_cli: don't warn on bare .sigstore if cert/sig is used (#1179)

sigstore · Oct 23, 2024 · f849402 · f849402
1 parent cfacc77
commit f849402
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/sigstore/_cli.py b/sigstore/_cli.py
@@ -931,7 +931,14 @@ def _collect_verification_state(
             legacy_default_bundle = file.parent / f"{file.name}.sigstore"
             bundle = file.parent / f"{file.name}.sigstore.json"
 
-            if not bundle.is_file() and legacy_default_bundle.is_file():
+            if (
+                not bundle.is_file()
+                and legacy_default_bundle.is_file()
+                # NOTE(ww): Only show this warning if bare materials
+                # are not provided, since bare materials take precedence over
+                # a .sigstore bundle.
+                and not (cert or sig)
+            ):
                 _logger.warning(
                     f"{file}: {legacy_default_bundle} should be named {bundle}. "
                     "Support for discovering 'bare' .sigstore inputs will be deprecated in "