diff --git a/.github/ISSUE_TEMPLATE/release-checklist.md b/.github/ISSUE_TEMPLATE/release-checklist.md index 9be04ad9..f11ab9ac 100644 --- a/.github/ISSUE_TEMPLATE/release-checklist.md +++ b/.github/ISSUE_TEMPLATE/release-checklist.md @@ -15,6 +15,7 @@ Full release instructions are at: [RELEASE.md](/sigstore/protobuf-specs/blob/mai - [ ] Update [CHANGELOG](/sigstore/protobuf-specs/blob/main/CHANGELOG.md) - [ ] Update [pyproject.toml](/sigstore/protobuf-specs/blob/main/gen/pb-python/pyproject.toml) so the `version` matches the targeted release - [ ] Update [package.json](/sigstore/protobuf-specs/blob/main/gen/pb-typescript/package.json) so the `version` matches the targeted release +- [ ] Run `npm install` from the `gen/pb-typescript` directory to update [package-lock.json](/sigstore/protobuf-specs/blob/main/gen/pb-typescript/package-lock.json) - [ ] Update [version.rb](/sigstore/protobuf-specs/blob/main/gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb) so the `version` matches the targeted release - [ ] Update [Cargo.toml](/sigstore/protobuf-specs/blob/main/gen/pb-rust/sigstore-protobuf-specs/Cargo.toml) so the `version` matches the targeted release diff --git a/.github/workflows/container-release.yml b/.github/workflows/container-release.yml index 5e5126e2..1452beff 100644 --- a/.github/workflows/container-release.yml +++ b/.github/workflows/container-release.yml @@ -65,7 +65,7 @@ jobs: echo "IMAGE_DIGEST=$image_digest" >> "$GITHUB_ENV" - name: Generate artifact attestation - uses: actions/attest-build-provenance@db473fddc028af60658334401dc6fa3ffd8669fd # v2.3.0 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 with: subject-name: ${{ env.IMAGE_NO_TAG }} subject-digest: ${{ env.IMAGE_DIGEST }} diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index 5db5ad8b..bffdcc2c 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -14,4 +14,4 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: gradle/actions/wrapper-validation@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + - uses: gradle/actions/wrapper-validation@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 diff --git a/.github/workflows/java-build.yml b/.github/workflows/java-build.yml index d7148f59..28672224 100644 --- a/.github/workflows/java-build.yml +++ b/.github/workflows/java-build.yml @@ -43,7 +43,7 @@ jobs: java-version: ${{ matrix.java-version }} distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 + uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 # make sure jar generation works and tests/checks pass - name: Test diff --git a/.github/workflows/ruby-build.yml b/.github/workflows/ruby-build.yml index affbd8eb..5ca725fa 100644 --- a/.github/workflows/ruby-build.yml +++ b/.github/workflows/ruby-build.yml @@ -44,7 +44,7 @@ jobs: with: persist-credentials: false - name: Set up Ruby ${{ matrix.ruby-version }} - uses: ruby/setup-ruby@c95ae3725f6ebdd095f2bd19caed7ebc14435ba5 # v1.243.0 + uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0 with: ruby-version: ${{ matrix.ruby-version }} diff --git a/.github/workflows/ruby-release.yml b/.github/workflows/ruby-release.yml index 8fd90644..911a0fcc 100644 --- a/.github/workflows/ruby-release.yml +++ b/.github/workflows/ruby-release.yml @@ -39,7 +39,7 @@ jobs: with: persist-credentials: false - - uses: ruby/setup-ruby@c95ae3725f6ebdd095f2bd19caed7ebc14435ba5 # v1.243.0 + - uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0 with: ruby-version: '3.2' diff --git a/CHANGELOG.md b/CHANGELOG.md index bfa1d402..e3935cc1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,19 @@ All versions prior to 0.2.0 are untracked. ### Changed +## v0.5.0 + +### Added + +* Introduce v0.2 TrustedRoot, un-deprecate log ID. Checkpoint key ID and + Operator for TrustedRoot are only set for v0.2 TrustedRoot. + ([#690](https://github.com/sigstore/protobuf-specs/pull/690)) + +### Changed + +* Remove service-proto codegen for Go + ([#676](https://github.com/sigstore/protobuf-specs/pull/676)) + ## 0.4.3 * Added Rekor v2 generated clients ([#661](https://github.com/sigstore/protobuf-specs/pull/661)) diff --git a/Makefile b/Makefile index e3fdad05..6c38bce5 100644 --- a/Makefile +++ b/Makefile @@ -31,8 +31,12 @@ GID ?