sigstore-rs v0.6.0

What's Changed

• Fix typo in cosign/mod.rs doc comment by @danbev in #148
• Fix typo in KeyPair trait doc comment by @danbev in #149
• Add getter functions for LogEntry fields by @lkatalin in #147
• Add TreeSize alias to Rekor by @avery-blanchard in #151
• Updates for parsing hashedrekord LogEntry by @lkatalin in #152
• Update cached requirement from 0.39.0 to 0.40.0 by @dependabot in #154
• Fix typos in PublicKeyVerifier doc comments by @danbev in #155
• Update link to verification example by @danbev in #156
• fix: CI error for auto deref by @Xynnn007 in #160
• Remove unused imports in examples/rekor by @danbev in #162
• Fix typo and grammar in signature_layers.rs by @danbev in #161
• add certificate based verification by @flavio in #159
• Fix typos in from_encrypted_pem doc comments by @danbev in #164
• Fix typos in doc comments by @danbev in #163
• Add support for OCI Image signing (spec v1.0) by @Xynnn007 in #158
• Update path to fulcio-cert in verify example by @danbev in #168

New Contributors

• @danbev made their first contribution in #148
• @avery-blanchard made their first contribution in #151

Full Changelog: v0.5.3...v0.6.0

sigstore-rs v0.5.3

Fixes

• rustls should not require openssl by (#146)

Others

• Rework Rekor module structure and enable doc tests (#145)

Contributors

• Flavio Castelli (@flavio)
• Lily Sturmann (@lkatalin)

sigstore-rs v0.5.2

Fixes

• Address compilation error (#143)

Contributors

• Flavio Castelli (@flavio)

sigstore-rs v0.5.1

Fixes

• fix verification of signatures produced with PKI11 (#142)

Others

• Update rsa dependency to stable version 0.7.0 (#141)
• Bump actions/checkout from 3.0.2 to 3.1.0 (#140)

Contributors

• Flavio Castelli (@flavio)
• Xynnn (@Xynnn007)

sigstore-rs v0.5.0

Enhancements

• update user-agent value to be specific to sigstore-rs (#122)
• remove /api/v1/version from client by (#121)
• crate async fulcio client (#132)
• Removed ring dependency (#127)

Others

• Update dependencies
• Refactoring and examples for key interface (#123)
• Fix doc test failures (#136)

Contributors

• Bob Callaway (@bobcallaway)
• Bob McWhirter (@bobmcwhirter)
• Flavio Castelli (@flavio)
• Luke Hinds (@lukehinds)
• Xynnn (@Xynnn007)

sigstore-rs v0.4.0

What's Changed

• fix clippy lints by @cpanato in #98
• feat: add signing key module by @Xynnn007 in #87
• feat: add example case and docs for key interface by @Xynnn007 in #99
• add clippy config and ignore derive_partial_eq_without_eq by @cpanato in #102
• Update xsalsa20poly1305 requirement from 0.7.1 to 0.9.0 by @tarcieri in #101
• Integrate Rekor with Sigstore-rs by @jyotsna-penumaka in #88
• Refactor examples to support subfolder execution by @lukehinds in #111
• Add RUSTSEC-2021-0139 to audit.toml by @lukehinds in #112
• Update tough dependency by @flavio in #114
• Update readme to include new features by @lukehinds in #113
• feat: from and to interface for signing and verification keys by @Xynnn007 in #115
• bump crate version by @cpanato in #118

New Contributors

• @Xynnn007 made their first contribution in #87
• @tarcieri made their first contribution in #101
• @jyotsna-penumaka made their first contribution in #88

Full Changelog: v0.3.3...v0.4.0

sigstore-rs v0.3.3

Changes since v0.3.2:

• Ensure certificates using ECDSA keys keep working (bf90807)
• Extend README to cover OIDC usage
• Update dependencies

sigstore-rs v0.3.2

These are the changes since v0.3.1

• fix: add Fulcio intermediate CA certificate to intermediate pool - fixes issue #70
• Update some dependencies to latest stable releases

sigstore-rs v0.3.1

These are the changes since v0.2.0:

• fix: Add a license entry inside of Cargo.toml. This is needed in order to publish the crate on creates.io
• feat: public key verification - handle different kind of algorithms
• fix [break API]: replace the filter_signature_layers function with cosign::filter_constraints
• feat: add new Error type SigstoreVerifyConstraintsError to keep track of the verification constraints that are not satisfied
• feat: rewrite certificate verification code to leverage a CertificatePool. This allows more Fulcio certificates to be added to the pool.
• fix: handle all the Fulcio certificates found inside of the TUF repository of Sigstore
• feat: cosign client - introduce caching option
• feat: add helpers for retrieving a OpenID Connect ID Token and scope from the sigstore project

Full Changelog: v0.3.0...v0.3.1

sigstore-rs v0.3.0

These are the changes since v0.2.0:

• feat: public key verification - handle different kind of algorithms
• fix [break API]: replace the filter_signature_layers function with cosign::filter_constraints
• feat: add new Error type SigstoreVerifyConstraintsError to keep track of the verification constraints that are not satisfied
• feat: rewrite certificate verification code to leverage a CertificatePool. This allows more Fulcio certificates to be added to the pool.
• fix: handle all the Fulcio certificates found inside of the TUF repository of Sigstore
• feat: cosign client - introduce caching option
• feat: add helpers for retrieving a OpenID Connect ID Token and scope from the sigstore project