8000 Add verify-tag command for Git tag signature verification by haya14busa · Pull Request #659 · sigstore/gitsign · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add verify-tag command for Git tag signature verification #659

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 31, 2025
Merged

Add verify-tag command for Git tag signature verification #659

merged 1 commit into from
Mar 31, 2025

Conversation

haya14busa
Copy link
Contributor
@haya14busa haya14busa commented Mar 29, 2025
edited
Loading

Summary

This PR adds a new verify-tag command to gitsign that allows users to verify signatures on Git tags. Currently, gitsign only supports verification of commit signatures through the verify command, but lacks the ability to verify tag signatures.
The motivation for this change is to provide a complete verification solution for Git objects. Since Git supports signing both commits and tags, gitsign should support verification of both types of signatures.

Resolves: #658

Release Note

Added a new verify-tag command to gitsign that allows users to verify signatures on Git tags. The command follows the same verification process as the commit verification, but operates on tag objects instead. It supports all the same identity verification options as the verify command.

Documentation

n/a

@haya14busa
Add verify-tag command for Git tag signature verification
d114a5b 
This commit adds a new 'verify-tag' command to gitsign that allows
users to verify signatures on Git tags. Previously, gitsign only
supported verification of commit signatures through the 'verify'
command.

The verify-tag command follows the same verification process as the
commit verification, but operates on tag objects instead. It supports
all the same identity verification options as the verify command.

Resolves: sigstore#658
Signed-off-by: haya14busa <haya14busa@gmail.com>
@haya14busa haya14busa marked this pull request as ready for review March 29, 2025 17:39
@haya14busa haya14busa mentioned this pull request Mar 29, 2025
Closed
wlynch
wlynch approved these changes Mar 31, 2025
View reviewed changes
Copy link
Member
@wlynch wlynch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing. Thank you!

@wlynch wlynch merged commit b17948d into sigstore:main Mar 31, 2025
7 checks passed
8000
@haya14busa haya14busa deleted the verify-tag branch March 31, 2025 16:01
@haya14busa haya14busa mentioned this pull request Mar 31, 2025
Merged
@haya14busa
Copy link
Contributor Author

@wlynch Thanks for merging this PR! This feature will be very helpful for our GitHub Actions workflows.

Any timeline for when this might be included in the next release?

@wlynch
Copy link
Member
wlynch commented Apr 9, 2025

Sorry for the delay! Will cut a new tag soon.

@wlynch
Copy link
Member
wlynch commented Apr 9, 2025

https://github.com/sigstore/gitsign/releases/tag/v0.13.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wlynch wlynch wlynch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How to verify tags signed with chainguard-dev/actions/setup-gitsign@main in GitHub Actions
2 participants
@haya14busa @wlynch
0