= $(shell id -g) DOCKER_BUILD = docker build --platform ${PLATFORM} --build-arg UID=${UID} DOCKER_RUN = docker run --platform ${PLATFORM} --user ${UID}:${GID} +# base protos for clients that do not want to include service-protos +BASE_PROTOS = $(shell find protos/ -iname "*.proto" | sed 's|^|/defs/|') +BASE_PROTO_INCLUDES=-I/opt/include -I/googleapis -I/defs/protos + PROTOS = $(shell find protos/ service-protos/ -iname "*.proto" | sed 's|^|/defs/|') -PROTO_INCLUDES=-I/opt/include -I/googleapis -I/defs/protos -I/defs/service-protos +PROTO_INCLUDES=${BASE_PROTO_INCLUDES} -I/defs/service-protos include protoc-builder/versions.mk @@ -40,12 +44,13 @@ include protoc-builder/versions.mk all: go python typescript ruby rust # generate Go protobuf code +# ignore service-protos, go clients should grab those from the service directly go: base-image-go @echo "Generating go proto Docker image" cd protoc-builder && ${DOCKER_BUILD} -t ${PROTOC_GO_IMAGE} -f Dockerfile.go . @echo "Generating go protobuf files" - ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_GO_IMAGE} ${PROTO_INCLUDES}\ - --go_opt=module=github.com/sigstore/protobuf-specs/gen/pb-go --go_out=/defs/gen/pb-go ${PROTOS} + ${DOCKER_RUN} -v ${PWD}:/defs ${PROTOC_GO_IMAGE} ${BASE_PROTO_INCLUDES}\ + --go_opt=module=github.com/sigstore/protobuf-specs/gen/pb-go --go_out=/defs/gen/pb-go ${BASE_PROTOS} # an image on ghcr for generating defintions for sigstore services services-image: base-image-go diff --git a/RELEASE.md b/RELEASE.md index 380f98c9..f21cbcda 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -62,6 +62,8 @@ Checklist prior to releasing: `version` matches the targeted release. 1. Update [package.json](gen/pb-typescript/package.json) so the `version` matches the targeted release. + - Run `npm install` from the "gen/pb-typescript" directory to sync the + version change to the `package-lock.json` file. 1. Update [version.rb](gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb) so the `version` matches the targeted release. 1. Update [Cargo.toml](gen/pb-rust/Cargo.toml) so the diff --git a/gen/pb-go/rekor/v2/dsse.pb.go b/gen/pb-go/rekor/v2/dsse.pb.go deleted file mode 100644 index 75390c31..00000000 --- a/gen/pb-go/rekor/v2/dsse.pb.go +++ /dev/null @@ -1,248 +0,0 @@ -// Copyright 2025 The Sigstore Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 -// source: rekor/v2/dsse.proto - -package v2 - -import ( - v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" - dsse "github.com/sigstore/protobuf-specs/gen/pb-go/dsse" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" - unsafe "unsafe" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// A request to add a DSSE v0.0.2 entry to the log -type DSSERequestV002 struct { - state protoimpl.MessageState `protogen:"open.v1"` - // A DSSE envelope - Envelope *dsse.Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` - // All necessary verification material to verify all signatures embedded in the envelope - Verifiers []*Verifier `protobuf:"bytes,2,rep,name=verifiers,proto3" json:"verifiers,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *DSSERequestV002) Reset() { - *x = DSSERequestV002{} - mi := &file_rekor_v2_dsse_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *DSSERequestV002) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DSSERequestV002) ProtoMessage() {} - -func (x *DSSERequestV002) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_dsse_proto_msgTypes[0] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DSSERequestV002.ProtoReflect.Descriptor instead. -func (*DSSERequestV002) Descriptor() ([]byte, []int) { - return file_rekor_v2_dsse_proto_rawDescGZIP(), []int{0} -} - -func (x *DSSERequestV002) GetEnvelope() *dsse.Envelope { - if x != nil { - return x.Envelope - } - return nil -} - -func (x *DSSERequestV002) GetVerifiers() []*Verifier { - if x != nil { - return x.Verifiers - } - return nil -} - -type DSSELogEntryV002 struct { - state protoimpl.MessageState `protogen:"open.v1"` - // The hash of the DSSE payload - PayloadHash *v1.HashOutput `protobuf:"bytes,1,opt,name=payloadHash,proto3" json:"payloadHash,omitempty"` - // Signatures and their associated verification material used to verify the payload - Signatures []*Signature `protobuf:"bytes,2,rep,name=signatures,proto3" json:"signatures,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *DSSELogEntryV002) Reset() { - *x = DSSELogEntryV002{} - mi := &file_rekor_v2_dsse_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *DSSELogEntryV002) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DSSELogEntryV002) ProtoMessage() {} - -func (x *DSSELogEntryV002) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_dsse_proto_msgTypes[1] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DSSELogEntryV002.ProtoReflect.Descriptor