Merge pull request #583 from secure-systems-lab/pin-newest-sigstore-v…

…ersion SigstoreSigner: Use sigstore 1.1.2
secure-systems-lab · May 24, 2023 · 4ac3788 · 4ac3788
2 parents d4cfedd + 62f6e34
commit 4ac3788
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/pyproject.toml b/pyproject.toml
@@ -48,7 +48,7 @@ gcpkms = ["google-cloud-kms", "cryptography>=37.0.0"]
 hsm = ["asn1crypto", "cryptography>=37.0.0", "PyKCS11"]
 pynacl = ["pynacl>1.2.0"]
 PySPX = ["PySPX>=0.5.0"]
-sigstore = ["sigstore!=1.1.2"]
+sigstore = ["sigstore==1.1.2"]
 
 [tool.hatch.version]
 path = "securesystemslib/__init__.py"

diff --git a/requirements-sigstore.txt b/requirements-sigstore.txt
@@ -1 +1 @@
-sigstore==1.1.1
+sigstore==1.1.2
diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py
@@ -161,7 +161,9 @@ def from_priv_key_uri(
             issuer = Issuer.production()
             token = issuer.identity_token()
         else:
-            token = detect_credential()
+            # Note: this method signature only works with sigstore-python 1.1.2:
+            # dependencies must be updated when changing this
+            token = detect_credential("sigstore")
 
         return cls(token, public_key)