issues
search
Shopify
/
ruby-sigstore
Rubygems sigstore signing plugin
Apache License 2.0
7
stars
6
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Considerations for storing gem signatures in rubygems.org
#65
rochlefebvre
opened
2 years ago
0
Considerations for listing signer identities in the gemspec
#64
rochlefebvre
opened
2 years ago
0
Store gem signatures in a hashedrekord
#63
rochlefebvre
closed
2 years ago
0
Check responses from Fulcio/Rekor POSTs, raise unless expected
#62
rochlefebvre
closed
2 years ago
0
Resized images for issue or PR description
#61
rochlefebvre
closed
2 years ago
3
Add Shopify entry into https://github.com/sigstore/friends
#60
rochlefebvre
opened
2 years ago
0
Notes on using refresh tokens to decouple browser authentication from requesting a certificate chain
#59
rochlefebvre
opened
2 years ago
0
Only consider signatures from emails listed in the gemspec during signature verification
#58
rochlefebvre
opened
2 years ago
0
Fail gem signing unless the access token's verified email address appears in the gemspec's list of maintainers
#57
rochlefebvre
opened
2 years ago
0
Validate file is a gem on signature command
#56
aellispierce
closed
2 years ago
0
Rename install command's --verify option to --verify-signatures
#55
aellispierce
closed
2 years ago
0
Rename `install` command's --verify option to --verify-signatures
#54
rochlefebvre
closed
2 years ago
1
Delete the `gem sign` and `gem verify` commands
#53
rochlefebvre
closed
2 years ago
0
Implement an exception hiererarchy for the plugin
#52
rochlefebvre
opened
2 years ago
0
Add a `gem signatures` command
#51
rochlefebvre
closed
2 years ago
0
make verify command work in bundler
#50
doodzik
closed
2 years ago
1
Rename `gem verify` to `gem verify_signatures`
#49
rochlefebvre
closed
2 years ago
1
add decision log
#48
doodzik
closed
2 years ago
0
Implement support for the `--fulcio-host` argument in `gem sign` and `gem build --sign`.
#47
rochlefebvre
opened
2 years ago
0
Implement support for the `--rekor-host` argument in every command
#46
rochlefebvre
opened
2 years ago
0
Fix NoMethodError for `gem verify` on an unsigned gem
#45
rochlefebvre
closed
2 years ago
0
Update the README
#44
rochlefebvre
closed
2 years ago
0
Revise the README.md file
#43
rochlefebvre
opened
2 years ago
0
Enable environment variables to set an id-token
#42
doodzik
opened
2 years ago
0
add static openid provider
#41
doodzik
closed
2 years ago
1
Bulk-retrieve log entries by uuid
#40
rochlefebvre
closed
2 years ago
0
Refactor openid
#39
doodzik
closed
2 years ago
1
Implement `gem build --sign` as an alias of `gem build` + `gem sign`.
#38
rochlefebvre
closed
2 years ago
1
Only accept gem files `gem signatures --sign` and `gem signatures --verify`
#37
rochlefebvre
closed
2 years ago
0
Control whether `gem install` verifies signatures with an environment variable
#36
rochlefebvre
closed
2 years ago
0
Consider renaming `gem verify` to something more focused
#35
rochlefebvre
closed
2 years ago
3
Implement `gem install --verify-signatures` as an alias of `gem verify` + `gem install`.
#34
rochlefebvre
closed
2 years ago
2
Update Rekor::Api#where to fetch log entries by uuid in bulk
#33
rochlefebvre
closed
2 years ago
0
Support the signing of multiple gems
#32
rochlefebvre
opened
2 years ago
0
add rubocop
#31
doodzik
closed
2 years ago
0
add static open_id provider
#30
doodzik
closed
2 years ago
1
Clean up the Sigstore module and the require statements
#29
rochlefebvre
closed
2 years ago
0
First gem verify integration test
#28
rochlefebvre
closed
2 years ago
0
Partial refactor of the rekor code
#27
rochlefebvre
closed
2 years ago
0
Reinstate the license verification workflow
#26
rochlefebvre
opened
2 years ago
0
Run ruby-sigstore on every public ruby gem release of shopify
#25
doodzik
opened
2 years ago
0
Enable `shipit` to sign a gem on behalf of a user
#24
doodzik
opened
2 years ago
0
Set up a basic integration test suite
#23
rochlefebvre
closed
2 years ago
0
Clean up some of the printed messages
#22
rochlefebvre
closed
3 years ago
0
Expose the log entry timestamp in RekordEntry
#21
rochlefebvre
closed
2 years ago
0
Print all unique emails from valid signature entries
#20
rochlefebvre
closed
3 years ago
0
List emails of all valid signatures
#19
rochlefebvre
closed
3 years ago
0
Retrieve root certificate using signing certificate's AIA extension
#18
rochlefebvre
closed
3 years ago
0
Cache and retrieve issuing certificates by their authority subject identifier
#17
rochlefebvre
opened
3 years ago
0
Validate the cert chain during signature verification
#16
rochlefebvre
opened
3 years ago
0
Next