Update after 0.7.0 release

Signed-off-by: Appu Goundan <[email protected]>
sigstore · Jan 31, 2024 · 0f1e623 · 0f1e623
1 parent e4f9359
commit 0f1e623
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -26,6 +26,9 @@ var result = signer.sign(testArtifact);
 
 // resulting signature information
 
+// sigstore bundle format (serialized as <artifact>.sigstore.json)
+String bundle = BundleFactory.createBundle(result)
+
 // artifact digest
 byte[] digest = result.getDigest();
 
@@ -36,12 +39,16 @@ byte[] certsBytes = Certificates.toPemBytes(result.getCertPath()) // converted t
 // artifact signature
 byte[] sig = result.getSignature()
 
-// sigstore bundle format (json string)
-String bundle = BundleFactory.createBundle(result)
 ```
 
 #### Verification
 
+##### KeylessSignature from bundle
+```java
+var bundleFile = // java.nio.Path to a .sigstore.json signature bundle file
+var keylessSignature = BundleFactory.readBundle(Files.newBufferedReader(bundleFile, StandardCharsets.UTF_8));
+```
+
 ##### KeylessSignature from certificate and signature
 ```java
 byte[] digest = // byte array sha256 artifact digest
@@ -55,19 +62,12 @@ var keylessSignature =
         .build();
 ```
 
-##### KeylessSignature from bundle
-```java
-var bundleFile = // java.nio.path to some bundle file
-var keylessSignature = BundleFactory.readBundle(Files.newBufferedReader(bundleFile, StandardCharsets.UTF_8));
-```
 
 ##### Configure verification options
 ```java
 var verificationOptions = 
     VerificationOptions.builder()
-        // verify online? (connect to rekor for inclusion proof)
-        .isOnline(true)
-        // optionally add certificate policy
+        // add certificate policy to verify the identity of the signer
         .addCertificateIdentities(
             CertificateIdentity.builder()
                 .issuer("https://accounts.example.com"))
@@ -78,7 +78,7 @@ var verificationOptions =
 
 ##### Do verification
 ```java
-var artifact = // path to artifact file
+var artifact = // java.nio.Path to artifact file
 try {
   var verifier = new KeylessVerifier.Builder().sigstorePublicDefaults().build();
   verifier.verify(

diff --git a/gradle.properties b/gradle.properties
@@ -4,4 +4,4 @@ systemProp.org.gradle.kotlin.dsl.precompiled.accessors.strict=true
 
 group=dev.sigstore
 # remember to update SigstoreSignExtension.kt when updating this
-version=0.7.0
+version=0.8.0
diff --git a/...gstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt b/...gstore-gradle-sign-base-plugin/src/main/kotlin/dev/sigstore/sign/SigstoreSignExtension.kt
@@ -41,7 +41,7 @@ abstract class SigstoreSignExtension(private val project: Project) {
     abstract val sigstoreJavaVersion : Property<String>
 
     init {
-        sigstoreJavaVersion.convention("0.7.0")
+        sigstoreJavaVersion.convention("0.8.0")
         (this as ExtensionAware).extensions.create<OidcClientExtension>(
             "oidcClient",
             project.objects,