A tool for signing Python package distributions

These details have not been verified by PyPI

Project links

Reason this release was yanked:

Missing submodules

Project description

sigstore-python

⚠️ This project is not ready for general-purpose use! ⚠️

sigstore is a tool for signing and verifying Python package distributions.

Features

Support for signing Python package distributions using an OpenID Connect identity
Support for publishing signatures to a Rekor instance
Support for verifying signatures on Python package distributions

Installation

sigstore requires Python 3.7 or newer, and can be installed directly via pip:

python -m pip install sigstore

Usage

You can run sigstore as a standalone program, or via python -m:

sigstore --help
python -m sigstore --help

Top-level:

Usage: sigstore [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  sign
  verify

Signing:

Usage: sigstore sign [OPTIONS] FILE [FILE ...]

Options:
  --identity-token TOKEN          the OIDC identity token to use
  --ctfe FILENAME                 A PEM-encoded public key for the CT log
  --oidc-client-id ID             The custom OpenID Connect client ID to use
  --oidc-client-secret SECRET     The custom OpenID Connect client secret to
                                  use
  --oidc-issuer URL               The custom OpenID Connect issuer to use
  --oidc-disable-ambient-providers
                                  Disable ambient OIDC detection (e.g. on
                                  GitHub Actions)
  --help                          Show this message and exit.

Verifying

Usage: sigstore verify [OPTIONS] FILE [FILE ...]

Options:
  --cert FILENAME       [required]
  --signature FILENAME  [required]
  --cert-email TEXT
  --help                Show this message and exit.

Licensing

sigstore is licensed under the Apache 2.0 License.

Contributing

See the contributing docs for details.

Code of Conduct

Everyone interacting with this project is expected to follow the sigstore Code of Conduct.

Security

Should you discover any security issues, please refer to sigstore's security process.

Info

sigstore-python is developed as part of the sigstore project.

We also use a slack channel! Click here for the invite link.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

3.5.1

Oct 25, 2024

3.5.0

Oct 24, 2024

3.4.0

Oct 10, 2024

3.3.0

Sep 18, 2024

3.2.0

Aug 19, 2024

3.1.0

Jul 31, 2024

3.0.0

May 16, 2024

3.0.0rc2 pre-release

May 7, 2024

3.0.0rc1 pre-release

May 2, 2024

2.1.5

Apr 8, 2024

2.1.3

Mar 19, 2024

2.1.2

Feb 4, 2024

2.1.0

Dec 13, 2023

2.0.1

Oct 17, 2023

2.0.0

Sep 28, 2023

2.0.0rc3 pre-release

Sep 12, 2023

2.0.0rc2 pre-release

Jul 21, 2023

2.0.0rc1 pre-release

Jun 23, 2023

1.1.2

Apr 22, 2023

1.1.2rc1 pre-release

Mar 15, 2023

1.1.1

Mar 6, 2023

1.1.1rc1 pre-release

Mar 6, 2023

1.1.0

Jan 31, 2023

1.0.0

Jan 13, 2023

1.0.0rc1 pre-release

Jan 12, 2023

0.10.0

Jan 9, 2023

0.9.0

Dec 22, 2022

0.8.3

Nov 23, 2022

0.7.0

Nov 4, 2022

0.6.8

Oct 24, 2022

0.6.7

Oct 11, 2022

0.6.6

Oct 5, 2022

0.6.5

Sep 15, 2022

0.6.4

Sep 8, 2022

0.6.3

Aug 1, 2022

0.6.2

Jun 21, 2022

0.6.1

Jun 10, 2022

0.5.1

Jun 6, 2022

0.5.1rc2 pre-release

Jun 4, 2022

0.5.1rc1 pre-release

Jun 4, 2022

0.5.0

Jun 3, 2022

0.4.2 yanked

May 17, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.4.1 yanked

May 11, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

This version

0.4.0 yanked

May 10, 2022

Reason this release was yanked:

Missing submodules

0.3.1 yanked

May 2, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.2.0 yanked

Apr 30, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.1.0 yanked

Apr 29, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.0.1rc3 pre-release yanked

Apr 28, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.0.1rc2 pre-release yanked

Apr 28, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.0.1rc1 pre-release yanked

Apr 28, 2022

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sigstore-0.4.0.tar.gz (19.9 kB view details)

Uploaded May 10, 2022 Source

Built Distribution

sigstore-0.4.0-py3-none-any.whl (21.4 kB view details)

Uploaded May 10, 2022 Python 3

File details

Details for the file sigstore-0.4.0.tar.gz.

File metadata

Download URL: sigstore-0.4.0.tar.gz
Upload date: May 10, 2022
Size: 19.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for sigstore-0.4.0.tar.gz
Algorithm	Hash digest
SHA256	`abf9712f7427be13db16e86247c8cf2bd10680e4eaa6ac9ead57327c5a7f0a23`
MD5	`c4323176aa37ce752e7406fea90fb38d`
BLAKE2b-256	`6ae8df37f5a2a42bd67884ad2b00b8e923a78089ee0f13f6ea2d1b61a79e4be1`

See more details on using hashes here.

Provenance

File details

Details for the file sigstore-0.4.0-py3-none-any.whl.

File metadata

Download URL: sigstore-0.4.0-py3-none-any.whl
Upload date: May 10, 2022
Size: 21.4 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for sigstore-0.4.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`9ef28c5d8edb03c4c60e860523854e9cd375dbe173b1ac893301e1460fafab16`
MD5	`3daa17742889ca992f959f3ac42311c1`
BLAKE2b-256	`e952b41e65609b6875b442edd40afe6bc9c49d264f7cc75e61d6446c49ba9702`