instead. -func (*DSSELogEntryV002) Descriptor() ([]byte, []int) { - return file_rekor_v2_dsse_proto_rawDescGZIP(), []int{1} -} - -func (x *DSSELogEntryV002) GetPayloadHash() *v1.HashOutput { - if x != nil { - return x.PayloadHash - } - return nil -} - -func (x *DSSELogEntryV002) GetSignatures() []*Signature { - if x != nil { - return x.Signatures - } - return nil -} - -var File_rekor_v2_dsse_proto protoreflect.FileDescriptor - -var file_rekor_v2_dsse_proto_rawDesc = string([]byte{ - 0x0a, 0x13, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x73, 0x73, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, - 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0e, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, - 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8b, 0x01, - 0x0a, 0x0f, 0x44, 0x53, 0x53, 0x45, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, - 0x32, 0x12, 0x34, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x69, 0x6f, 0x2e, 0x69, 0x6e, 0x74, 0x6f, 0x74, 0x6f, 0x2e, - 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x65, - 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, 0x42, 0x0a, 0x09, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x64, 0x65, 0x76, - 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, - 0x76, 0x32, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x42, 0x03, 0xe0, 0x41, 0x02, - 0x52, 0x09, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x22, 0xa4, 0x01, 0x0a, 0x10, - 0x44, 0x53, 0x53, 0x45, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, - 0x12, 0x49, 0x0a, 0x0b, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x61, 0x73, 0x68, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, - 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, - 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x48, 0x61, 0x73, 0x68, 0x12, 0x45, 0x0a, 0x0a, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, - 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x73, 0x42, 0x79, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x42, 0x0b, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x44, 0x73, 0x73, 0x65, 0x50, 0x01, - 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, - 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, - 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) - -var ( - file_rekor_v2_dsse_proto_rawDescOnce sync.Once - file_rekor_v2_dsse_proto_rawDescData []byte -) - -func file_rekor_v2_dsse_proto_rawDescGZIP() []byte { - file_rekor_v2_dsse_proto_rawDescOnce.Do(func() { - file_rekor_v2_dsse_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_dsse_proto_rawDesc), len(file_rekor_v2_dsse_proto_rawDesc))) - }) - return file_rekor_v2_dsse_proto_rawDescData -} - -var file_rekor_v2_dsse_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_rekor_v2_dsse_proto_goTypes = []any{ - (*DSSERequestV002)(nil), // 0: dev.sigstore.rekor.v2.DSSERequestV002 - (*DSSELogEntryV002)(nil), // 1: dev.sigstore.rekor.v2.DSSELogEntryV002 - (*dsse.Envelope)(nil), // 2: io.intoto.Envelope - (*Verifier)(nil), // 3: dev.sigstore.rekor.v2.Verifier - (*v1.HashOutput)(nil), // 4: dev.sigstore.common.v1.HashOutput - (*Signature)(nil), // 5: dev.sigstore.rekor.v2.Signature -} -var file_rekor_v2_dsse_proto_depIdxs = []int32{ - 2, // 0: dev.sigstore.rekor.v2.DSSERequestV002.envelope:type_name -> io.intoto.Envelope - 3, // 1: dev.sigstore.rekor.v2.DSSERequestV002.verifiers:type_name -> dev.sigstore.rekor.v2.Verifier - 4, // 2: dev.sigstore.rekor.v2.DSSELogEntryV002.payloadHash:type_name -> dev.sigstore.common.v1.HashOutput - 5, // 3: dev.sigstore.rekor.v2.DSSELogEntryV002.signatures:type_name -> dev.sigstore.rekor.v2.Signature - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_rekor_v2_dsse_proto_init() } -func file_rekor_v2_dsse_proto_init() { - if File_rekor_v2_dsse_proto != nil { - return - } - file_rekor_v2_verifier_proto_init() - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_dsse_proto_rawDesc), len(file_rekor_v2_dsse_proto_rawDesc)), - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rekor_v2_dsse_proto_goTypes, - DependencyIndexes: file_rekor_v2_dsse_proto_depIdxs, - MessageInfos: file_rekor_v2_dsse_proto_msgTypes, - }.Build() - File_rekor_v2_dsse_proto = out.File - file_rekor_v2_dsse_proto_goTypes = nil - file_rekor_v2_dsse_proto_depIdxs = nil -} diff --git a/gen/pb-go/rekor/v2/entry.pb.go b/gen/pb-go/rekor/v2/entry.pb.go deleted file mode 100644 index 9bbb83c3..00000000 --- a/gen/pb-go/rekor/v2/entry.pb.go +++ /dev/null @@ -1,395 +0,0 @@ -// Copyright 2025 The Sigstore Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 -// source: rekor/v2/entry.proto - -package v2 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" - unsafe "unsafe" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Entry is the message that is canonicalized and uploaded to the log. -// This format is meant to be compliant with Rekor v1 entries in that -// the `apiVersion` and `kind` can be parsed before parsing the spec. -// Clients are expected to understand and handle the differences in the -// contents of `spec` between Rekor v1 (a polymorphic OpenAPI defintion) -// and Rekor v2 (a typed proto defintion). -type Entry struct { - state protoimpl.MessageState `protogen:"open.v1"` - Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` - ApiVersion string `protobuf:"bytes,2,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"` - Spec *Spec `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *Entry) Reset() { - *x = Entry{} - mi := &file_rekor_v2_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *Entry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Entry) ProtoMessage() {} - -func (x *Entry) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_entry_proto_msgTypes[0] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Entry.ProtoReflect.Descriptor instead. -func (*Entry) Descriptor() ([]byte, []int) { - return file_rekor_v2_entry_proto_rawDescGZIP(), []int{0} -} - -func (x *Entry) GetKind() string { - if x != nil { - return x.Kind - } - return "" -} - -func (x *Entry) GetApiVersion() string { - if x != nil { - return x.ApiVersion - } - return "" -} - -func (x *Entry) GetSpec() *Spec { - if x != nil { - return x.Spec - } - return nil -} - -// Spec contains one of the Rekor entry types. -type Spec struct { - state protoimpl.MessageState `protogen:"open.v1"` - // Types that are valid to be assigned to Spec: - // - // *Spec_HashedRekordV002 - // *Spec_DsseV002 - Spec isSpec_Spec `protobuf_oneof:"spec"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *Spec) Reset() { - *x = Spec{} - mi := &file_rekor_v2_entry_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *Spec) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Spec) ProtoMessage() {} - -func (x *Spec) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_entry_proto_msgTypes[1] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Spec.ProtoReflect.Descriptor instead. -func (*Spec) Descriptor() ([]byte, []int) { - return file_rekor_v2_entry_proto_rawDescGZIP(), []int{1} -} - -func (x *Spec) GetSpec() isSpec_Spec { - if x != nil { - return x.Spec - } - return nil -} - -func (x *Spec) GetHashedRekordV002() *HashedRekordLogEntryV002 { - if x != nil { - if x, ok := x.Spec.(*Spec_HashedRekordV002); ok { - return x.HashedRekordV002 - } - } - return nil -} - -func (x *Spec) GetDsseV002() *DSSELogEntryV002 { - if x != nil { - if x, ok := x.Spec.(*Spec_DsseV002); ok { - return x.DsseV002 - } - } - return nil -} - -type isSpec_Spec interface { - isSpec_Spec() -} - -type Spec_HashedRekordV002 struct { - HashedRekordV002 *HashedRekordLogEntryV002 `protobuf:"bytes,1,opt,name=hashed_rekord_v002,json=hashedRekordV002,proto3,oneof"` -} - -type Spec_DsseV002 struct { - DsseV002 *DSSELogEntryV002 `protobuf:"bytes,2,opt,name=dsse_v002,json=dsseV002,proto3,oneof"` -} - -func (*Spec_HashedRekordV002) isSpec_Spec() {} - -func (*Spec_DsseV002) isSpec_Spec() {} - -// Create a new HashedRekord or DSSE -type CreateEntryRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - // Types that are valid to be assigned to Spec: - // - // *CreateEntryRequest_HashedRekordRequestV002 - // *CreateEntryRequest_DsseRequestV002 - Spec isCreateEntryRequest_Spec `protobuf_oneof:"spec"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *CreateEntryRequest) Reset() { - *x = CreateEntryRequest{} - mi := &file_rekor_v2_entry_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *CreateEntryRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CreateEntryRequest) ProtoMessage() {} - -func (x *CreateEntryRequest) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_entry_proto_msgTypes[2] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CreateEntryRequest.ProtoReflect.Descriptor instead. -func (*CreateEntryRequest) Descriptor() ([]byte, []int) { - return file_rekor_v2_entry_proto_rawDescGZIP(), []int{2} -} - -func (x *CreateEntryRequest) GetSpec() isCreateEntryRequest_Spec { - if x != nil { - return x.Spec - } - return nil -} - -func (x *CreateEntryRequest) GetHashedRekordRequestV002() *HashedRekordRequestV002 { - if x != nil { - if x, ok := x.Spec.