From b7934cf8924e71a99870f6fab32b660ace892eb9 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Fri, 11 Apr 2025 10:04:13 +0300
Subject: [PATCH 1/4] Backport: internal/trust: Fix bug in rekor key lookup

Rekor keyring can (and in future will) have multiple keys:
logs not only get sharded but once rekor-tiles is integrated in the
public good instance, there will be two writable logs for a while.

Backport of #1350

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 sigstore/_internal/trust.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sigstore/_internal/trust.py b/sigstore/_internal/trust.py
index d660bee56..0247eaada 100644
--- a/sigstore/_internal/trust.py
+++ b/sigstore/_internal/trust.py
@@ -333,8 +333,8 @@ def rekor_keyring(self, purpose: KeyringPurpose) -> RekorKeyring:
         """Return keyring with keys for Rekor."""
 
         keys: list[_PublicKey] = list(self._get_tlog_keys(self._inner.tlogs, purpose))
-        if len(keys) != 1:
-            raise MetadataError("Did not find one Rekor key in trusted root")
+        if len(keys) == 0:
+            raise MetadataError("Did not find any Rekor keys in trusted root")
         return RekorKeyring(Keyring(keys))
 
     def ct_keyring(self, purpose: KeyringPurpose) -> CTKeyring:

From ea46408f8dc024b0704671a3aa95c94479232a16 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 14 Oct 2025 20:22:06 +0300
Subject: [PATCH 2/4] Backport #1424

Fail less hard when unsupported keys are seen

Current trusted root contains keys this client version does not
understand: the keys are not necessary to verify or sign
bundles with rekor v1

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 sigstore/_internal/trust.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sigstore/_internal/trust.py b/sigstore/_internal/trust.py
index 0247eaada..64b765e5e 100644
--- a/sigstore/_internal/trust.py
+++ b/sigstore/_internal/trust.py
@@ -18,6 +18,7 @@
 
 from __future__ import annotations
 
+import logging
 from dataclasses import dataclass
 from datetime import datetime, timezone
 from enum import Enum
@@ -57,6 +58,8 @@
 )
 from sigstore.errors import Error, MetadataError, VerificationError
 
+_logger = logging.getLogger(__name__)
+
 
 def _is_timerange_valid(period: TimeRange | None, *, allow_expired: bool) -> bool:
     """
@@ -164,8 +167,11 @@ def __init__(self, public_keys: List[_PublicKey] = []):
         self._keyring: dict[KeyID, Key] = {}
 
         for public_key in public_keys:
-            key = Key(public_key)
-            self._keyring[key.key_id] = key
+            try:
+                key = Key(public_key)
+                self._keyring[key.key_id] = key
+            except VerificationError as e:
+                _logger.warning(f"Failed to load a trusted root key: {e}")
 
     def verify(self, *, key_id: KeyID, signature: bytes, data: bytes) -> None:
         """

From 01c96b3c2aaae484b0b0ac2db01364396156620f Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Tue, 14 Jan 2025 02:37:26 -0500
Subject: [PATCH 3/4] Backport: ci: fix offline tests on ubuntu-latest

Backport of #1283

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 283853231..2645605c1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -46,12 +46,16 @@ jobs:
       - name: test (offline)
         if: matrix.conf.os == 'ubuntu-latest'
         run: |
+          # Look at me. I am the captain now.
+          sudo sysctl -w kernel.unprivileged_userns_clone=1
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
           # We use `unshare` to "un-share" the default networking namespace,
           # in effect running the tests as if the host is offline.
           # This in turn effectively exercises the correctness of our
           # "online-only" test markers, since any test that's online
           # but not marked as such will fail.
-          # We also explicitly exclude the intergration tests, since these are
+          # We also explicitly exclude the integration tests, since these are
           # always online.
           unshare --map-root-user --net make test T="test/unit" TEST_ARGS="--skip-online -vv --showlocals"
 

From f5b4587c05d2a6bc169d6a94b30766208e215f93 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Wed, 15 Oct 2025 13:26:36 +0300
Subject: [PATCH 4/4] Bump 3.5.x series to 3.5.4

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 CHANGELOG.md         | 9 +++++++++
 sigstore/__init__.py | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8f8e2c725..e653d02ce 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,15 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+## [3.5.4]
+
+### Fixed
+
+* Do not fail hard if trust root contains unsupported keys
+  (Backport of [#1424](https://github.com/sigstore/sigstore-python/pull/1424))
+* Fix bug in rekor key lookup
+  (Backport of [#1350](https://github.com/sigstore/sigstore-python/pull/1350))
+
 ## [3.5.3]
 
 ### Fixed
diff --git a/sigstore/__init__.py b/sigstore/__init__.py
index bb6923c83..17aecfaae 100644
--- a/sigstore/__init__.py
+++ b/sigstore/__init__.py
@@ -25,4 +25,4 @@
 * `sigstore.sign`: creation of Sigstore signatures
 """
 
-__version__ = "3.5.3"
+__version__ = "3.5.4"