Skip to content

Add a requirements file w/ hashes, and additional instructions for installing #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 3, 2022
Merged

Add a requirements file w/ hashes, and additional instructions for installing #114

merged 3 commits into from
Jun 3, 2022

Conversation

di
Copy link
Member

@di di commented Jun 3, 2022

This PR adds a requirements file that users can optionally use when installing to enable hash-checking mode.

It also turns on Dependabot, to keep this file up to date.

@di di requested a review from woodruffw June 3, 2022 16:48
woodruffw
woodruffw approved these changes Jun 3, 2022
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

One thought: I wonder whether we'll need some additional CI work to apply updates when pyproject.toml is changed manually?

For example, I can imagine a case where we bump cryptography and our requirements.txt is out-of-date for approximately a day, causing stale (or broken) installs.

@di di mentioned this pull request Jun 3, 2022
Closed
@di
Copy link
Member Author

di commented Jun 3, 2022

Great point. I raised #115 to address this.

@di di merged commit 25460b4 into sigstore:main Jun 3, 2022
@di di deleted the requirements-file branch June 3, 2022 17:31
javanlacerda pushed a commit to javanlacerda/sigstore-python that referenced this pull request Feb 23, 2024
@steiza
Supply the artifact for the new bundle tests. (sigstore#114)
c5f5fb2 
Instead of the in-toto statement, which does not have the right hash.

Signed-off-by: Zach Steindler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@di @woodruffw