[gentoo-commits] repo/gentoo:master commit in: dev-python/pypi-attestations/

[Michał Górny]

commit:     32aea4bd6cccf99ffc7054d01e54960d598edeba
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  6 05:38:12 2025 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sun Apr  6 05:38:12 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32aea4bd

dev-python/pypi-attestations: New package, v0.0.23

A new package that can be used to verify the "attestations"
(i.e. signatures) of published PyPI uploads.

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 dev-python/pypi-attestations/Manifest              |  1 +
 dev-python/pypi-attestations/metadata.xml          | 12 +++++++
 .../pypi-attestations-0.0.23.ebuild                | 38 ++++++++++++++++++++++
 3 files changed, 51 insertions(+)

diff --git a/dev-python/pypi-attestations/Manifest 
b/dev-python/pypi-attestations/Manifest
new file mode 100644
index 000000000000..1fcecc0b06c9
--- /dev/null
+++ b/dev-python/pypi-attestations/Manifest
@@ -0,0 +1 @@
+DIST pypi_attestations-0.0.23.tar.gz 124046 BLAKE2B 
9545680499dcee9241012b9c5e9a86368fc17db0608f0635fa1234769df51d78364fd1b202cb22c155ef6fec5f9ff6877bc996f68d64bbe98c10f680df2ff6db
 SHA512 
1df039d715992b5d5e40fffee9982cf73c950f33ef5b8251382192d29f0652f24d868f83887cf394dfd1a7166b5d98a5fab51812987a9cc49f67ee548772929a

diff --git a/dev-python/pypi-attestations/metadata.xml 
b/dev-python/pypi-attestations/metadata.xml
new file mode 100644
index 000000000000..aa810c8f44b7
--- /dev/null
+++ b/dev-python/pypi-attestations/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+       <maintainer type="project">
+               <email>pyt...@gentoo.org</email>
+       </maintainer>
+       <stabilize-allarches/>
+       <upstream>
+               <remote-id 
type="github">trailofbits/pypi-attestations</remote-id>
+               <remote-id type="pypi">pypi-attestations</remote-id>
+       </upstream>
+</pkgmetadata>

diff --git a/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild 
b/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild
new file mode 100644
index 000000000000..ece5b2ff6650
--- /dev/null
+++ b/dev-python/pypi-attestations/pypi-attestations-0.0.23.ebuild
@@ -0,0 +1,38 @@
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1 pypi
+
+DESCRIPTION="Convert between Sigstore Bundles and PEP-740 Attestation objects"
+HOMEPAGE="
+       https://github.com/trailofbits/pypi-attestations/
+       https://pypi.org/project/pypi-attestations/
+"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="
+       dev-python/cryptography[${PYTHON_USEDEP}]
+       dev-python/packaging[${PYTHON_USEDEP}]
+       =dev-python/pyasn1-0.6*[${PYTHON_USEDEP}]
+       >=dev-python/pydantic-2.10.0[${PYTHON_USEDEP}]
+       dev-python/requests[${PYTHON_USEDEP}]
+       dev-python/rfc3986[${PYTHON_USEDEP}]
+       <dev-python/sigstore-3.7[${PYTHON_USEDEP}]
+       dev-python/sigstore-protobuf-specs[${PYTHON_USEDEP}]
+"
+BDEPEND="
+       dev-python/setuptools-scm[${PYTHON_USEDEP}]
+       test? (
+               dev-python/pretend[${PYTHON_USEDEP}]
+       )
+"
+
+distutils_enable_tests pytest