Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: sign --output-certificate and verify --cert #1095

Merged
merged 3 commits into from
Dec 2, 2021
Merged

feat: sign --output-certificate and verify --cert #1095

merged 3 commits into from
Dec 2, 2021

Conversation

caarlos0
Copy link
Contributor

@caarlos0 caarlos0 commented Nov 22, 2021
edited
Loading

Summary

sign-blob got a --output-certificate flag, so I thought it would be cool to do the same for sign.

Not sure if this makes sense, and this PR is very WIP just to see if it would work, but, if we decide to get this merged, it seems that we also need a --cert on the verify command.

Happy to hear your thoughts on this.

Ticket Link

n/a

Release Note

added --output-certificate to sign and --cert to verify

@caarlos0 caarlos0 marked this pull request as draft November 22, 2021 17:37
@dlorenc
Copy link
Member

dlorenc commented Nov 22, 2021

Not sure if this makes sense, and this PR is very WIP just to see if it would work, but, if we decide to get this merged, it seems that we also need a --cert on the verify command.

Happy to hear your thoughts on this.

I think it's slightly less useful, but don't see an issue with it. Supporting --cert on verify is almost more compelling for orgs that sign with their own PKI - and it also motivates adding this to sign over here.

Go for it!

@caarlos0 caarlos0 changed the title feat: --output-certificate on sign feat: sign --output-certificate and verify --cert Nov 29, 2021
@caarlos0
Copy link
Contributor Author

I believe its a bit better now... not sure if we want to add the base64 thing to sign as well, as its not an option there today.

on that note: I wonder if its worth having it on other commands as well, and why is it the default... seems easy enough to base64 foo > bar if needed... but I'm probably just not aware of some usecase 🤔

@dlorenc
Copy link
Member

dlorenc commented Nov 29, 2021

Looks like you missed a change in the e2e tests, otherwise this looks pretty close.

@caarlos0 caarlos0 marked this pull request as ready for review November 30, 2021 01:16
@mattmoor mattmoor requested a review from dekkagaijin November 30, 2021 01:25
caarlos0 and others added 3 commits November 29, 2021 22:25
@caarlos0 @mattmoor
feat: sign --output-certificate and verify --cert
a3772a2 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
Co-authored-by: Matt Moore <mattomata@gmail.com>
@caarlos0
Merge remote-tracking branch 'upstream/main' into output-cert-sign
ba0748d 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
@caarlos0
fix: merge conflict
53646d7 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
developer-guy
developer-guy approved these changes Dec 2, 2021
View reviewed changes
Copy link
Member

@developer-guy developer-guy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dlorenc dlorenc merged commit 9076d71 into sigstore:main Dec 2, 2021
@github-actions github-actions bot added this to the v1.4.0 milestone Dec 2, 2021
@caarlos0 caarlos0 deleted the output-cert-sign branch December 2, 2021 14:19
@dekkagaijin dekkagaijin mentioned this pull request Dec 6, 2021
Merged
@caarlos0 caarlos0 mentioned this pull request Dec 7, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor left review comments

@developer-guy developer-guy developer-guy approved these changes

@dekkagaijin dekkagaijin Awaiting requested review from dekkagaijin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.4.0
Development

Successfully merging this pull request may close these issues.
4 participants
@caarlos0 @dlorenc @mattmoor @developer-guy