A tool for signing Python package distributions

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for di from gravatar.com di Avatar for trailofbits from gravatar.com trailofbits Avatar for woodruffw from gravatar.com woodruffw

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Sigstore Authors
  • Requires: Python >=3.7
Classifiers
Report project as malware

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

Project description

sigstore-python

CI PyPI version

⚠️ This project is not ready for general-purpose use! ⚠️

sigstore is a tool for signing and verifying Python package distributions.

Features

  • Support for signing Python package distributions using an OpenID Connect identity
  • Support for publishing signatures to a Rekor instance
  • Support for verifying signatures on Python package distributions

Installation

sigstore requires Python 3.7 or newer, and can be installed directly via pip:

python -m pip install sigstore

Usage

You can run sigstore as a standalone program, or via python -m:

sigstore --help
python -m sigstore --help

Top-level:

Usage: sigstore [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  sign
  verify

Signing:

Usage: sigstore sign [OPTIONS] FILE [FILE ...]

Options:
  --identity-token TEXT
  --ctfe FILENAME
  --help                 Show this message and exit.

Verifying

Usage: sigstore verify [OPTIONS] FILE [FILE ...]

Options:
  --cert FILENAME       [required]
  --signature FILENAME  [required]
  --cert-email TEXT
  --help                Show this message and exit.

Licensing

sigstore is licensed under the Apache 2.0 License.

Contributing

See the contributing docs for details.

Code of Conduct

Everyone interacting with this project is expected to follow the sigstore Code of Conduct.

Security

Should you discover any security issues, please refer to sigstore's security process.

Info

sigstore-python is developed as part of the sigstore project.

We also use a slack channel! Click here for the invite link.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for di from gravatar.com di Avatar for trailofbits from gravatar.com trailofbits Avatar for woodruffw from gravatar.com woodruffw

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Sigstore Authors
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

3.6.2

3.6.1

3.6.0

3.5.3

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

3.0.0rc2 pre-release

3.0.0rc1 pre-release

2.1.5

2.1.3

2.1.2

2.1.0

2.0.1

2.0.0

2.0.0rc3 pre-release

2.0.0rc2 pre-release

2.0.0rc1 pre-release

1.1.2

1.1.2rc1 pre-release

1.1.1

1.1.1rc1 pre-release

1.1.0

1.0.0

1.0.0rc1 pre-release

0.10.0

0.9.0

0.8.3

0.7.0

0.6.8

0.6.7

0.6.6

0.6.5

0.6.4

0.6.3

0.6.2

0.6.1

0.5.1

0.5.1rc2 pre-release

0.5.1rc1 pre-release

0.5.0

0.4.2 yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.4.1 yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.4.0 yanked

Reason this release was yanked:

Missing submodules

0.3.1 yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.2.0 yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.1.0 yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs
This version

0.0.1rc3 pre-release yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.0.1rc2 pre-release yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

0.0.1rc1 pre-release yanked

Reason this release was yanked:

Incompatible w/ latest Sigstore APIs

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sigstore-0.0.1rc3.tar.gz (20.5 kB view details)

Uploaded Source

Built Distribution

sigstore-0.0.1rc3-py3-none-any.whl (29.9 kB view details)

Uploaded Python 3

File details

Details for the file sigstore-0.0.1rc3.tar.gz.

File metadata

  • Download URL: sigstore-0.0.1rc3.tar.gz
  • Upload date:
  • Size: 20.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for sigstore-0.0.1rc3.tar.gz
Algorithm Hash digest
SHA256 e60f577d55256d02bb05fda8ba0569af2392173a68ffc05135a40b773dbe2250
MD5 55a4384f8a620124b656394fab85e3fe
BLAKE2b-256 ce941fe29c53ea2c3bb97b6aa16f29615b4699ac872bca21465e392db0fb966e

See more details on using hashes here.

File details

Details for the file sigstore-0.0.1rc3-py3-none-any.whl.

File metadata

  • Download URL: sigstore-0.0.1rc3-py3-none-any.whl
  • Upload date:
  • Size: 29.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.9.12

File hashes

Hashes for sigstore-0.0.1rc3-py3-none-any.whl
Algorithm Hash digest
SHA256 71f1a9946a487dca4d9c74026a4d47d29f1cbcb6b566f18f95eeed64f6f9ec15
MD5 c60fb12bd717f58ff72b55d0b3323093
BLAKE2b-256 d4967bdd68f8b592af8328480e9600d78a5d9c6fae4df975f3d597a46ca9e0cf

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page