Skip to content

Commit 1c3788c

Browse files
woodruffwwoodruffw
committed
README, _cli: --rekor-offline -> --require-rekor-offline
Signed-off-by: William Woodruff <william@trailofbits.com>
1 parent b5eb560 commit 1c3788c

File tree

2 files changed

+9
-8
lines changed

2 files changed

+9
-8
lines changed

README.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -151,8 +151,8 @@ Verifying:
151151
```
152152
usage: sigstore verify [-h] [--certificate FILE] [--signature FILE]
153153
[--rekor-bundle FILE] [--cert-email EMAIL]
154-
[--cert-oidc-issuer URL] [--rekor-offline] [--staging]
155-
[--rekor-url URL]
154+
[--cert-oidc-issuer URL] [--require-rekor-offline]
155+
[--staging] [--rekor-url URL]
156156
FILE [FILE ...]
157157

158158
positional arguments:
@@ -176,7 +176,8 @@ Extended verification options:
176176
--cert-oidc-issuer URL
177177
The OIDC issuer URL to check for in the certificate's
178178
OIDC issuer extension (default: None)
179-
--rekor-offline Require offline Rekor verification with a bundle;
179+
--require-rekor-offline
180+
Require offline Rekor verification with a bundle;
180181
implied by --rekor-bundle (default: False)
181182

182183
Sigstore instance options:

sigstore/_cli.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -285,9 +285,9 @@ def _parser() -> argparse.ArgumentParser:
285285
help="The OIDC issuer URL to check for in the certificate's OIDC issuer extension",
286286
)
287287
verification_options.add_argument(
288-
"--rekor-offline",
288+
"--require-rekor-offline",
289289
action="store_true",
290-
default=_boolify_env("SIGSTORE_REKOR_OFFLINE"),
290+
default=_boolify_env("SIGSTORE_REQUIRE_REKOR_OFFLINE"),
291291
help="Require offline Rekor verification with a bundle; implied by --rekor-bundle",
292292
)
293293

@@ -445,8 +445,8 @@ def _sign(args: argparse.Namespace) -> None:
445445

446446

447447
def _verify(args: argparse.Namespace) -> None:
448-
# The presence of --rekor-bundle implies --rekor-offline.
449-
args.rekor_offline = args.rekor_offline or args.rekor_bundle
448+
# The presence of --rekor-bundle implies --require-rekor-offline.
449+
args.require_rekor_offline = args.require_rekor_offline or args.rekor_bundle
450450

451451
# Fail if --certificate, --signature, or --rekor-bundle is specified and we
452452
# have more than one input.
@@ -478,7 +478,7 @@ def _verify(args: argparse.Namespace) -> None:
478478
missing.append(str(sig))
479479
if not cert.is_file():
480480
missing.append(str(cert))
481-
if not bundle.is_file() and args.rekor_offline:
481+
if not bundle.is_file() and args.require_rekor_offline:
482482
# NOTE: We only produce errors on missing bundle files
483483
# if the user has explicitly requested offline-only verification.
484484
# Otherwise, we fall back on online verification.

0 commit comments

Comments
 (0)