Skip unrecognized keys #266
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This library does not support Rekor v2, which has caused issues when a new key type is attempted. Until we have comprehensive support for Rekor v2, we can skip unrecognized keys. Signed-off-by: Landon Grindheim <landon.grindheim@gmail.com>
landongrindheim
force-pushed
the
skip-unrecognized-keys
branch
from
5fabc2b to
471d83a
Compare
Contributor
Author
|
What do you think of using this approach until Rekor v2 support is ready @segiddins? Smoke tests are failing (expected per this comment), but CI is otherwise green. If it's mergeable, would you be willing to do a release? 🙇 |
segiddins
approved these changes
Oct 20, 2025
GrantBirki
added a commit
to github/hooks
that referenced
this pull request
Oct 21, 2025
Merged
9 tasks
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
rafaelfranca
added a commit
to rails/rails
that referenced
this pull request
Oct 28, 2025
This will fix the attestation when releasing gems. See sigstore/sigstore-ruby#266.
markhallen
added a commit
to dependabot/dependabot-core
that referenced
this pull request
Nov 17, 2025
The previous temporary fix (PR #13356) installed sigstore from a specific git commit to work around the 'Unsupported key type PKIX_ED25519' error. This change moves to a more stable implementation by using the officially released sigstore-cli:0.2.2 gem directly. Changes: - Remove workflow step that installed sigstore from git commit - Update gems.rake to use 'gem exec sigstore-cli:0.2.2' instead of 'gem exec sigstore-cli' to ensure the correct version is used The sigstore-cli:0.2.2 gem includes the fix from sigstore/sigstore-ruby#266 that skips unrecognized key types, resolving the production environment compatibility issue. This eliminates the dependency on git-based gem installation during the release workflow, making the process more reliable and maintainable.
5 tasks
yeikel
pushed a commit
to yeikel/dependabot-core
that referenced
this pull request
Nov 17, 2025
The previous temporary fix (PR dependabot#13356) installed sigstore from a specific git commit to work around the 'Unsupported key type PKIX_ED25519' error. This change moves to a more stable implementation by using the officially released sigstore-cli:0.2.2 gem directly. Changes: - Remove workflow step that installed sigstore from git commit - Update gems.rake to use 'gem exec sigstore-cli:0.2.2' instead of 'gem exec sigstore-cli' to ensure the correct version is used The sigstore-cli:0.2.2 gem includes the fix from sigstore/sigstore-ruby#266 that skips unrecognized key types, resolving the production environment compatibility issue. This eliminates the dependency on git-based gem installation during the release workflow, making the process more reliable and maintainable.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Since October 10th, the following error has been present:
I've opened #263 to track this work. On that issue, @jku suggested skipping unrecognized keys. This seems like a reasonable approach until broader support for Rekor v2 is in place. This is an alternative approach to #264. If one is accepted, the other should be closed.
Fixes: #263
Release Note
Documentation
When: Started failing ~1 week ago when Sigstore production environment was updated
Scope: Affects any application calling Sigstore::Verifier.production
Impact: Production SigStore verification broken
Version: 0.2.1