Gitsign Versions Save

Keyless Git signing using Sigstore

v0.10.1

2 weeks ago

Changelog

  • 337b099 update base image for gitsign to one with shell available (#484)

Thanks to all contributors!

v0.10.0

2 weeks ago

What's Changed

Full Changelog: https://github.com/sigstore/gitsign/compare/v0.9.0...v0.10.0

v0.9.0

2 weeks ago

Changelog

  • e20deaa Add config options for Autoclose and AutocloseTimeout (#466)
  • 3f2e97e Bump actions/cache from 4.0.0 to 4.0.1 (#456)
  • 9ba5809 Bump github.com/go-openapi/strfmt from 0.22.0 to 0.22.2 (#464)
  • 98923e1 Update to use go1.22 and ci udpates (#465)
  • b3da2e6 Enable autoclose for sigstore confirmation page. (#455)
  • c2ac22d CI updates and fix lints (#461)
  • cedcc9d Remove GITSIGN_LOG env variable. (#463)
  • 2e63fd0 Run e2e Go tests first. (#462)
  • 6f20ffd Add go-git based signer implementation. (#454)
  • 66e0ff5 Bump github.com/sigstore/protobuf-specs from 0.2.1 to 0.3.0 (#453)
  • 57153a0 Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#450)
  • 3eafadd Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#449)
  • ae02bda Add GITSIGN_TOKEN_PROVIDER docs (#447)
  • ff05b31 Add tokenProvider configuration for forcing OIDC providers. (#446)

Thanks to all contributors!

v0.8.1

2 months ago

What's Changed

Not much! All dependency bumps. 😎

Full Changelog: https://github.com/sigstore/gitsign/compare/v0.8.0...v0.8.1

v0.8.0

5 months ago

Rekor: https://search.sigstore.dev/?commitSha=01375268d822f8299a3d9c23f4fbd796c84bcaa5

Highlights

  • cd66ccb Add options for Rekor client, make public key fetcher configurable. (#399)
  • 530e976 Add gitsign initialize. (#321)
  • 4bda12e Fix offline verification marshalling, add e2e tests. (#330)

Thanks to all contributors!

v0.7.1

10 months ago

Changelog

  • c5a1f43 Offline verification: refactor to make it clear no signature checks are happening. (#319)
  • 8a76ba2 Revoke v0.7.0 (#318)

Thanks to all contributors!

v0.7.0

10 months ago

Changelog

  • 8955100 Bump github.com/jonboulle/clockwork from 0.3.0 to 0.4.0 (#316)
  • 5dd6092 Add offline verification (#220)
  • 295f8c1 Bump github.com/coreos/go-oidc/v3 from 3.5.0 to 3.6.0 (#314)
  • fffe410 Bump sigstore/cosign-installer from 3.0.3 to 3.0.5 (#313)
  • e135d08 Bump actions/setup-go from 4.0.0 to 4.0.1 (#312)
  • dbeae80 Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#310)
  • 859b2ac Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#311)
  • ee39f77 Bump github.com/docker/distribution (#309)
  • 70e4dfd Bump github.com/cloudflare/circl from 1.3.1 to 1.3.3 (#308)
  • a454679 Bump github.com/sigstore/fulcio from 1.2.0 to 1.3.1 (#302)
  • 472a9d1 Bump github.com/sigstore/sigstore from 1.6.3 to 1.6.4 (#304)
  • 06cd545 Bump github.com/in-toto/in-toto-golang from 0.8.0 to 0.9.0 (#305)
  • 71800bf Bump anchore/sbom-action from 0.14.1 to 0.14.2 (#307)
  • d24ff29 Bump github.com/mattn/go-tty from 0.0.4 to 0.0.5 (#306)
  • 9f5a9e8 Bump github.com/sigstore/rekor from 1.1.0 to 1.1.1 (#300)
  • a75b58a Bump github.com/in-toto/in-toto-golang from 0.7.1 to 0.8.0 (#298)
  • df022a6 Bump github.com/sigstore/cosign/v2 from 2.0.1 to 2.0.2 (#299)
  • 717e7e6 Bump sigstore/cosign-installer from 3.0.2 to 3.0.3 (#297)
  • a8dc697 Bump actions/checkout from 3.5.0 to 3.5.2 (#289)
  • ebe8923 Bump github.com/sigstore/sigstore from 1.6.2 to 1.6.3 (#296)
  • f374e54 Bump github.com/go-openapi/runtime from 0.25.0 to 0.26.0 (#295)
  • 71a9701 Bump dependabot/fetch-metadata from 1.3.6 to 1.4.0 (#294)
  • 23df870 Ensure that io writers are properly closed. (#292)
  • 04f9453 Bump github.com/sigstore/sigstore from 1.6.1 to 1.6.2 (#290)
  • 76c47d5 Fix e2e test for initializing cosign (#287)
  • d38cd0b Update e2e test to use CDN instead of GCS (#285)
  • f9e70b5 Bump golang.org/x/crypto from 0.7.0 to 0.8.0 (#283)

