dev-python/sigstore: New NIH signature verification tool, 3.3.0

New NIH signature verification tool that CPython is trying to push
on everyone.  It will be required for >=dev-lang/python-3.14 apparently,
so better try to get it to work earlier than later.

Signed-off-by: Michał Górny <mgorny@gentoo.org>

3 files changed, 77 insertions, 0 deletions

diff --git a/dev-python/sigstore/Manifest b/dev-python/sigstore/Manifest
new file mode 100644
index 000000000000..a39898ce535f
--- /dev/null
+++ b/dev-python/sigstore/Manifest
@@ -0,0 +1 @@
+DIST sigstore-python-3.3.0.gh.tar.gz 194796 BLAKE2B 34773c7d4d1a2e5c57534ebfc2ea7e8d8769a1243d082bf0298c6e85e14fab289551f951646aaa482deea5101cbb447d8629a05c31937e7d618f45077507ed12 SHA512 7a5659d4c49ba2bea9974e6588d673d1a16b9618ff3d45c8da68d9f77c098a872b5f68cdf2ea402de50deb8141ea98091bd199243fbde217f9076f3b155c5226
diff --git a/dev-python/sigstore/metadata.xml b/dev-python/sigstore/metadata.xml
new file mode 100644
index 000000000000..0b653d0f8cf2
--- /dev/null
+++ b/dev-python/sigstore/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<email>python@gentoo.org</email>
+	</maintainer>
+	<stabilize-allarches/>
+	<upstream>
+		<remote-id type="github">sigstore/sigstore-python</remote-id>
+		<remote-id type="pypi">sigstore</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-python/sigstore/sigstore-3.3.0.ebuild b/dev-python/sigstore/sigstore-3.3.0.ebuild
new file mode 100644
index 000000000000..cb4a9db7d089
--- /dev/null
+++ b/dev-python/sigstore/sigstore-3.3.0.ebuild
@@ -0,0 +1,64 @@
+# Copyright 2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=flit
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1
+
+MY_P=sigstore-python-${PV}
+DESCRIPTION="A tool for signing Python package distributions"
+HOMEPAGE="
+	https://github.com/sigstore/sigstore-python/
+	https://pypi.org/project/sigstore/
+"
+# no tests in sdist, as of 3.3.0
+SRC_URI="
+	https://github.com/sigstore/sigstore-python/archive/v${PV}.tar.gz
+		-> ${MY_P}.gh.tar.gz
+"
+S=${WORKDIR}/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="
+	>=dev-python/cryptography-42[${PYTHON_USEDEP}]
+	>=dev-python/id-1.1.0[${PYTHON_USEDEP}]
+	>=dev-python/platformdirs-4.2[${PYTHON_USEDEP}]
+	>=dev-python/pyopenssl-23.0.0[${PYTHON_USEDEP}]
+	>=dev-python/pyasn1-0.6[${PYTHON_USEDEP}]
+	>=dev-python/pydantic-2[${PYTHON_USEDEP}]
+	>=dev-python/pyjwt-2.1[${PYTHON_USEDEP}]
+	dev-python/requests[${PYTHON_USEDEP}]
+	>=dev-python/rfc8785-0.1.2[${PYTHON_USEDEP}]
+	>=dev-python/rich-13.0[${PYTHON_USEDEP}]
+	>=dev-python/sigstore-protobuf-specs-0.3.2[${PYTHON_USEDEP}]
+	~dev-python/sigstore-rekor-types-0.0.13[${PYTHON_USEDEP}]
+	>=dev-python/tuf-5.0[${PYTHON_USEDEP}]
+	$(python_gen_cond_dep '
+		>=dev-python/importlib-resources-5.7[${PYTHON_USEDEP}]
+	' 3.10)
+"
+BDEPEND="
+	test? (
+		dev-python/pretend[${PYTHON_USEDEP}]
+	)
+"
+
+distutils_enable_tests pytest
+
+src_prepare() {
+	distutils-r1_src_prepare
+
+	# unpin deps
+	sed -i -e 's:~=:>=:' pyproject.toml || die
+}
+
+python_test() {
+	local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1
+	epytest test/unit --skip-online
+}