Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update SigstoreSigner to sigstore 2.0 #610

Closed
jku opened this issue Jul 24, 2023 · 2 comments
Closed

update SigstoreSigner to sigstore 2.0 #610

jku opened this issue Jul 24, 2023 · 2 comments
Assignees
@jku

Comments

@jku
Copy link
Collaborator

jku commented Jul 24, 2023

There's a 2.0.0rc2 release for sigstore-python: we could update SigstoreSigner to the modified API and test it already
@jku jku mentioned this issue Jul 25, 2023
Closed
@jku jku self-assigned this Aug 29, 2023
@jku
Copy link
Collaborator Author

jku commented Aug 30, 2023
edited
Loading

I've got a branch. The only snag seems to be that the new API for getting the signing identity from sigstore.oidc fails when using ambient identities: in this case the OIDC "identity" is not the same as the signing identity (aka SAN in the signing certificate). I'm still investigating/discussing this...

@lukpueh
Copy link
Member

lukpueh commented Nov 2, 2023

Done as of securesystemslib 0.30.0 #652

@lukpueh lukpueh closed this as completed Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jku jku

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jku @lukpueh