Thanks to all contributors!

v0.6.0

1 year ago

Highlights

  • Added gitsign.matchCommitter option to verify certificate identity matches expected committer identity.
  • Added gitsign verify to verify commits with certificate verification options to match cosign (--certificate-identity, --certificate-oidc-issuer)
  • Added support for Buildkite and Environment Variable OIDC credential detection.

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/gitsign/compare/v0.5.2...v0.6.0

v0.5.2

1 year ago

Highlights

gitsign

  • BREAKING CHANGE: URI schemes added to gitsign show attestations to comply with intoto spec. (i.e. gitsign.sigstore.dev/predicate/git/v0.1 -> https://gitsign.sigstore.dev/predicate/git/v0.1)

gitsign-credential-cache

  • Added support for systemd socket activation
  • Added support for opening interactive auth flow through the cache socket - this allows users to forward interactive flows over remote SSH sockets to their local machines.

Changelog

  • 3406c64 Remove usage of getopt to fix release. (#225)
  • aca7918 Bump dependencies (go get -u ./...) (#224)
  • ac61585 Add support for systemd socket activation (#223)
  • 615911c Bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 (#221)
  • f9c532b Update cache directory .sigstore -> sigstore. (#218)
  • 98ef482 Add interactive flow to credential cache. (#211)
  • 15447fe Add scheme to predicate type URI. (#217)
  • e20e829 Bump actions/checkout from 3.2.0 to 3.3.0 (#212)
  • ab6d26c Bump actions/cache from 3.2.2 to 3.2.3 (#213)
  • ec74e38 Bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 (#214)
  • 7a27e1d Bump golang.org/x/crypto from 0.4.0 to 0.5.0 (#215)
  • cc36fa9 Bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.5.0 (#216)
  • 6e4639c Bump actions/cache from 3.2.1 to 3.2.2 (#209)
  • 9f45bc1 Bump github.com/go-git/go-billy/v5 from 5.3.1 to 5.4.0 (#210)
  • cd97505 Bump actions/cache from 3.0.11 to 3.2.1 (#208)
  • fddac02 Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#204)
  • 753bc4f Bump actions/setup-go from 3.4.0 to 3.5.0 (#206)
  • ec6825d Bump golang.org/x/crypto from 0.3.0 to 0.4.0 (#207)
  • 91da40f Bump actions/checkout from 3.1.0 to 3.2.0 (#205)
  • eca7ffc Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.1 (#203)
  • a086299 Bump actions/setup-go from 3.3.1 to 3.4.0 (#199)
  • b9208e3 Bump github.com/go-openapi/runtime from 0.24.2 to 0.25.0 (#201)

Thanks to all contributors!

  • @iavael
  • @wlynch

v0.4.1

1 year ago

What's Changed

Full Changelog: https://github.com/sigstore/gitsign/compare/v0.4.0...v0.4.1