Release v0.5.0 · sigstore/sigstore-go

We are continuing to work down items as we move towards a v1.0.0 release. As noted in the v0.4.0 release this includes some minor interface changes as we clean things up and get feedback from people using sigstore-go in different contexts.

Because we are pre-1.0.0 these were made as breaking changes. After 1.0.0 we will provide deprecation notices and smoother migration paths. There may be more minor interface changes between now and v1.0.0.

Breaking Changes

In pkg/bundle/verification_content.go:
- For bundle.Certificate and bundle.PublicKey, HasCertificate() is now called GetCertificate(); only returns *x509.Certificate instead of (x509.Certificate, bool)
In pkg/verify/certificate.go:
- Change NewShortCertificateIdentity() arguments
  - Was: func NewShortCertificateIdentity(issuer, sanValue, sanType, sanRegex string)
  - Now: func NewShortCertificateIdentity(issuer, issuerRegex, sanValue, sanRegex string)
- Change in NewSANMatcher() arguments
  - Was: func NewSANMatcher(sanValue string, sanType string, regexpStr string)
  - Now: func NewSANMatcher(sanValue string, regexpStr string)
- Change in NewCertificateIdentity() arguments
  - Was: NewCertificateIdentity(sanMatcher SubjectAlternativeNameMatcher, extensions certificate.Extensions)
  - Now: NewCertificateIdentity(sanMatcher SubjectAlternativeNameMatcher, issuerMatcher IssuerMatcher, extensions certificate.Extensions)
    - func NewIssuserMatcher(issuerValue, regexpStr string) (IssuerMatcher, error) can help you create IssuerMatcher
In pkg/verify/signed_entity.go:
- WithoutAnyObserverTimestampsInsecure() is now WithoutAnyObserverTimestampsUnsafe()

What's Changed

Simplify HasCertificate interface method by @cmurphy in #209
Make config function name consistent by @cmurphy in #208
Add unit tests for bundle package by @cmurphy in #217
Improve error message when verifying certificate identity by @codysoyland in #218
Add user agent to online Rekor requests and TUF requests. by @steiza in #216
Dsse one sig by @kommendorkapten in #226
Fix ProtobufBundle.MinVersion by @codysoyland in #228
Add Policy WithKey() for verifying content you know is signed with a key by @steiza in #235
Updates for SAN parsing by @cmurphy in #229
Add the ability to specify certificate identity via a regular expression by @steiza in #236

Full Changelog: v0.4.0...v0.5.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.5.0

Breaking Changes

What's Changed

Contributors