Package: sigstore-go (0.7.1-2 and others)
Links for sigstore-go
Debian Resources:
Download Source Package sigstore-go:
Maintainers:
External Resources:
- Homepage [github.com]
Similar packages:
Sigstore signing and verification (program)
A client library for Sigstore (https://www.sigstore.dev/), written in Go. Features:
* Signing and verification of Sigstore bundles (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_bundle.proto) compliant with Sigstore Client Spec * Verification of raw Sigstore signatures by creating bundles for them (see conformance tests (/cmd/conformance/main.go) for example) * Signing and verifying with a Timestamp Authority (TSA) * Signing and verifying (offline or online) with Rekor (Artifact Transparency Log) * Structured verification results including certificate metadata * TUF support * Verification support for custom trusted root (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_trustroot.proto) * Basic CLI and examples
For an example of how to use this library, see the verification documentation (/docs/verification.md), the CLI cmd/sigstore-go (/cmd/sigstore-go/main.go). Note that the CLI is to demonstrate how to use the library, and not intended as a fully- featured Sigstore CLI like cosign (https://github.com/sigstore/cosign).
Background
Sigstore already has a canonical Go client implementation, cosign (https://github.com/sigstore/cosign), which was developed with a focus on container image signing/verification. It has a rich CLI and a long legacy of features and development. sigstore-go is a more minimal and friendly API for integrating Go code with Sigstore, with a focus on the newly specified data structures in sigstore/protobuf-specs (https://github.com/sigstore/protobuf-specs). sigstore-go attempts to minimize the dependency tree for simple signing and verification tasks, omitting KMS support and container image verification.
This package contains the binaries.
Other Packages Related to sigstore-go
|
|
|
|
-
- dep: libc6 (>= 2.34) [not loong64]
- GNU C Library: Shared libraries
also a virtual package provided by libc6-udeb
- dep: libc6 (>= 2.41) [loong64]
Download sigstore-go
| Architecture | Version | Package Size | Installed Size | Files |
|---|---|---|---|---|
| amd64 | 0.7.1-2+b3 | 12,701.0 kB | 44,093.0 kB | [list of files] |
| arm64 | 0.7.1-2+b3 | 10,857.8 kB | 41,615.0 kB | [list of files] |
| armel | 0.7.1-2+b3 | 11,050.2 kB | 42,014.0 kB | [list of files] |
| armhf | 0.7.1-2+b3 | 11,037.0 kB | 41,886.0 kB | [list of files] |
| i386 | 0.7.1-2+b3 | 11,903.4 kB | 41,957.0 kB | [list of files] |
| loong64 (unofficial port) | 0.7.1-2 | 11,126.9 kB | 42,313.0 kB | [list of files] |
| mips64el | 0.7.1-2+b3 | 9,946.3 kB | 48,070.0 kB | [list of files] |
| ppc64el | 0.7.1-2+b3 | 10,718.8 kB | 43,277.0 kB | [list of files] |
| riscv64 | 0.7.1-2+b3 | 11,238.2 kB | 41,933.0 kB | [list of files] |
| s390x | 0.7.1-2+b3 | 11,405.8 kB | 46,541.0 kB | [list of files] |