Skip to content

Commit

Permalink
Merge pull request #858 from sigstore/post1.1.0
Browse files Browse the repository at this point in the history
Update versions and changelog
  • Loading branch information
loosebazooka authored Nov 22, 2024
2 parents 2e59559 + a2adec6 commit 763c500
Show file tree
Hide file tree
Showing 8 changed files with 26 additions and 7 deletions.
19 changes: 19 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,25 @@ All versions prior to 1.0.0 are untracked

## [Unreleased]

# [1.1.0] - 2024-11-22

## Added
- Update sigstore tuf roots to v10 for staging and public-good https://github.com/sigstore/sigstore-java/pull/848
- Tuf conformance tests for tuf client spec conformance https://github.com/sigstore/sigstore-java/pull/838

## Changed
- Allow tuf updater to fetch meta without downloading targets https://github.com/sigstore/sigstore-java/pull/839
- Allow tuf targets and metadata to be stored and fetched separately https://github.com/sigstore/sigstore-java/pull/827

## Fixed
- Fix handling of tuf targets in subdirectories https://github.com/sigstore/sigstore-java/pull/853
- Fix tuf spec conformance for valid but duplicate signatures on a role https://github.com/sigstore/sigstore-java/pull/852
- Fix handling of rsa-pss and ed25519 signatures in tuf metadata https://github.com/sigstore/sigstore-java/pull/849/files

## Security
- Ensure log entries in sigstore bundles are entries that correspond to the
verification material (signature, artifact, public-key) provided to the
verifier. https://github.com/sigstore/sigstore-java/pull/856

# [1.0.0] - 2024-08-28

Expand Down
2 changes: 1 addition & 1 deletion build-logic/publishing/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ dependencies {
implementation(project(":basics"))
implementation(project(":jvm"))
implementation("dev.sigstore.build-logic:gradle-plugin")
implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.0.0")
implementation("dev.sigstore:sigstore-gradle-sign-plugin:1.1.0")
implementation("com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin:1.3.0")
}
2 changes: 1 addition & 1 deletion examples/hello-world/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
plugins {
`java-library`
`maven-publish`
val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.0.0"
val sigstoreVersion = System.getProperty("sigstore.version") ?: "1.1.0"
id("dev.sigstore.sign") version "$sigstoreVersion"
signing
}
Expand Down
2 changes: 1 addition & 1 deletion examples/hello-world/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.release>11</maven.compiler.release>
<sigstore.version>1.0.0</sigstore.version>
<sigstore.version>1.1.0</sigstore.version>
</properties>

<build>
Expand Down
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ systemProp.org.gradle.kotlin.dsl.precompiled.accessors.strict=true
group=dev.sigstore

# use the ./scripts/update_version.sh script to update all versions
version=1.1.0
version=1.2.0
2 changes: 1 addition & 1 deletion sigstore-gradle/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe

```kotlin
plugins {
id("dev.sigstore.sign") version "1.0.0"
id("dev.sigstore.sign") version "1.1.0"
}

// Automatically sign all Maven publications, using GitHub Actions OIDC when available,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ abstract class SigstoreSignExtension(private val project: Project) {
abstract val sigstoreJavaVersion : Property<String>

init {
sigstoreJavaVersion.convention("1.1.0")
sigstoreJavaVersion.convention("1.2.0")
(this as ExtensionAware).extensions.create<OidcClientExtension>(
"oidcClient",
project.objects,
Expand Down
2 changes: 1 addition & 1 deletion sigstore-maven-plugin/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Signature format uses [Sigstore bundle](https://github.com/sigstore/protobuf-spe
<plugin>
<groupId>dev.sigstore</groupId>
<artifactId>sigstore-maven-plugin</artifactId>
<version>1.0.0</version>
<version>1.1.0</version>
<executions>
<execution>
<id>sign</id>
Expand Down

0 comments on commit 763c500

Please sign in to comment.