Skip to content

Commit

Permalink
Merge pull request #583 from secure-systems-lab/pin-newest-sigstore-v…
Browse files Browse the repository at this point in the history
…ersion

SigstoreSigner: Use sigstore 1.1.2
  • Loading branch information
lukpueh authored May 24, 2023
2 parents d4cfedd + 62f6e34 commit 4ac3788
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 3 deletions.
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ gcpkms = ["google-cloud-kms", "cryptography>=37.0.0"]
hsm = ["asn1crypto", "cryptography>=37.0.0", "PyKCS11"]
pynacl = ["pynacl>1.2.0"]
PySPX = ["PySPX>=0.5.0"]
sigstore = ["sigstore!=1.1.2"]
sigstore = ["sigstore==1.1.2"]

[tool.hatch.version]
path = "securesystemslib/__init__.py"
Expand Down
2 changes: 1 addition & 1 deletion requirements-sigstore.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
sigstore==1.1.1
sigstore==1.1.2
4 changes: 3 additions & 1 deletion securesystemslib/signer/_sigstore_signer.py
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,9 @@ def from_priv_key_uri(
issuer = Issuer.production()
token = issuer.identity_token()
else:
token = detect_credential()
# Note: this method signature only works with sigstore-python 1.1.2:
# dependencies must be updated when changing this
token = detect_credential("sigstore")

return cls(token, public_key)

Expand Down

0 comments on commit 4ac3788

Please sign in to comment.