- type: textarea
    id: additional
    attributes:
      label: Anything else we need to know?

  - type: textarea
    id: sigs
    attributes:
      label: Relevant SIG(s)
      description: You can identify the SIG from the "prowjob_config_url" on the testgrid dashboard for a test.

	priv, _ := GenerateKey(c, rand.Reader)

	hashed := []byte("testing")
	sig, err := SignASN1(rand.Reader, priv, hashed)
	if err != nil {
		t.Errorf("error signing: %s", err)
		return
	}

	if !VerifyASN1(&priv.PublicKey, hashed, sig) {
		t.Errorf("VerifyASN1 failed")
	}

	hashed[0] ^= 0xff
	if VerifyASN1(&priv.PublicKey, hashed, sig) {
		t.Errorf("VerifyASN1 always works!")
	}
}

guidelines at https://bugcrowd.com/squareopensource


## Verifying Artifacts

We sign our artifacts using this [key][signing_key]:

```
pub rsa4096/dbd744ace7ade6aa50dd591f66b50994442d2d40 2021-07-09T14:50:19Z
	 Hash=a79b48fd6a1f31699c788b50c97d0b98

uid Square Clippy <******@****.***>
sig  sig  66b50994442d2d40 2021-07-09T14:50:19Z 2041-07-04T14:50:19Z ____________________ [selfsig]
```

		// Copy content into the parameter block. In the sign case,
		// we copy hashed message, private key and random number into
		// the parameter block.
		hashToBytes(params[2*blockSize:3*blockSize], hash, c)
		priv.D.FillBytes(params[3*blockSize : 4*blockSize])
		k.FillBytes(params[4*blockSize : 5*blockSize])
		// Convert verify function code into a sign function code by adding 8.

                sign jar, javadocJar, sourcesJar
            }
        """

        when:
        run "signJar", "signJavadocJar", "signSourcesJar"

        then:
        executedAndNotSkipped(":signJar", ":signJavadocJar", ":signSourcesJar")

        and:
        file("build", "libs", "sign-1.0.jar.asc").text
        file("build", "libs", "sign-1.0-javadoc.jar.asc").text

            I pushed these containers:
            
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.12`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.11`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.10`
            - `gcr.io/tensorflow-sigs/build:${{ github.event.number }}-python3.9`
            

		sig, err := jws.ComputeDetachedSignature(content, tokenID, tokenValue)
		if err != nil {
			utilruntime.HandleError(err)
		}

		// Check to see if this signature is changed or new.
		oldSig, _ := sigs[tokenID]
		if sig != oldSig {
			needUpdate = true
		}
		delete(sigs, tokenID)

		newCM.Data[bootstrapapi.JWSSignatureKeyPrefix+tokenID] = sig
	}

- sigs.k8s.io/kustomize/api: v0.8.5 → v0.8.8
- sigs.k8s.io/kustomize/cmd/config: v0.9.7 → v0.9.10
- sigs.k8s.io/kustomize/kustomize/v4: v4.0.5 → v4.1.2
- sigs.k8s.io/kustomize/kyaml: v0.10.15 → v0.10.17

### Removed
_Nothing has changed._



# v1.21.0

[Documentation](https://docs.k8s.io)

## Downloads for v1.21.0

### Source Code

filename | sha512 hash

    Add the staging repo in the list of repos to be published.

4. Add the staging and published repositories as a subproject for the
SIG that owns the repos in
[`sigs.yaml`](https://github.com/kubernetes/community/blob/master/sigs.yaml).

func TestPSSOpenSSL(t *testing.T) {
	hash := crypto.SHA256
	h := hash.New()
	h.Write([]byte("testing"))
	hashed := h.Sum(nil)

	// Generated with `echo -n testing | openssl dgst -sign key.pem -sigopt rsa_padding_mode:pss -sha256 > sig`
	sig := []byte{
		0x95, 0x59, 0x6f, 0xd3, 0x10, 0xa2, 0xe7, 0xa2, 0x92, 0x9d,
		0x4a, 0x07, 0x2e, 0x2b, 0x27, 0xcc, 0x06, 0xc2, 0x87, 0x2c,
		0x52, 0xf0, 0x4a, 0xcc, 0x05, 0x94, 0xf2, 0xc3, 0x2e, 0x20,