v3.5.1

Fixed

• Fixed a CLI parsing bug introduced in 3.5.0 when attempting
  to suppress irrelevant warnings
  (#1192)

v3.5.0

Added

• CLI: The sigstore plumbing update-trust-root command has been added.
  Like other plumbing-level commands, this is considered unstable and
  changes are not subject to our semver policy until explicitly noted
  (#1174)

Fixed

• CLI: Fixed an incorrect warning when verifying detached .crt/.sig
  inputs (#1179)

v3.4.0

Changed

• CLI: When verifying, the --offline flag now fully disables all online
  operations, including routine local TUF repository refreshes
  (#1143)

• sigstore-python's minimum supported Python version is now 3.9

Fixed

• CLI: The sigstore verify subcommands now always check for a matching
  input file, rather than unconditionally falling back to matching on a
  valid sha256:... digest pattern
  (#1152)

v3.3.0

Added

• CLI: The sigstore verify command now outputs the inner in-toto statement
  when verifying DSSE envelopes. If verification is successful, the output
  will be the inner in-toto statement. This allows the user to see the
  statement's predicate, which sigstore-python does not verify and should be
  verified by the user.

• CLI: The sigstore attest subcommand has been added. This command is
  similar to cosign attest in that it signs over an artifact and a
  predicate using a DSSE envelope. This commands requires the user to pass
  a path to the file containing the predicate, and the predicate type.
  Currently only the SLSA Provenance v0.2 and v1.0 types are supported.

• CLI: The sigstore verify command now supports verifying digests. This means
  that the user can now pass a digest like sha256:aaaa.... instead of the
  path to an artifact, and sigstore-python will verify it as if it was the
  artifact with that digest.

v3.2.0

Added

• API: models.Bundle.BundleType is now a public API
  (#1089)

• CLI: The sigstore plumbing subcommand hierarchy has been added. This
  hierarchy is for developer-only interactions, such as fixing malformed
  Sigstore bundles. These subcommands are not considered stable until
  explicitly documented as such.
  (#1089)

Changed

• CLI: The default console logger now emits to stderr, rather than stdout
  (#1089)

v3.1.0

Added

• API: dsse.StatementBuilder has been added. It can be used to construct an
  in-toto Statement for subsequent enveloping and signing.
  This API is public but is not considered stable until the next major
  release.
  (#1077)

• API: dsse.Digest, dsse.DigestSet, and dsse.Subject have been added.
  These types can be used with the StatementBuilder API as part of in-toto
  Statement construction.
  These API are public but are not considered stable until the next major
  release.
  (#1078)

Changed

• API: verify_dsse now rejects bundles with DSSE envelopes that have more than
  one signature, rather than checking all signatures against the same key
  (#1062)

v3.0.0

Maintainers' note: this is a major release, with significant public API and CLI
changes. We strongly recommend you read the entries below to fully
understand the changes between 2.x and 3.x.

Added

• API: Signer.sign_artifact() has been added, replacing the removed
  Signer.sign() API

• API: Signer.sign_dsse() has been added. It takes an in-toto Statement
  as an input, producing a DSSE-formatted signature rather than a "bare"
  signature (#804)

• API: "v3" Sigstore bundles are now supported during verification
  (#901)

• API: Verifier.verify(...) can now take a Hashed as an input, performing
  signature verification on a pre-computed hash value
  (#904)

• API: The sigstore.dsse module has been been added, including APIs
  for representing in-toto statements and DSSE envelopes
  (#930)

• CLI: The --trust-config flag has been added as a global option,
  enabling consistent "BYO PKI" uses of sigstore with a single flag
  (#1010)

• CLI: The sigstore verify subcommands can now verify bundles containing
  DSSE entries, such as those produced by
  GitHub Artifact Attestations
  (#1015)

Removed

• BREAKING API CHANGE: SigningResult has been removed.
  The public signing APIs now return sigstore.models.Bundle.

• BREAKING API CHANGE: VerificationMaterials has been removed.
  The public verification APIs now accept sigstore.models.Bundle.

• BREAKING API CHANGE: Signer.sign(...) has been removed. Use
  either sign_artifact(...) or sign_dsse(...), depending on whether
  you're signing opaque bytes or an in-toto statement.

• BREAKING API CHANGE: VerificationResult has been removed.
  The public verification and policy APIs now raise
  sigstore.errors.VerificationError on failure.

• BREAKING CLI CHANGE: The --rekor-url and --fulcio-url
  flags have been entirely removed. To configure a custom PKI, use
  --trust-config
  (#1010)

Changed

• BREAKING API CHANGE: Verifier.verify(...) now takes a bytes | Hashed
  as its verification input, rather than implicitly receiving the input through
  the VerificationMaterials parameter
  (#904)

• BREAKING API CHANGE: VerificationMaterials.rekor_entry(...) now takes
  a Hashed parameter to convey the digest used for Rekor entry lookup
  (#904)

• BREAKING API CHANGE: Verifier.verify(...) now takes a sigstore.models.Bundle,
  instead of a VerificationMaterials (#937)

• BREAKING CLI CHANGE: sigstore sign now emits {input}.sigstore.json
  by default instead of {input}.sigstore, per the client specification
  (#1007)

• sigstore-python now requires inclusion proofs in all signing and verification
  flows, regardless of bundle version of input types. Inputs that do not
  have an inclusion proof (such as detached materials) cause an online lookup
  before any further processing is performed
  (#937)

• sigstore-python now generates "v3" bundles by default during signing
  (#937)

• CLI: Bundles are now always verified offline. The offline flag has no effect.
  (#937)

• CLI: "Detached" materials are now always verified online, due to a lack of
  an inclusion proof. Passing --offline with detached materials will cause
  an error (#937)

• API: sigstore.transparency has been removed, and its pre-existing APIs
  have been re-homed under sigstore.models
  (#990)

• API: oidc.IdentityToken.expected_certificate_subject has been renamed
  to oidc.IdentityToken.federated_issuer to better describe what it actually
  contains. No functional changes have been made to it
  (#1016)

• API: policy.Identity now takes an optional OIDC issuer, rather than a
  required one (#1015)

• CLI: sigstore verify github now requires --cert-identity or
  --repository, not just --cert-identity
  (#1015)

v3.0.0rc2

sigstore: 3.0.0rc2 (#1005)

Signed-off-by: Facundo Tuesca <[email protected]>

v3.0.0rc1

sigstore: 3.0.0rc1 (#998)

Signed-off-by: William Woodruff <[email protected]>

v2.1.5

This is a bug fix release to fix the release pipeline that failed for 2.1.4 release.

What's Changed

• Backport slsa release workflow upgrade (in 2.1.5)
• Pinned securesystemslib dependency more strictly to prevent future breakage (in 2.1.4)

Full Changelog: v2.1.4...v2.1.5