From c8fb563489b0649469c1182ea3edf39016826b84 Mon Sep 17 00:00:00 2001
From: Dustin Ingram <di@users.noreply.github.com>
Date: Tue, 9 Aug 2022 20:03:46 +0000
Subject: [PATCH 1/4] Add Sigstore verification materials

---
 downloads/api.py                              |  3 ++-
 .../migrations/0007_auto_20220809_1655.py     | 23 +++++++++++++++++++
 downloads/models.py                           |  6 +++++
 downloads/serializers.py                      |  2 ++
 templates/downloads/release_detail.html       | 14 +++++++++++
 5 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 downloads/migrations/0007_auto_20220809_1655.py

diff --git a/downloads/api.py b/downloads/api.py
index 9cfd87fcb..bb49e588e 100644
--- a/downloads/api.py
+++ b/downloads/api.py
@@ -68,7 +68,8 @@ class Meta(GenericResource.Meta):
             'name', 'slug',
             'creator', 'last_modified_by',
             'os', 'release', 'description', 'is_source', 'url', 'gpg_signature_file',
-            'md5_sum', 'filesize', 'download_button',
+            'md5_sum', 'filesize', 'download_button', 'sigstore_signature_file',
+            'sigstore_cert_file',
         ]
         filtering = {
             'name': ('exact',),
diff --git a/downloads/migrations/0007_auto_20220809_1655.py b/downloads/migrations/0007_auto_20220809_1655.py
new file mode 100644
index 000000000..615ad67a1
--- /dev/null
+++ b/downloads/migrations/0007_auto_20220809_1655.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.2.24 on 2022-08-09 16:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('downloads', '0006_auto_20180705_0352'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='releasefile',
+            name='sigstore_cert_file',
+            field=models.URLField(blank=True, help_text='Sigstore Cert URL', verbose_name='Sigstore Cert URL'),
+        ),
+        migrations.AddField(
+            model_name='releasefile',
+            name='sigstore_signature_file',
+            field=models.URLField(blank=True, help_text='Sigstore Signature URL', verbose_name='Sigstore Signature URL'),
+        ),
+    ]
diff --git a/downloads/models.py b/downloads/models.py
index 9d27d11dc..a4becf7ab 100644
--- a/downloads/models.py
+++ b/downloads/models.py
@@ -322,6 +322,12 @@ class ReleaseFile(ContentManageable, NameSlugModel):
         blank=True,
         help_text="GPG Signature URL"
     )
+    sigstore_signature_file = models.URLField(
+        "Sigstore Signature URL", blank=True, help_text="Sigstore Signature URL"
+    )
+    sigstore_cert_file = models.URLField(
+        "Sigstore Cert URL", blank=True, help_text="Sigstore Cert URL"
+    )
     md5_sum = models.CharField('MD5 Sum', max_length=200, blank=True)
     filesize = models.IntegerField(default=0)
     download_button = models.BooleanField(default=False, help_text="Use for the supernav download button for this OS")
diff --git a/downloads/serializers.py b/downloads/serializers.py
index ed61d0594..f30974e02 100644
--- a/downloads/serializers.py
+++ b/downloads/serializers.py
@@ -46,4 +46,6 @@ class Meta:
             'filesize',
             'download_button',
             'resource_uri',
+            'sigstore_signature_file',
+            'sigstore_cert_file',
         )
diff --git a/templates/downloads/release_detail.html b/templates/downloads/release_detail.html
index 9d1a4dc3a..810100d73 100644
--- a/templates/downloads/release_detail.html
+++ b/templates/downloads/release_detail.html
@@ -40,6 +40,13 @@ <h1 class="page-title">{{ release.name }}</h1>
             <h1 class="page-title">Files</h1>
         </header>
 
+        {% set has_sigstore_materials = false %}
+        {% for f in release_files %}
+          {% if f.sigstore_cert_file or f.sigstore_signature_file %}
+            {% set has_sigstore_materials = true %}
+          {% endif %}
+        {% endfor %}
+
         <table>
           <thead>
             <tr>
@@ -49,6 +56,9 @@ <h1 class="page-title">Files</h1>
               <th>MD5 Sum</th>
               <th>File Size</th>
               <th>GPG</th>
+              {% if has_sigstore_materials %}
+              <th colspan="2">Sigstore</th>
+              {% endif %}
             </tr>
           </thead>
           <tbody>
@@ -60,6 +70,10 @@ <h1 class="page-title">Files</h1>
                 <td>{{ f.md5_sum }}</td>
                 <td>{{ f.filesize }}</td>
                 <td>{% if f.gpg_signature_file %}<a href="{{ f.gpg_signature_file }}">SIG</a>{% endif %}</td>
+                {% if has_sigstore_materials %}
+                <td>{% if f.sigstore_cert_file %}<a href="{{ f.sigstore_cert_file}}">CRT</a>{% endif %}</td>
+                <td>{% if f.sigstore_signature_file %}<a href="{{ f.sigstore_signature_file }}">SIG</a>{% endif %}</td>
+                {% endif %}
               </tr>
             {% endfor %}
           </tbody>

