deb_control_files:
- control
- md5sums
deb_fields:
Architecture: all
Depends: golang-github-digitorus-pkcs7-dev, golang-github-digitorus-timestamp-dev,
golang-github-go-openapi-runtime-dev, golang-github-go-openapi-strfmt-dev, golang-github-go-openapi-swag-dev,
golang-github-google-certificate-transparency-dev, golang-github-in-toto-attestation-dev,
golang-github-in-toto-in-toto-golang-dev, golang-github-secure-systems-lab-go-securesystemslib-dev,
golang-github-sigstore-protobuf-specs-dev (>> 0.3.2-1~), golang-github-sigstore-rekor-dev
(>> 1.3.6-2~), golang-github-sigstore-sigstore-dev (>> 1.8.10-2~), golang-github-sigstore-timestamp-authority-dev,
golang-github-stretchr-testify-dev, golang-github-theupdateframework-go-tuf-dev
(>> 2.0.2~), golang-golang-x-crypto-dev, golang-golang-x-mod-dev, golang-google-protobuf-dev
Description: |-
Sigstore signing and verification (Go library)
A client library for Sigstore (https://www.sigstore.dev/), written in
Go. Features:
.
* Signing and verification of Sigstore bundles
(https://github.com/sigstore/protobuf-
specs/blob/main/protos/sigstore_bundle.proto) compliant with Sigstore
Client Spec
* Verification of raw Sigstore signatures by creating bundles for them
(see conformance tests (/cmd/conformance/main.go) for example)
* Signing and verifying with a Timestamp Authority (TSA)
* Signing and verifying (offline or online) with Rekor (Artifact
Transparency Log)
* Structured verification results including certificate metadata
* TUF support
* Verification support for custom trusted root
(https://github.com/sigstore/protobuf-
specs/blob/main/protos/sigstore_trustroot.proto)
* Basic CLI and examples
.
For an example of how to use this library, see the verification
documentation (/docs/verification.md), the CLI cmd/sigstore-go
(/cmd/sigstore-go/main.go). Note that the CLI
is to demonstrate how to use the library, and not intended as a fully-
featured Sigstore CLI like cosign (https://github.com/sigstore/cosign).
.
Background
.
Sigstore already has a canonical Go client implementation, cosign
(https://github.com/sigstore/cosign), which was developed with a focus
on container image signing/verification. It has a rich CLI and a long
legacy of features and development. sigstore-go is a more minimal and
friendly API for integrating Go code with Sigstore, with a focus on the
newly specified data structures in sigstore/protobuf-specs
(https://github.com/sigstore/protobuf-specs). sigstore-go attempts to
minimize the dependency tree for simple signing and verification tasks,
omitting KMS support and container image verification.
.
This package contains the Go library.
Homepage: https://github.com/sigstore/sigstore-go
Installed-Size: '501'
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
Multi-Arch: foreign
Package: golang-github-sigstore-sigstore-go-dev
Priority: optional
Section: golang
Source: sigstore-go
Version: 0.6.2-1
srcpkg_name: sigstore-go
srcpkg_version: 0.6.2-1