forked from sigstore/sigstore-conformance
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sigstore-python-conformance
executable file
·47 lines (37 loc) · 1.23 KB
/
sigstore-python-conformance
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/env python3
"""
A wrapper to convert `sigstore-conformance` CLI protocol invocations to match `sigstore-python`.
"""
import os
import sys
SUBCMD_REPLACEMENTS = {
"sign-bundle": "sign",
"verify-bundle": "verify",
}
ARG_REPLACEMENTS = {
"--certificate-identity": "--cert-identity",
"--certificate-oidc-issuer": "--cert-oidc-issuer",
}
# Trim the script name.
fixed_args = sys.argv[1:]
# Substitute incompatible subcommands.
subcmd = fixed_args[0]
if subcmd in SUBCMD_REPLACEMENTS:
fixed_args[0] = SUBCMD_REPLACEMENTS[subcmd]
# Build base command with optional staging argument
command = ["sigstore"]
if "--staging" in fixed_args:
command.append("--staging")
fixed_args.remove("--staging")
# Fix-up the subcommand: the conformance suite uses `verify`, but
# `sigstore` requires `verify identity` for identity based verifications.
subcommand, *fixed_args = fixed_args
if subcommand == "sign":
command.append("sign")
elif subcommand == "verify":
command.extend(["verify", "identity"])
else:
raise ValueError(f"unsupported subcommand: {subcommand}")
# Replace incompatible flags.
command.extend(ARG_REPLACEMENTS[arg] if arg in ARG_REPLACEMENTS else arg for arg in fixed_args)
os.execvp("sigstore", command)