Skip to content

Instantly share code, notes, and snippets.

View feelepxyz's full-sized avatar
💛

Philip Harrison feelepxyz

💛
308 followers · 68 following
View GitHub Profile
@feelepxyz
feelepxyz / staging-bundle.sigstore
Created March 29, 2023 11:42
{
"mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
"verificationMaterial": {
"x509CertificateChain": {
"certificates": [
{
"rawBytes": "MIIHWjCCBuCgAwIBAgIUEgFW4Ong91y9RE278ai5ncwWHjIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwMzI5MTAzNjI3WhcNMjMwMzI5MTA0NjI3WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK92kEXCRnhkOpjIDr2AnnnSuSOfW8VfLDuyo15OMNuBAQ2odCX++Rv1KoqYJ7KtVks0hJGR/8CVr8w5a7dkSQ6OCBf8wggX7MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUKieD2ISA3Q9jS5SeYfYO8bMloPkwHwYDVR0jBBgwFoAUcYYwphR8Ym/599b0BRp/X//rb6wwgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWIvcGFja2FnZS1zZWN1cml0eS1sZWFybmluZy1sYWJzLy5naXRodWIvd29ya2Zsb3dzL3NpZ3N0b3JlLXN0YWdpbmctYnVuZGxlLnltbEByZWZzL2hlYWRzL21haW4wOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/MAEDBCgwYjc5MjJlYTA5MzY5NDU4OTBkYWMyOGIxZTMxMzcyMzYzMjNkN2U5MCUGCisG
@feelepxyz
feelepxyz / provenance-attestation.sigstore
Created November 16, 2022 15:10
{
"mediaType": "application/vnd.dev.sigstore.bundle+json;version=0.1",
"verificationData": {
"tlogEntries": [
{
"logIndex": "7209599",
"logId": {
"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
},
"kindVersion": {
@feelepxyz
feelepxyz / publish-attestation-bundle.sigstore
Created October 27, 2022 14:37
{
"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1",
"verificationData":{
"tlogEntries":[
{
"logIndex":"5983279",
"logId":{
"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
},
"kindVersion":{
@feelepxyz
feelepxyz / 0000-validate-signatures.md
Created February 22, 2022 16:30

Improve npm signature verification

Summary

Add a new top-level cli command to verify existing registry signatures, with basic key rotation support.

Motivation

Signatures are only useful if people verify them. Signature verification is

@feelepxyz
feelepxyz / dependabot-config-file-schemas.json
Created October 7, 2019 09:19
{
"definitions": {
"package_manager": {
"type": "string",
"enum": [
"javascript",
"ruby:bundler",
"php:composer",
"java:maven",
"elixir:hex",
@feelepxyz
feelepxyz / keybase.md
Created July 20, 2017 18:05

Keybase proof

I hereby claim:

  • I am feelepxyz on github.
  • I am feelepxyz (https://keybase.io/feelepxyz) on keybase.
  • I have a public key ASBHeqVrXQTYCN-0rM3ab11UaZjMH2gyYpO-ElPC_Q1nWwo

To claim this, I am signing this object: