gitsign
SignTools
gitsign | SignTools | |
---|---|---|
10 | 35 | |
899 | 1,279 | |
0.7% | 3.0% | |
9.1 | 7.9 | |
3 days ago | 7 days ago | |
Go | Go | |
GNU General Public License v3.0 or later | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gitsign
-
Gittuf – a security layer for Git using some concepts introduced by TUF
> does it also filter/escape ANSI Sequences in messages and author names?
Not at present! Do you have a link or so I could use to familiarize myself? I'm curious if it'd fall within gittuf's scope.
> does it block garbage collection?
Nope, it doesn't. That said, the repository will have more objects, gittuf tracks additional objects through custom refs in `refs/gittuf/`.
> how do you ensure that the developers are really the developers and there's no spoofing?
At present, gittuf policies use signing keys. It doesn't rely on the commit metadata for author and committer but rather the commit's signature. We support GPG and Sigstore's gitsign [0] right now, and we want to support other signing mechanisms like SSH keys as well.
[0] https://github.com/sigstore/gitsign
-
Signing Git Commits with Your SSH Key
You may want to check out https://github.com/sigstore/gitsign! You can generate ephemeral x509 code signing certs for free using Sigstore.
(disclosure: I'm a maintainer for gitsign)
-
A toolbox for a secure software supply chain
Def check out the gitsign project mentioned in the post: https://github.com/sigstore/gitsign
-
Enable Gitsign Today and Start Signing your Commits
Gitsign offers a keyless commit signing implementation based on OIDC, which is an identity layer built on top of the OAuth 2.0 framework. Gitsign supports verifying your identity either through GitHub, Microsoft, or a Google account.
-
SSH commit verification now supported
Shameless plug for the gitsign project in sigstore: https://github.com/sigstore/gitsign
This isn't supported by GitHub yet but we're hopefully working towards that too.
- sigstore/gitsign: Keyless Git signing using Sigstore
- Keyless Git signing with Sigstore!
-
Gitsign
We used to actually run an RFC3161 timestamp server in addition to the transparency log but recently turned it down because no one was using it. I'd like to bring it back for stuff like this.
https://github.com/sigstore/gitsign/issues/22
SignTools
-
any good sideloaders that dont require a pc?
check this out https://github.com/SignTools/SignTools (personally haven't tried it)
-
Has anyone tries SignTools? I found this while browsing GitHub and it looks interesting.
There are two components to self-hosting SignTools, the web frontend, and the actual signing server, the latter of which must be run on macOS. Fortunately there's a guide to set it up so that you use GitHub Actions as the signing server, which gives you a certain amount of free minutes per month. I've never gotten close to the limit, even when I'm signing a few dozen apps. The guide also shows you how to set up the web frontend on Railway, which also offers free monthly credits, so you can actually self-host both components for free: https://github.com/SignTools/SignTools/blob/master/INSTALL-SIMPLE.md
- [HELP] Sideloading remotely using Dev Account- How?
-
What are you using atm to sign your apps?
SignTools (it's nice for developers with Apple Developer Accounts), for regular users it's kind of a hustle
-
[$100] [16] WhatsApp sideloaded with push notifications
The SignTools developer (tool that I used to sign other apps with working push notifications) said this about the document posted above:
- Any way to refresh apps without a computer I have a really bad computer and it doesn’t work(or just a in detail explanation)
-
dev account and sideload with notification on
im new to this i used to use appdb but i kept getting revoked so now i got a dev account for me to make apps and also use it to sideload idk what app to use , i saw some people talk about SignTools to get notification is there any other way to get notification other than that app? i only use it for cercube and rocket insta so please help
- Why you shouldn't use appdb if you have an Apple Dev Account.
-
Paid developer account questions
Keeping the original bundle ID is required, but not enough for PN working. You have to use a distribution certificate & an explicit profile with the correct PN entitlement. AltStore/Sideloadly cannot do it so you have to do it manually. I recommend you take a look at SignTools if you need working PN: https://github.com/SignTools/SignTools
-
Cant sign in on uYou+
This is quite easy to do if you are using SignTools. When signing an app, make sure to select Use custom when choosing bundle identifier options and specify it in the aforementioned format. When it's signed, your sign in should work.
What are some alternatives?
smimesign - An S/MIME signing utility for use with Git
AltStore - AltStore is an alternative app store for non-jailbroken iOS devices.
git-ts - Git TimeStamp Utility
ios-signer-service - ✒ A free, self-hosted, cross-platform service to sign and install iOS apps, all without a computer [Moved to: https://github.com/SignTools/SignTools]
github - Just a place to track issues and feature requests that I have for github
SideStore - SideStore is a fork of AltStore that doesn't require an AltServer.
community - Public feedback discussions for: GitHub Mobile, GitHub Discussions, GitHub Codespaces, GitHub Sponsors, GitHub Issues and more!
A-Complete-Guide-To-Flutter - This repo contains all the small snippets related to Flutter Apps. Most of the projects/apps are deployed on Flutter Web using GitHub Actions CI Pipeline.
cargo-vet - supply-chain security for Rust
PlayCover - PlayCover is a project that allows you to sideload iOS apps on macOS (currently arm, Intel support will be tested)
vouch - A multi-ecosystem package code review system.
Azule