This converts DigestManifests to signing payloads in the style used by the existing serialize_v0/serialize_v1 implementations: just the digest as a bytes string.
For Sigstore signing, this payload can be signed via sign_artifact (and BytesIO to convert the bytes to the expected input type) to produce just a Sigstore bundle with the signature.
CC @susperius (showing how we can convert manifests to signing payload that is not in-toto).
Summary
This converts
DigestManifests to signing payloads in the style used by the existingserialize_v0/serialize_v1implementations: just the digest as a bytes string.For Sigstore signing, this payload can be signed via
sign_artifact(andBytesIOto convert thebytesto the expected input type) to produce just a Sigstore bundle with the signature.CC @susperius (showing how we can convert manifests to signing payload that is not in-toto).
Release Note
NONE
Documentation
NONE