From e9de80f35a22ec4debb5f06547020f61bf139cbb Mon Sep 17 00:00:00 2001
From: Dustin Ingram <di@users.noreply.github.com>
Date: Tue, 9 Aug 2022 20:57:58 +0000
Subject: [PATCH 2/4] Use Django template syntax

---
 downloads/templatetags/download_tags.py |  5 +++++
 templates/downloads/release_detail.html | 11 ++---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/downloads/templatetags/download_tags.py b/downloads/templatetags/download_tags.py
index 88b30941e..a6df103e9 100644
--- a/downloads/templatetags/download_tags.py
+++ b/downloads/templatetags/download_tags.py
@@ -6,3 +6,8 @@
 @register.filter
 def strip_minor_version(version):
     return '.'.join(version.split('.')[:2])
+
+
+@register.filter
+def has_sigstore_materials(files):
+    return any(f.sigstore_cert_file or f.sigstore_signature_file for f in files)
diff --git a/templates/downloads/release_detail.html b/templates/downloads/release_detail.html
index 810100d73..1713130f3 100644
--- a/templates/downloads/release_detail.html
+++ b/templates/downloads/release_detail.html
@@ -40,13 +40,6 @@ <h1 class="page-title">{{ release.name }}</h1>
             <h1 class="page-title">Files</h1>
         </header>
 
-        {% set has_sigstore_materials = false %}
-        {% for f in release_files %}
-          {% if f.sigstore_cert_file or f.sigstore_signature_file %}
-            {% set has_sigstore_materials = true %}
-          {% endif %}
-        {% endfor %}
-
         <table>
           <thead>
             <tr>
@@ -56,7 +49,7 @@ <h1 class="page-title">Files</h1>
               <th>MD5 Sum</th>
               <th>File Size</th>
               <th>GPG</th>
-              {% if has_sigstore_materials %}
+              {% if release_files|has_sigstore_materials %}
               <th colspan="2">Sigstore</th>
               {% endif %}
             </tr>
@@ -70,7 +63,7 @@ <h1 class="page-title">Files</h1>
                 <td>{{ f.md5_sum }}</td>
                 <td>{{ f.filesize }}</td>
                 <td>{% if f.gpg_signature_file %}<a href="{{ f.gpg_signature_file }}">SIG</a>{% endif %}</td>
-                {% if has_sigstore_materials %}
+                {% if release_files|has_sigstore_materials %}
                 <td>{% if f.sigstore_cert_file %}<a href="{{ f.sigstore_cert_file}}">CRT</a>{% endif %}</td>
                 <td>{% if f.sigstore_signature_file %}<a href="{{ f.sigstore_signature_file }}">SIG</a>{% endif %}</td>
                 {% endif %}

From b91a6599efbe245353e98686747dcc1495156e65 Mon Sep 17 00:00:00 2001
From: Dustin Ingram <di@users.noreply.github.com>
Date: Tue, 9 Aug 2022 20:58:56 +0000
Subject: [PATCH 3/4] Add link to verification documentation

---
 templates/downloads/release_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/downloads/release_detail.html b/templates/downloads/release_detail.html
index 1713130f3..dbb870833 100644
--- a/templates/downloads/release_detail.html
+++ b/templates/downloads/release_detail.html
@@ -50,7 +50,7 @@ <h1 class="page-title">Files</h1>
               <th>File Size</th>
               <th>GPG</th>
               {% if release_files|has_sigstore_materials %}
-              <th colspan="2">Sigstore</th>
+              <th colspan="2"><a href="https://www.python.org/download/sigstore/">Sigstore</a></th>
               {% endif %}
             </tr>
           </thead>

From 64b3f394a278416175327ef5a80367c763c5467d Mon Sep 17 00:00:00 2001
From: Dustin Ingram <di@users.noreply.github.com>
Date: Wed, 10 Aug 2022 14:23:03 +0000
Subject: [PATCH 4/4] Load custom filter

---
 templates/downloads/release_detail.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/downloads/release_detail.html b/templates/downloads/release_detail.html
index dbb870833..386bd795d 100644
--- a/templates/downloads/release_detail.html
+++ b/templates/downloads/release_detail.html
@@ -1,6 +1,7 @@
 {% extends "base.html" %}
 {% load boxes %}
 {% load sitetree %}
+{% load has_sigstore_materials from download_tags %}
 
 {% block body_attributes %}class="python downloads"{% endblock %}