diff --git a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go index a385e9fd..88bcc2a0 100644 --- a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go +++ b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go @@ -432,6 +432,79 @@ func (x *TransparencyLogEntry) GetCanonicalizedBody() []byte { return nil } +// The RekorBundle is the signed material used to produce the Signed Entry +// Timestamp signature. See notes on the InclusionPromise above. +type RekorBundle struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Body []byte `protobuf:"bytes,1,opt,name=body,proto3" json:"body,omitempty"` + IntegratedTime int64 `protobuf:"varint,2,opt,name=integrated_time,json=integratedTime,proto3" json:"integrated_time,omitempty"` + LogId string `protobuf:"bytes,3,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"` + LogIndex int64 `protobuf:"varint,4,opt,name=log_index,json=logIndex,proto3" json:"log_index,omitempty"` +} + +func (x *RekorBundle) Reset() { + *x = RekorBundle{} + if protoimpl.UnsafeEnabled { + mi := &file_sigstore_rekor_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RekorBundle) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RekorBundle) ProtoMessage() {} + +func (x *RekorBundle) ProtoReflect() protoreflect.Message { + mi := &file_sigstore_rekor_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RekorBundle.ProtoReflect.Descriptor instead. +func (*RekorBundle) Descriptor() ([]byte, []int) { + return file_sigstore_rekor_proto_rawDescGZIP(), []int{5} +} + +func (x *RekorBundle) GetBody() []byte { + if x != nil { + return x.Body + } + return nil +} + +func (x *RekorBundle) GetIntegratedTime() int64 { + if x != nil { + return x.IntegratedTime + } + return 0 +} + +func (x *RekorBundle) GetLogId() string { + if x != nil { + return x.LogId + } + return "" +} + +func (x *RekorBundle) GetLogIndex() int64 { + if x != nil { + return x.LogIndex + } + return 0 +} + var File_sigstore_rekor_proto protoreflect.FileDescriptor var file_sigstore_rekor_proto_rawDesc = []byte{ @@ -496,15 +569,24 @@ var file_sigstore_rekor_proto_rawDesc = []byte{ 0x6f, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x42, 0x6f, - 0x64, 0x79, 0x42, 0x78, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, - 0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, - 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, - 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x79, 0x22, 0x92, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x42, 0x75, 0x6e, 0x64, + 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x12, 0x2c, 0x0a, 0x0f, 0x69, + 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x67, + 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x06, 0x6c, 0x6f, 0x67, + 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, + 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, + 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x6c, + 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x42, 0x78, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, + 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, + 0x67, 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x13, 0x53, 0x69, + 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, + 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -519,18 +601,19 @@ func file_sigstore_rekor_proto_rawDescGZIP() []byte { return file_sigstore_rekor_proto_rawDescData } -var file_sigstore_rekor_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_sigstore_rekor_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_sigstore_rekor_proto_goTypes = []interface{}{ (*KindVersion)(nil), // 0: dev.sigstore.rekor.v1.KindVersion (*Checkpoint)(nil), // 1: dev.sigstore.rekor.v1.Checkpoint (*InclusionProof)(nil), // 2: dev.sigstore.rekor.v1.InclusionProof (*InclusionPromise)(nil), // 3: dev.sigstore.rekor.v1.InclusionPromise (*TransparencyLogEntry)(nil), // 4: dev.sigstore.rekor.v1.TransparencyLogEntry - (*v1.LogId)(nil), // 5: dev.sigstore.common.v1.LogId + (*RekorBundle)(nil), // 5: dev.sigstore.rekor.v1.RekorBundle + (*v1.LogId)(nil), // 6: dev.sigstore.common.v1.LogId } var file_sigstore_rekor_proto_depIdxs = []int32{ 1, // 0: dev.sigstore.rekor.v1.InclusionProof.checkpoint:type_name -> dev.sigstore.rekor.v1.Checkpoint - 5, // 1: dev.sigstore.rekor.v1.TransparencyLogEntry.log_id:type_name -> dev.sigstore.common.v1.LogId + 6, // 1: dev.sigstore.rekor.v1.TransparencyLogEntry.log_id:type_name -> dev.sigstore.common.v1.LogId 0, // 2: dev.sigstore.rekor.v1.TransparencyLogEntry.kind_version:type_name -> dev.sigstore.rekor.v1.KindVersion 3, // 3: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_promise:type_name -> dev.sigstore.rekor.v1.InclusionPromise 2, // 4: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_proof:type_name -> dev.sigstore.rekor.v1.InclusionProof @@ -607,6 +690,18 @@ func file_sigstore_rekor_proto_init() { return nil } } + file_sigstore_rekor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RekorBundle); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } type x struct{} out := protoimpl.TypeBuilder{ @@ -614,7 +709,7 @@ func file_sigstore_rekor_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_sigstore_rekor_proto_rawDesc, NumEnums: 0, - NumMessages: 5, + NumMessages: 6, NumExtensions: 0, NumServices: 0, }, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py index 81f2c522..da9ef971 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py @@ -150,3 +150,16 @@ class TransparencyLogEntry(betterproto.Message): the `Bundle.content`. If not set, clients are responsible for constructing an equivalent payload from other sources to verify the signature. """ + + +@dataclass(eq=False, repr=False) +class RekorBundle(betterproto.Message): + """ + The RekorBundle is the signed material used to produce the Signed Entry + Timestamp signature. See notes on the InclusionPromise above. + """ + + body: bytes = betterproto.bytes_field(1) + integrated_time: int = betterproto.int64_field(2) + log_id: str = betterproto.string_field(3) + log_index: int = betterproto.int64_field(4) diff --git a/gen/pb-ruby/lib/sigstore_rekor_pb.rb b/gen/pb-ruby/lib/sigstore_rekor_pb.rb index 73a343a3..9a5ddbca 100644 --- a/gen/pb-ruby/lib/sigstore_rekor_pb.rb +++ b/gen/pb-ruby/lib/sigstore_rekor_pb.rb @@ -34,6 +34,12 @@ optional :inclusion_proof, :message, 6, "dev.sigstore.rekor.v1.InclusionProof" optional :canonicalized_body, :bytes, 7 end + add_message "dev.sigstore.rekor.v1.RekorBundle" do + optional :body, :bytes, 1 + optional :integrated_time, :int64, 2 + optional :log_id, :string, 3 + optional :log_index, :int64, 4 + end end end @@ -45,6 +51,7 @@ module V1 InclusionProof = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.InclusionProof").msgclass InclusionPromise = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.InclusionPromise").msgclass TransparencyLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.TransparencyLogEntry").msgclass + RekorBundle = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.RekorBundle").msgclass end end end diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs index 6147a67a..9f020f26 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs @@ -158,3 +158,24 @@ pub struct TransparencyLogEntry { #[prost(bytes = "vec", tag = "7")] pub canonicalized_body: ::prost::alloc::vec::Vec, } +/// The RekorBundle is the signed material used to produce the Signed Entry +/// Timestamp signature. See notes on the InclusionPromise above. +#[derive( + sigstore_protobuf_specs_derive::Deserialize_proto, + sigstore_protobuf_specs_derive::Serialize_proto +)] +#[derive(::prost_reflect::ReflectMessage)] +#[prost_reflect(message_name = "dev.sigstore.rekor.v1.RekorBundle")] +#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] +#[allow(clippy::derive_partial_eq_without_eq)] +#[derive(Clone, PartialEq, ::prost::Message)] +pub struct RekorBundle { + #[prost(bytes = "vec", tag = "1")] + pub body: ::prost::alloc::vec::Vec, + #[prost(int64, tag = "2")] + pub integrated_time: i64, + #[prost(string, tag = "3")] + pub log_id: ::prost::alloc::string::String, + #[prost(int64, tag = "4")] + pub log_index: i64, +} diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index e767640e..85317890 100644 Binary files a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin and b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin differ diff --git a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts index 8ff7d451..bf0364a7 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts @@ -137,6 +137,17 @@ export interface TransparencyLogEntry { canonicalizedBody: Buffer; } +/** + * The RekorBundle is the signed material used to produce the Signed Entry + * Timestamp signature. See notes on the InclusionPromise above. + */ +export interface RekorBundle { + body: Buffer; + integratedTime: string; + logId: string; + logIndex: string; +} + function createBaseKindVersion(): KindVersion { return { kind: "", version: "" }; } @@ -274,6 +285,31 @@ export const TransparencyLogEntry = { }, }; +function createBaseRekorBundle(): RekorBundle { + return { body: Buffer.alloc(0), integratedTime: "0", logId: "", logIndex: "0" }; +} + +export const RekorBundle = { + fromJSON(object: any): RekorBundle { + return { + body: isSet(object.body) ? Buffer.from(bytesFromBase64(object.body)) : Buffer.alloc(0), + integratedTime: isSet(object.integratedTime) ? String(object.integratedTime) : "0", + logId: isSet(object.logId) ? String(object.logId) : "", + logIndex: isSet(object.logIndex) ? String(object.logIndex) : "0", + }; + }, + + toJSON(message: RekorBundle): unknown { + const obj: any = {}; + message.body !== undefined && + (obj.body = base64FromBytes(message.body !== undefined ? message.body : Buffer.alloc(0))); + message.integratedTime !== undefined && (obj.integratedTime = message.integratedTime); + message.logId !== undefined && (obj.logId = message.logId); + message.logIndex !== undefined && (obj.logIndex = message.logIndex); + return obj; + }, +}; + declare var self: any | undefined; declare var window: any | undefined; declare var global: any | undefined; diff --git a/protos/sigstore_rekor.proto b/protos/sigstore_rekor.proto index 2eca88f7..5ea4a2a8 100644 --- a/protos/sigstore_rekor.proto +++ b/protos/sigstore_rekor.proto @@ -128,3 +128,12 @@ message TransparencyLogEntry { // payload from other sources to verify the signature. bytes canonicalized_body = 7; } + +// The RekorBundle is the signed material used to produce the Signed Entry +// Timestamp signature. See notes on the InclusionPromise above. +message RekorBundle { + bytes body = 1 [(google.api.field_behavior) = REQUIRED]; + int64 integrated_time = 2 [(google.api.field_behavior) = REQUIRED]; + string log_id = 3 [(google.api.field_behavior) = REQUIRED]; + int64 log_index = 4 [(google.api.field_behavior) = REQUIRED]; +}