Cargo Features

[dependencies]
sigstore = { version = "0.10.0", default-features = false, features = ["wasm", "full-native-tls", "full-rustls-tls", "test-registry", "oauth-native-tls", "oauth-rustls-tls", "oauth", "fulcio-native-tls", "fulcio-rustls-tls", "fulcio", "rekor-native-tls", "rekor-rustls-tls", "rekor", "sign", "verify", "bundle", "sigstore-trust-root", "sigstore-trust-root-native-tls", "sigstore-trust-root-rustls-tls", "cosign-native-tls", "cosign-rustls-tls", "cosign", "cert", "registry-native-tls", "registry-rustls-tls", "registry", "mock-client-native-tls", "mock-client-rustls-tls", "mock-client", "cached-client"] }
default = bundle, cached-client, full-native-tls, sigstore-trust-root

These default features are set whenever sigstore is added without default-features = false somewhere in the dependency tree.

wasm

Enables wasmbind of chrono, js of getrandom, wasm32_unknown_unknown_js of ring

full-native-tls default = cosign-native-tls, fulcio-native-tls, mock-client-native-tls, rekor-native-tls, sigstore-trust-root-native-tls

Affects config::ClientConfig.accept_invalid_hostnames

full-rustls-tls = cosign-rustls-tls, fulcio-rustls-tls, mock-client-rustls-tls, rekor-rustls-tls, sigstore-trust-root-rustls-tls
test-registry

This features is used by tests that use docker to create a registry

oauth-native-tls fulcio-native-tls? = oauth

Enables native-tls of openidconnect

oauth-rustls-tls fulcio-rustls-tls? = oauth

Enables rustls-tls of openidconnect

oauth fulcio? oauth-native-tls? oauth-rustls-tls? = openidconnect

Affects sigstore::oauth

fulcio-native-tls full-native-tls = fulcio, oauth-native-tls

Enables native-tls of reqwest

fulcio-rustls-tls full-rustls-tls? = fulcio, oauth-rustls-tls

Enables rustls-tls of reqwest

fulcio fulcio-native-tls? fulcio-rustls-tls? sign? verify? = oauth, serde_with

Affects sigstore::fulcio

rekor-native-tls full-native-tls = rekor

Enables native-tls of reqwest

reqwest:

Enables native-tls specific functionality not available by default.

rekor-rustls-tls full-rustls-tls? = rekor

Enables rustls-tls of reqwest

rekor rekor-native-tls? rekor-rustls-tls? sign? verify? = reqwest

Affects sigstore::rekor

sign bundle = cert, fulcio, rekor, sigstore_protobuf_specs

Affects bundle::sign, sigstore::bundle

verify bundle = cert, fulcio, rekor, sigstore_protobuf_specs

Affects bundle::verify, sigstore::bundle

bundle default = sign, verify
sigstore-trust-root default sigstore-trust-root-native-tls? sigstore-trust-root-rustls-tls? = futures-util, regex, reqwest_0_11, sigstore_protobuf_specs, tough

Enables sync of tokio

Affects trust::sigstore

sigstore-trust-root-native-tls full-native-tls = sigstore-trust-root

Enables native-tls of reqwest ^0.11

We have to include this old version of reqwest because tough is currently using it.
By including it, we can configure which TLS backend it's going to use, otherwise fetching the TUF sigstore repository will fail at runtime because the old version of reqwest will be compiled withtout TLS support.

sigstore-trust-root-rustls-tls full-rustls-tls? = sigstore-trust-root

Enables rustls-tls of reqwest ^0.11

cosign-native-tls full-native-tls = cert, cosign, registry-native-tls

Enables native-tls of oci-distribution

cosign-rustls-tls full-rustls-tls? = cert, cosign, registry-rustls-tls

Enables rustls-tls of oci-distribution

cosign cosign-native-tls? cosign-rustls-tls? = olpc-cjson

Affects errors::SigstoreVerifyConstraintsError, errors::SigstoreApplicationConstraintsError, sigstore::cosign, registry::oci_reference

cert cosign-native-tls? cosign-rustls-tls? sign? verify?
registry-native-tls cosign-native-tls? = registry

Enables native-tls of oci-distribution

registry-rustls-tls cosign-rustls-tls? = registry

Enables rustls-tls of oci-distribution

registry registry-native-tls? registry-rustls-tls? = olpc-cjson

Affects sigstore::registry

mock-client-native-tls full-native-tls = mock-client

Enables native-tls of oci-distribution

mock-client-rustls-tls full-rustls-tls? = mock-client

Enables rustls-tls of oci-distribution

mock-client mock-client-native-tls? mock-client-rustls-tls?
cached-client default = cached

Features from optional dependencies

In crates that don't use the dep: syntax, optional dependencies automatically become Cargo features. These features may have been created by mistake, and this functionality may be removed in the future.

cached cached-client

Enables cached ^0.53

futures-util sigstore-trust-root
oci-distribution cosign-native-tls? cosign-rustls-tls? mock-client-native-tls? mock-client-rustls-tls? registry-native-tls? registry-rustls-tls?
olpc-cjson cosign? registry?
openidconnect oauth? oauth-native-tls? oauth-rustls-tls?
regex sigstore-trust-root
reqwest fulcio-native-tls? fulcio-rustls-tls? rekor? rekor-native-tls? rekor-rustls-tls?
reqwest_0_11 sigstore-trust-root sigstore-trust-root-native-tls? sigstore-trust-root-rustls-tls?

Enables reqwest ^0.11

serde_with fulcio?
sigstore_protobuf_specs sign? sigstore-trust-root verify?
tough sigstore-trust-root

Enables tough ^0.18