haydentherapper
commented
3 months ago Just to cross reference, we were thinking about building a similar capability in https://github.com/sigstore/cosign/issues/3794, to upgrade a bundle.
Closed woodruffw closed 3 months ago
haydentherapper
commented
3 months ago Just to cross reference, we were thinking about building a similar capability in https://github.com/sigstore/cosign/issues/3794, to upgrade a bundle.
sethmlarson
commented
3 months ago Confirming that I was able to get Sigstore CLI to verify all existing CPython Sigstore bundles if this process is run on them.
WIP; needs documentation and feedback.This command enables users to fix older bundles that were malformed by older versions of sigstore-python.
This changeset also includes a new integration test hierarchy, with a starter test for the new
fix-bundlecommand based on a publicly observed malformed bundle.CC @sethmlarson
Closes #1088.
See https://github.com/python/cpython/issues/122785.