From 9edc04f4665d7a161c2c4b63ccdddbff60ecd359 Mon Sep 17 00:00:00 2001 From: Appu Goundan Date: Wed, 2 Oct 2024 11:07:01 -0400 Subject: [PATCH] Remove --verify-digest flag Signed-off-by: Appu Goundan --- docs/cli_protocol.md | 3 +-- sigstore-python-conformance | 4 ---- test/client.py | 1 - test/test_bundle.py | 1 - 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/docs/cli_protocol.md b/docs/cli_protocol.md index 7922e57..a600871 100644 --- a/docs/cli_protocol.md +++ b/docs/cli_protocol.md @@ -77,7 +77,7 @@ ${ENTRYPOINT} verify [--staging] --signature FILE --certificate FILE --certifica #### Bundle flow ```console -${ENTRYPOINT} verify-bundle [--staging] --bundle FILE --certificate-identity IDENTITY --certificate-oidc-issuer URL [--trusted-root FILE] [--verify-digest] FILE_OR_DIGEST +${ENTRYPOINT} verify-bundle [--staging] --bundle FILE --certificate-identity IDENTITY --certificate-oidc-issuer URL [--trusted-root FILE] FILE_OR_DIGEST ``` | Option | Description | @@ -87,5 +87,4 @@ ${ENTRYPOINT} verify-bundle [--staging] --bundle FILE --certificate-identity IDE | `--certificate-identity IDENTITY` | The expected identity in the signing certificate's SAN extension | | `--certificate-oidc-issuer URL` | The expected OIDC issuer for the signing certificate | | `--trusted-root` | The path of the custom trusted root to use to verify the bundle | -| `--verify-digest` | Presence indicates client should interpret `FILE_OR_DIGEST` as a digest. | | `FILE_OR_DIGEST` | The path to the artifact to verify, or its digest. The digest should start with the `sha256:` prefix. | diff --git a/sigstore-python-conformance b/sigstore-python-conformance index 574c51d..eab5557 100755 --- a/sigstore-python-conformance +++ b/sigstore-python-conformance @@ -15,8 +15,6 @@ SUBCMD_REPLACEMENTS = { ARG_REPLACEMENTS = { "--certificate-identity": "--cert-identity", "--certificate-oidc-issuer": "--cert-oidc-issuer", - # sigstore-python detects if the input is a file path or a digest without needing a flag - "--verify-digest": None, } # Trim the script name. @@ -45,7 +43,5 @@ else: # Replace incompatible flags. command.extend(ARG_REPLACEMENTS[arg] if arg in ARG_REPLACEMENTS else arg for arg in fixed_args) -# Remove unneeded flags -command = [arg for arg in command if arg is not None] os.execvp("sigstore", command) diff --git a/test/client.py b/test/client.py index e03cb55..2955427 100644 --- a/test/client.py +++ b/test/client.py @@ -325,7 +325,6 @@ def _verify_digest_for_bundle(self, materials: BundleMaterials, digest: str) -> CERTIFICATE_IDENTITY, "--certificate-oidc-issuer", CERTIFICATE_OIDC_ISSUER, - "--verify-digest", ] ) diff --git a/test/test_bundle.py b/test/test_bundle.py index b50690c..811f88d 100644 --- a/test/test_bundle.py +++ b/test/test_bundle.py @@ -412,7 +412,6 @@ def temp_bundle_path(bundle: dict) -> Path: ident["Release manager"], "--certificate-oidc-issuer", ident["OIDC Issuer"], - "--verify-digest", f"sha256:{sha256}", ) except ClientFail as e: