Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Rekor Bundle message #262

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Rekor Bundle message #262

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
121 changes: 108 additions & 13 deletions gen/pb-go/rekor/v1/sigstore_rekor.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions gen/pb-ruby/lib/sigstore_rekor_pb.rb
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 21 additions & 0 deletions gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,3 +158,24 @@ pub struct TransparencyLogEntry {
#[prost(bytes = "vec", tag = "7")]
pub canonicalized_body: ::prost::alloc::vec::Vec<u8>,
}
/// The RekorBundle is the signed material used to produce the Signed Entry
/// Timestamp signature. See notes on the InclusionPromise above.
#[derive(
sigstore_protobuf_specs_derive::Deserialize_proto,
sigstore_protobuf_specs_derive::Serialize_proto
)]
#[derive(::prost_reflect::ReflectMessage)]
#[prost_reflect(message_name = "dev.sigstore.rekor.v1.RekorBundle")]
#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")]
#[allow(clippy::derive_partial_eq_without_eq)]
#[derive(Clone, PartialEq, ::prost::Message)]
pub struct RekorBundle {
#[prost(bytes = "vec", tag = "1")]
pub body: ::prost::alloc::vec::Vec<u8>,
#[prost(int64, tag = "2")]
pub integrated_time: i64,
#[prost(string, tag = "3")]
pub log_id: ::prost::alloc::string::String,
#[prost(int64, tag = "4")]
pub log_index: i64,
}
Binary file modified gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
View file
Open in desktop
Binary file not shown.
36 changes: 36 additions & 0 deletions gen/pb-typescript/src/__generated__/sigstore_rekor.ts
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions protos/sigstore_rekor.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,12 @@ message TransparencyLogEntry {
// payload from other sources to verify the signature.
bytes canonicalized_body = 7;
}

// The RekorBundle is the signed material used to produce the Signed Entry
// Timestamp signature. See notes on the InclusionPromise above.
message RekorBundle {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have we confirmed that when marshalled as json as canonicalized, this works as expected? Just want to make sure there's no issues with field naming.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can run some tests soon. No need to wait on this PR for the new release.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lkatalin I'll plan to include this in a 0.3.2 release with the other change for the checkpoint key ID that just went in.

woodruffw marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

naming nit: I don't want to proliferate "bundle" even though it's in cosign, given we want "bundle" to refer to top level protobuf bundle now. Do you have another suggestion of the name? SignedEntryTimestampContents?

bytes body = 1 [(google.api.field_behavior) = REQUIRED];
int64 integrated_time = 2 [(google.api.field_behavior) = REQUIRED];
string log_id = 3 [(google.api.field_behavior) = REQUIRED];
int64 log_index = 4 [(google.api.field_behavior) = REQUIRED];
}