and `schema` modules (#772, #773, #776) +* unused functions in `hash`, and `formats` module (#774, #776) +* unused global key constants (#806) + +### Changed +* SSlibKey: strengthen input validation (#780, #795) +* AWSSigner: support default scheme and add stronger input validation (#724, #778) +* dsse: change Envelope.signatures type to dict (#743) +* vendor: update ed25519 copy (#793) +* docs: improve user and contributor docs (#744, #745, #746, #749, #759, #796) +* test: improve and temporarily disable SigstoreSigner test (#779, #785) +* ci: use dependabot groups, update weekly (#735) +* ci: test macOS and Windows on latest Python only (#797) +* Make securessystemslib.gpg internal (#792) + +### Fixed +* Fix check-upstream-ed25519 workflow permission (#706) +* SSlibKey: fix default scheme and test for ecdsa nistp384 key (#763 #794) + + ## securesystemslib v0.31.0 ### Added diff --git a/securesystemslib/__init__.py b/securesystemslib/__init__.py index 61744dab..83a55f37 100755 --- a/securesystemslib/__init__.py +++ b/securesystemslib/__init__.py @@ -1,7 +1,7 @@ # pylint: disable=missing-module-docstring import logging -__version__ = "0.31.0" +__version__ = "1.0.0" # Configure a basic 'securesystemslib' top-level logger with a StreamHandler # (print to console) and the WARNING log level (print messages of type From fe34baceeac69db207cb41634f86a1a8cf35852e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20P=C3=BChringer?= Date: Thu, 2 May 2024 12:31:24 +0200 Subject: [PATCH 2/2] Update v1.0.0 entry in CHANGELOG * Add Jussi's opener paragraph for 1.0.0 * Include just merged VaultSigner Co-authored-by: Jussi Kukkonen Signed-off-by: Lukas Puehringer --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 10763e9c..4c601f0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,15 @@ ## securesystemslib v1.0.0 +Securesystemslib API is now considered stable. The core functionality is +provided in the _Signer_ interface and the half a dozen integrated _Signer_ +implementations that can be found in the `signer` module. Smaller helper +modules `dsse`, `formats`, `hash` and `storage` are also part of the API. +Several legacy modules have been removed. + ### Added * Signer: add public_key attribute to interface (#756) +* VaultSigner: Signer implementation for HashiCorp Vault (#800) * CryptoSigner: support ecdsa keytype that is no longer in spec (#711) * CryptoSigner: add private_bytes property (#799) * CryptoSigner: add `"file2"` signer uri (#759)