Add support for Sigstore verification materials (#2113)

* Add Sigstore verification materials

* Use Django template syntax

* Add link to verification documentation

* Load custom filter

Author: di

downloads/api.py

@@ -68,7 +68,8 @@ class Meta(GenericResource.Meta):
             'name', 'slug',
             'creator', 'last_modified_by',
             'os', 'release', 'description', 'is_source', 'url', 'gpg_signature_file',
-            'md5_sum', 'filesize', 'download_button',
+            'md5_sum', 'filesize', 'download_button', 'sigstore_signature_file',
+            'sigstore_cert_file',
         ]
         filtering = {
             'name': ('exact',),

downloads/migrations/0007_auto_20220809_1655.py

@@ -0,0 +1,23 @@
+# Generated by Django 2.2.24 on 2022-08-09 16:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('downloads', '0006_auto_20180705_0352'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='releasefile',
+            name='sigstore_cert_file',
+            field=models.URLField(blank=True, help_text='Sigstore Cert URL', verbose_name='Sigstore Cert URL'),
+        ),
+        migrations.AddField(
+            model_name='releasefile',
+            name='sigstore_signature_file',
+            field=models.URLField(blank=True, help_text='Sigstore Signature URL', verbose_name='Sigstore Signature URL'),
+        ),
+    ]

downloads/models.py

@@ -322,6 +322,12 @@ class ReleaseFile(ContentManageable, NameSlugModel):
         blank=True,
         help_text="GPG Signature URL"
     )
+    sigstore_signature_file = models.URLField(
+        "Sigstore Signature URL", blank=True, help_text="Sigstore Signature URL"
+    )
+    sigstore_cert_file = models.URLField(
+        "Sigstore Cert URL", blank=True, help_text="Sigstore Cert URL"
+    )
     md5_sum = models.CharField('MD5 Sum', max_length=200, blank=True)
     filesize = models.IntegerField(default=0)
     download_button = models.BooleanField(default=False, help_text="Use for the supernav download button for this OS")

downloads/serializers.py

@@ -46,4 +46,6 @@ class Meta:
             'filesize',
             'download_button',
             'resource_uri',
+            'sigstore_signature_file',
+            'sigstore_cert_file',
         )

downloads/templatetags/download_tags.py

@@ -6,3 +6,8 @@
 @register.filter
 def strip_minor_version(version):
     return '.'.join(version.split('.')[:2])
+
+
+@register.filter
+def has_sigstore_materials(files):
+    return any(f.sigstore_cert_file or f.sigstore_signature_file for f in files)

templates/downloads/release_detail.html

@@ -1,6 +1,7 @@
 {% extends "base.html" %}
 {% load boxes %}
 {% load sitetree %}
+{% load has_sigstore_materials from download_tags %}
 
 {% block body_attributes %}class="python downloads"{% endblock %}
 
@@ -49,6 +50,9 @@ <h1 class="page-title">Files</h1>
               <th>MD5 Sum</th>
               <th>File Size</th>
               <th>GPG</th>
+              {% if release_files|has_sigstore_materials %}
+              <th colspan="2"><a href="https://www.python.org/download/sigstore/">Sigstore</a></th>
+              {% endif %}
             </tr>
           </thead>
           <tbody>
@@ -60,6 +64,10 @@ <h1 class="page-title">Files</h1>
                 <td>{{ f.md5_sum }}</td>
                 <td>{{ f.filesize }}</td>
                 <td>{% if f.gpg_signature_file %}<a href="{{ f.gpg_signature_file }}">SIG</a>{% endif %}</td>
+                {% if release_files|has_sigstore_materials %}
+                <td>{% if f.sigstore_cert_file %}<a href="{{ f.sigstore_cert_file}}">CRT</a>{% endif %}</td>
+                <td>{% if f.sigstore_signature_file %}<a href="{{ f.sigstore_signature_file }}">SIG</a>{% endif %}</td>
+                {% endif %}
               </tr>
             {% endfor %}
           </tbody>