From 07cef9cbcc78bfb12ef770919da72fa33465bacb Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Tue, 19 Nov 2024 14:57:46 -0600
Subject: [PATCH 1/2] Send Sigstore CLI verification to stdout, not stderr

---
 add_to_pydotorg.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/add_to_pydotorg.py b/add_to_pydotorg.py
index 6799f09e..337a68b5 100755
--- a/add_to_pydotorg.py
+++ b/add_to_pydotorg.py
@@ -422,13 +422,18 @@ def has_sigstore_signature(filename: str) -> bool:
         filename_sigstore = filename + ".sigstore"
 
         if os.path.exists(filename_sigstore):
-            run_cmd(sigstore_verify_argv + ["--bundle", filename_sigstore, filename])
+            run_cmd(
+                sigstore_verify_argv
+                + ["--bundle", filename_sigstore, filename],
+                stderr=subprocess.STDOUT,  # Sigstore sends stderr on success.
+            )
 
         # We use an 'or' here to error out if one of the files is missing.
         if os.path.exists(filename_sig) or os.path.exists(filename_crt):
             run_cmd(
                 sigstore_verify_argv
-                + ["--certificate", filename_crt, "--signature", filename_sig, filename]
+                + ["--certificate", filename_crt, "--signature", filename_sig, filename],
+                stderr=subprocess.STDOUT,  # Sigstore sends stderr on success.
             )
 
 

From fe89b7e6dfbe02ec759c6e7bc3a27dba8bd329bb Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Tue, 19 Nov 2024 15:08:11 -0600
Subject: [PATCH 2/2] lint!

---
 add_to_pydotorg.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/add_to_pydotorg.py b/add_to_pydotorg.py
index 337a68b5..7a2e548a 100755
--- a/add_to_pydotorg.py
+++ b/add_to_pydotorg.py
@@ -423,8 +423,7 @@ def has_sigstore_signature(filename: str) -> bool:
 
         if os.path.exists(filename_sigstore):
             run_cmd(
-                sigstore_verify_argv
-                + ["--bundle", filename_sigstore, filename],
+                sigstore_verify_argv + ["--bundle", filename_sigstore, filename],
                 stderr=subprocess.STDOUT,  # Sigstore sends stderr on success.
             )
 
@@ -432,7 +431,13 @@ def has_sigstore_signature(filename: str) -> bool:
         if os.path.exists(filename_sig) or os.path.exists(filename_crt):
             run_cmd(
                 sigstore_verify_argv
-                + ["--certificate", filename_crt, "--signature", filename_sig, filename],
+                + [
+                    "--certificate",
+                    filename_crt,
+                    "--signature",
+                    filename_sig,
+                    filename,
+                ],
                 stderr=subprocess.STDOUT,  # Sigstore sends stderr on success.
             )