Skip to main content

A tool for signing Python package distributions

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

Project description

sigstore-python

CI

⚠️ This project is not ready for general-purpose use! ⚠️

sigstore is a tool for signing and verifying Python package distributions.

Features

  • Support for signing Python package distributions using an OpenID Connect identity
  • Support for publishing signatures to a Rekor instance
  • Support for verifying signatures on Python package distributions

Installation

sigstore requires Python 3.7 or newer, and can be installed directly via pip:

python -m pip install sigstore

Usage

You can run sigstore as a standalone program, or via python -m:

sigstore --help
python -m sigstore --help

Top-level:

Usage: sigstore [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  sign
  verify

Signing:

Usage: sigstore sign [OPTIONS] FILE

Options:
  --identity-token TEXT
  --ctfe FILENAME
  --help                 Show this message and exit.

Verifying

Usage: sigstore verify [OPTIONS] FILE

Options:
  --cert FILENAME       [required]
  --signature FILENAME  [required]
  --cert-email TEXT
  --help                Show this message and exit.

Licensing

sigstore is licensed under the Apache 2.0 License.

Contributing

See the contributing docs for details.

Code of Conduct

Everyone interacting with this project is expected to follow the sigstore Code of Conduct.

Security

Should you discover any security issues, please refer to sigstore's security process.

Info

sigstore-python is developed as part of the sigstore project.

We also use a slack channel! Click here for the invite link.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sigstore-0.0.1rc1.tar.gz (20.4 kB view details)

Uploaded Source

Built Distribution

sigstore-0.0.1rc1-py3-none-any.whl (29.7 kB view details)

Uploaded Python 3

File details

Details for the file sigstore-0.0.1rc1.tar.gz.

File metadata

  • Download URL: sigstore-0.0.1rc1.tar.gz
  • Upload date:
  • Size: 20.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.10.0

File hashes

Hashes for sigstore-0.0.1rc1.tar.gz
Algorithm Hash digest
SHA256 9dd7404877a3daa5f1bc63b690e97e73ddfa522c11e8a54146eb271a2d84f449
MD5 6c6dfa401e965ab408cb642e45685c8c
BLAKE2b-256 5c28ba77a487a94ac4803cfa236c39183fd3bb04cf3799d34517365d9691bcae

See more details on using hashes here.

Provenance

File details

Details for the file sigstore-0.0.1rc1-py3-none-any.whl.

File metadata

  • Download URL: sigstore-0.0.1rc1-py3-none-any.whl
  • Upload date:
  • Size: 29.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.10.0

File hashes

Hashes for sigstore-0.0.1rc1-py3-none-any.whl
Algorithm Hash digest
SHA256 9b632f28e29817fbb3979c3ee32af0ae14821498b49fba57be1ab90d03dac1d4
MD5 888f816efcdfc2c1a3ee0d91b1534402
BLAKE2b-256 7176bf4c288a80d9f62017bafdd26b7ac583013356e8d7be5e018fb4967b9e08

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page