From 32aea4bd6cccf99ffc7054d01e54960d598edeba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Sun, 6 Apr 2025 07:38:12 +0200
Subject: dev-python/pypi-attestations: New package, v0.0.23
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A new package that can be used to verify the "attestations"
(i.e. signatures) of published PyPI uploads.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 dev-python/pypi-attestations/Manifest              |  1 +
 dev-python/pypi-attestations/metadata.xml          | 12 +++++++
 .../pypi-attestations-0.0.23.ebuild                | 38 ++++++++++++++++++++++
 3 files changed, 51 insertions(+)
 create mode 100644 dev-python/pypi-attestations/Manifest
 create mode 100644 dev-python/pypi-attestations/metadata.xml
 create mode 100644 dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild

(limited to 'dev-python')

diff --git a/dev-python/pypi-attestations/Manifest b/dev-python/pypi-attestations/Manifest
new file mode 100644
index 000000000000..1fcecc0b06c9
--- /dev/null
+++ b/dev-python/pypi-attestations/Manifest
@@ -0,0 +1 @@
+DIST pypi_attestations-0.0.23.tar.gz 124046 BLAKE2B 9545680499dcee9241012b9c5e9a86368fc17db0608f0635fa1234769df51d78364fd1b202cb22c155ef6fec5f9ff6877bc996f68d64bbe98c10f680df2ff6db SHA512 1df039d715992b5d5e40fffee9982cf73c950f33ef5b8251382192d29f0652f24d868f83887cf394dfd1a7166b5d98a5fab51812987a9cc49f67ee548772929a
diff --git a/dev-python/pypi-attestations/metadata.xml b/dev-python/pypi-attestations/metadata.xml
new file mode 100644
index 000000000000..aa810c8f44b7
--- /dev/null
+++ b/dev-python/pypi-attestations/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>python@gentoo.org</email>
+	</maintainer>
+	<stabilize-allarches/>
+	<upstream>
+		<remote-id type="github">trailofbits/pypi-attestations</remote-id>
+		<remote-id type="pypi">pypi-attestations</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild b/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild
new file mode 100644
index 000000000000..ece5b2ff6650
--- /dev/null
+++ b/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild
@@ -0,0 +1,38 @@
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1 pypi
+
+DESCRIPTION="Convert between Sigstore Bundles and PEP-740 Attestation objects"
+HOMEPAGE="
+	https://github.com/trailofbits/pypi-attestations/
+	https://pypi.org/project/pypi-attestations/
+"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="
+	dev-python/cryptography[${PYTHON_USEDEP}]
+	dev-python/packaging[${PYTHON_USEDEP}]
+	=dev-python/pyasn1-0.6*[${PYTHON_USEDEP}]
+	>=dev-python/pydantic-2.10.0[${PYTHON_USEDEP}]
+	dev-python/requests[${PYTHON_USEDEP}]
+	dev-python/rfc3986[${PYTHON_USEDEP}]
+	<dev-python/sigstore-3.7[${PYTHON_USEDEP}]
+	dev-python/sigstore-protobuf-specs[${PYTHON_USEDEP}]
+"
+BDEPEND="
+	dev-python/setuptools-scm[${PYTHON_USEDEP}]
+	test? (
+		dev-python/pretend[${PYTHON_USEDEP}]
+	)
+"
+
+distutils_enable_tests pytest
-- 
cgit v1.2.3