(*CreateEntryRequest_HashedRekordRequestV002); ok { - return x.HashedRekordRequestV002 - } - } - return nil -} - -func (x *CreateEntryRequest) GetDsseRequestV002() *DSSERequestV002 { - if x != nil { - if x, ok := x.Spec.(*CreateEntryRequest_DsseRequestV002); ok { - return x.DsseRequestV002 - } - } - return nil -} - -type isCreateEntryRequest_Spec interface { - isCreateEntryRequest_Spec() -} - -type CreateEntryRequest_HashedRekordRequestV002 struct { - HashedRekordRequestV002 *HashedRekordRequestV002 `protobuf:"bytes,1,opt,name=hashed_rekord_request_v002,json=hashedRekordRequestV002,proto3,oneof"` -} - -type CreateEntryRequest_DsseRequestV002 struct { - DsseRequestV002 *DSSERequestV002 `protobuf:"bytes,2,opt,name=dsse_request_v002,json=dsseRequestV002,proto3,oneof"` -} - -func (*CreateEntryRequest_HashedRekordRequestV002) isCreateEntryRequest_Spec() {} - -func (*CreateEntryRequest_DsseRequestV002) isCreateEntryRequest_Spec() {} - -var File_rekor_v2_entry_proto protoreflect.FileDescriptor - -var file_rekor_v2_entry_proto_rawDesc = string([]byte{ - 0x0a, 0x14, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, - 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x13, - 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x73, 0x73, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x68, 0x61, - 0x73, 0x68, 0x65, 0x64, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x7c, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x17, 0x0a, 0x04, 0x6b, 0x69, 0x6e, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6b, 0x69, - 0x6e, 0x64, 0x12, 0x24, 0x0a, 0x0b, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x61, 0x70, - 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, - 0x70, 0x65, 0x63, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, 0x22, 0xc1, - 0x01, 0x0a, 0x04, 0x53, 0x70, 0x65, 0x63, 0x12, 0x64, 0x0a, 0x12, 0x68, 0x61, 0x73, 0x68, 0x65, - 0x64, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x5f, 0x76, 0x30, 0x30, 0x32, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x61, 0x73, 0x68, - 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x56, 0x30, 0x30, 0x32, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x10, 0x68, 0x61, 0x73, - 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x56, 0x30, 0x30, 0x32, 0x12, 0x4b, 0x0a, - 0x09, 0x64, 0x73, 0x73, 0x65, 0x5f, 0x76, 0x30, 0x30, 0x32, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x53, 0x53, 0x45, 0x4c, 0x6f, 0x67, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, - 0x52, 0x08, 0x64, 0x73, 0x73, 0x65, 0x56, 0x30, 0x30, 0x32, 0x42, 0x06, 0x0a, 0x04, 0x73, 0x70, - 0x65, 0x63, 0x22, 0xeb, 0x01, 0x0a, 0x12, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x72, 0x0a, 0x1a, 0x68, 0x61, 0x73, - 0x68, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x5f, 0x76, 0x30, 0x30, 0x32, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, - 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, - 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, - 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x48, 0x00, 0x52, 0x17, 0x68, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, 0x6f, - 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, 0x12, 0x59, 0x0a, - 0x11, 0x64, 0x73, 0x73, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x30, - 0x30, 0x32, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x44, 0x53, 0x53, 0x45, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0f, 0x64, 0x73, 0x73, 0x65, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, 0x42, 0x06, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, - 0x42, 0x7a, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x42, - 0x0c, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x01, 0x5a, - 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, - 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, - 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -}) - -var ( - file_rekor_v2_entry_proto_rawDescOnce sync.Once - file_rekor_v2_entry_proto_rawDescData []byte -) - -func file_rekor_v2_entry_proto_rawDescGZIP() []byte { - file_rekor_v2_entry_proto_rawDescOnce.Do(func() { - file_rekor_v2_entry_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_entry_proto_rawDesc), len(file_rekor_v2_entry_proto_rawDesc))) - }) - return file_rekor_v2_entry_proto_rawDescData -} - -var file_rekor_v2_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_rekor_v2_entry_proto_goTypes = []any{ - (*Entry)(nil), // 0: dev.sigstore.rekor.v2.Entry - (*Spec)(nil), // 1: dev.sigstore.rekor.v2.Spec - (*CreateEntryRequest)(nil), // 2: dev.sigstore.rekor.v2.CreateEntryRequest - (*HashedRekordLogEntryV002)(nil), // 3: dev.sigstore.rekor.v2.HashedRekordLogEntryV002 - (*DSSELogEntryV002)(nil), // 4: dev.sigstore.rekor.v2.DSSELogEntryV002 - (*HashedRekordRequestV002)(nil), // 5: dev.sigstore.rekor.v2.HashedRekordRequestV002 - (*DSSERequestV002)(nil), // 6: dev.sigstore.rekor.v2.DSSERequestV002 -} -var file_rekor_v2_entry_proto_depIdxs = []int32{ - 1, // 0: dev.sigstore.rekor.v2.Entry.spec:type_name -> dev.sigstore.rekor.v2.Spec - 3, // 1: dev.sigstore.rekor.v2.Spec.hashed_rekord_v002:type_name -> dev.sigstore.rekor.v2.HashedRekordLogEntryV002 - 4, // 2: dev.sigstore.rekor.v2.Spec.dsse_v002:type_name -> dev.sigstore.rekor.v2.DSSELogEntryV002 - 5, // 3: dev.sigstore.rekor.v2.CreateEntryRequest.hashed_rekord_request_v002:type_name -> dev.sigstore.rekor.v2.HashedRekordRequestV002 - 6, // 4: dev.sigstore.rekor.v2.CreateEntryRequest.dsse_request_v002:type_name -> dev.sigstore.rekor.v2.DSSERequestV002 - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_rekor_v2_entry_proto_init() } -func file_rekor_v2_entry_proto_init() { - if File_rekor_v2_entry_proto != nil { - return - } - file_rekor_v2_dsse_proto_init() - file_rekor_v2_hashedrekord_proto_init() - file_rekor_v2_entry_proto_msgTypes[1].OneofWrappers = []any{ - (*Spec_HashedRekordV002)(nil), - (*Spec_DsseV002)(nil), - } - file_rekor_v2_entry_proto_msgTypes[2].OneofWrappers = []any{ - (*CreateEntryRequest_HashedRekordRequestV002)(nil), - (*CreateEntryRequest_DsseRequestV002)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_entry_proto_rawDesc), len(file_rekor_v2_entry_proto_rawDesc)), - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rekor_v2_entry_proto_goTypes, - DependencyIndexes: file_rekor_v2_entry_proto_depIdxs, - MessageInfos: file_rekor_v2_entry_proto_msgTypes, - }.Build() - File_rekor_v2_entry_proto = out.File - file_rekor_v2_entry_proto_goTypes = nil - file_rekor_v2_entry_proto_depIdxs = nil -} diff --git a/gen/pb-go/rekor/v2/hashedrekord.pb.go b/gen/pb-go/rekor/v2/hashedrekord.pb.go deleted file mode 100644 index ca519b67..00000000 --- a/gen/pb-go/rekor/v2/hashedrekord.pb.go +++ /dev/null @@ -1,242 +0,0 @@ -// Copyright 2025 The Sigstore Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 -// source: rekor/v2/hashedrekord.proto - -package v2 - -import ( - v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" - unsafe "unsafe" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// A request to add a hashedrekord v0.0.2 to the log -type HashedRekordRequestV002 struct { - state protoimpl.MessageState `protogen:"open.v1"` - // The hashed data - Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` - // A single signature over the hashed data with the verifier needed to validate it - Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *HashedRekordRequestV002) Reset() { - *x = HashedRekordRequestV002{} - mi := &file_rekor_v2_hashedrekord_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *HashedRekordRequestV002) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HashedRekordRequestV002) ProtoMessage() {} - -func (x *HashedRekordRequestV002) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_hashedrekord_proto_msgTypes[0] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HashedRekordRequestV002.ProtoReflect.Descriptor instead. -func (*HashedRekordRequestV002) Descriptor() ([]byte, []int) { - return file_rekor_v2_hashedrekord_proto_rawDescGZIP(), []int{0} -} - -func (x *HashedRekordRequestV002) GetDigest() []byte { - if x != nil { - return x.Digest - } - return nil -} - -func (x *HashedRekordRequestV002) GetSignature() *Signature { - if x != nil { - return x.Signature - } - return nil -} - -type HashedRekordLogEntryV002 struct { - state protoimpl.MessageState `protogen:"open.v1"` - // The hashed data - Data *v1.HashOutput `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"` - // A single signature over the hashed data with the verifier needed to validate it - Signature *Signature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *HashedRekordLogEntryV002) Reset() { - *x = HashedRekordLogEntryV002{} - mi := &file_rekor_v2_hashedrekord_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *HashedRekordLogEntryV002) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HashedRekordLogEntryV002) ProtoMessage() {} - -func (x *HashedRekordLogEntryV002) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_hashedrekord_proto_msgTypes[1] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HashedRekordLogEntryV002.ProtoReflect.Descriptor instead. -func (*HashedRekordLogEntryV002) Descriptor() ([]byte, []int) { - return file_rekor_v2_hashedrekord_proto_rawDescGZIP(), []int{1} -} - -func (x *HashedRekordLogEntryV002) GetData() *v1.HashOutput { - if x != nil { - return x.Data - } - return nil -} - -func (x *HashedRekordLogEntryV002) GetSignature() *Signature { - if x != nil { - return x.Signature - } - return nil -} - -var File_rekor_v2_hashedrekord_proto protoreflect.FileDescriptor - -var file_rekor_v2_hashedrekord_proto_rawDesc = string([]byte{ - 0x0a, 0x1b, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x65, - 0x64, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, - 0x72, 0x2e, 0x76, 0x32, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x72, 0x65, - 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7b, 0x0a, 0x17, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, - 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x30, 0x30, 0x32, - 0x12, 0x1b, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, - 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x22, 0x9c, 0x01, 0x0a, 0x18, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, 0x52, 0x65, 0x6b, - 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x56, 0x30, 0x30, 0x32, 0x12, - 0x3b, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x4f, 0x75, 0x74, 0x70, 0x75, - 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x43, 0x0a, 0x09, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, - 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x42, 0x81, 0x01, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, - 0x32, 0x42, 0x13, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x48, 0x61, 0x73, 0x68, 0x65, 0x64, - 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x64, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, - 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, - 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, - 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) - -var ( - file_rekor_v2_hashedrekord_proto_rawDescOnce sync.Once - file_rekor_v2_hashedrekord_proto_rawDescData []byte -) - -func file_rekor_v2_hashedrekord_proto_rawDescGZIP() []byte { - file_rekor_v2_hashedrekord_proto_rawDescOnce.Do(func() { - file_rekor_v2_hashedrekord_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_hashedrekord_proto_rawDesc), len(file_rekor_v2_hashedrekord_proto_rawDesc))) - }) - return file_rekor_v2_hashedrekord_proto_rawDescData -} - -var file_rekor_v2_hashedrekord_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_rekor_v2_hashedrekord_proto_goTypes = []any{ - (*HashedRekordRequestV002)(nil), // 0: dev.sigstore.rekor.v2.HashedRekordRequestV002 - (*HashedRekordLogEntryV002)(nil), // 1: dev.sigstore.rekor.v2.HashedRekordLogEntryV002 - (*Signature)(nil), // 2: dev.sigstore.rekor.v2.Signature - (*v1.HashOutput)(nil), // 3: dev.sigstore.common.v1.HashOutput -} -var file_rekor_v2_hashedrekord_proto_depIdxs = []int32{ - 2, // 0: dev.sigstore.rekor.v2.HashedRekordRequestV002.signature:type_name -> dev.sigstore.rekor.v2.Signature - 3, // 1: dev.sigstore.rekor.v2.HashedRekordLogEntryV002.data:type_name -> dev.sigstore.common.v1.HashOutput - 2, // 2: dev.sigstore.rekor.v2.HashedRekordLogEntryV002.signature:type_name -> dev.sigstore.rekor.v2.Signature - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name -} - -func init() { file_rekor_v2_hashedrekord_proto_init() } -func file_rekor_v2_hashedrekord_proto_init() { - if File_rekor_v2_hashedrekord_proto != nil { - return - } - file_rekor_v2_verifier_proto_init() - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_hashedrekord_proto_rawDesc), len(file_rekor_v2_hashedrekord_proto_rawDesc)), - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rekor_v2_hashedrekord_proto_goTypes, - DependencyIndexes: file_rekor_v2_hashedrekord_proto_depIdxs, - MessageInfos: file_rekor_v2_hashedrekord_proto_msgTypes, - }.Build() - File_rekor_v2_hashedrekord_proto = out.File - file_rekor_v2_hashedrekord_proto_goTypes = nil - file_rekor_v2_hashedrekord_proto_depIdxs = nil -} diff --git a/gen/pb-go/rekor/v2/verifier.pb.go b/gen/pb-go/rekor/v2/verifier.pb.go deleted file mode 100644 index 098e6078..00000000 --- a/gen/pb-go/rekor/v2/verifier.pb.go +++ /dev/null @@ -1,338 +0,0 @@ -// Copyright 2025 The Sigstore Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.36.5 -// protoc v6.30.2 -// source: rekor/v2/verifier.proto - -package v2 - -import ( - v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" - unsafe "unsafe" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// PublicKey contains an encoded public key -type PublicKey struct { - state protoimpl.MessageState `protogen:"open.v1"` - // DER-encoded public key - RawBytes []byte `protobuf:"bytes,1,opt,name=raw_bytes,json=rawBytes,proto3" json:"raw_bytes,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *PublicKey) Reset() { - *x = PublicKey{} - mi := &file_rekor_v2_verifier_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *PublicKey) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PublicKey) ProtoMessage() {} - -func (x *PublicKey) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_verifier_proto_msgTypes[0] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PublicKey.ProtoReflect.Descriptor instead. -func (*PublicKey) Descriptor() ([]byte, []int) { - return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{0} -} - -func (x *PublicKey) GetRawBytes() []byte { - if x != nil { - return x.RawBytes - } - return nil -} - -// Either a public key or a X.509 cerificiate with an embedded public key -type Verifier struct { - state protoimpl.MessageState `protogen:"open.v1"` - // Types that are valid to be assigned to Verifier: - // - // *Verifier_PublicKey - // *Verifier_X509Certificate - Verifier isVerifier_Verifier `protobuf_oneof:"verifier"` - // Key encoding and signature algorithm to use for this key - KeyDetails v1.PublicKeyDetails `protobuf:"varint,3,opt,name=key_details,json=keyDetails,proto3,enum=dev.sigstore.common.v1.PublicKeyDetails" json:"key_details,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *Verifier) Reset() { - *x = Verifier{} - mi := &file_rekor_v2_verifier_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *Verifier) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Verifier) ProtoMessage() {} - -func (x *Verifier) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_verifier_proto_msgTypes[1] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Verifier.ProtoReflect.Descriptor instead. -func (*Verifier) Descriptor() ([]byte, []int) { - return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{1} -} - -func (x *Verifier) GetVerifier() isVerifier_Verifier { - if x != nil { - return x.Verifier - } - return nil -} - -func (x *Verifier) GetPublicKey() *PublicKey { - if x != nil { - if x, ok := x.Verifier.(*Verifier_PublicKey); ok { - return x.PublicKey - } - } - return nil -} - -func (x *Verifier) GetX509Certificate() *v1.X509Certificate { - if x != nil { - if x, ok := x.Verifier.(*Verifier_X509Certificate); ok { - return x.X509Certificate - } - } - return nil -} - -func (x *Verifier) GetKeyDetails() v1.PublicKeyDetails { - if x != nil { - return x.KeyDetails - } - return v1.PublicKeyDetails(0) -} - -type isVerifier_Verifier interface { - isVerifier_Verifier() -} - -type Verifier_PublicKey struct { - // DER-encoded public key. Encoding method is specified by the key_details attribute - PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3,oneof"` -} - -type Verifier_X509Certificate struct { - // DER-encoded certificate - X509Certificate *v1.X509Certificate `protobuf:"bytes,2,opt,name=x509_certificate,json=x509Certificate,proto3,oneof"` -} - -func (*Verifier_PublicKey) isVerifier_Verifier() {} - -func (*Verifier_X509Certificate) isVerifier_Verifier() {} - -// A signature and an associated verifier -type Signature struct { - state protoimpl.MessageState `protogen:"open.v1"` - Content []byte `protobuf:"bytes,1,opt,name=content,proto3" json:"content,omitempty"` - Verifier *Verifier `protobuf:"bytes,2,opt,name=verifier,proto3" json:"verifier,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *Signature) Reset() { - *x = Signature{} - mi := &file_rekor_v2_verifier_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *Signature) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Signature) ProtoMessage() {} - -func (x *Signature) ProtoReflect() protoreflect.Message { - mi := &file_rekor_v2_verifier_proto_msgTypes[2] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Signature.ProtoReflect.Descriptor instead. -func (*Signature) Descriptor() ([]byte, []int) { - return file_rekor_v2_verifier_proto_rawDescGZIP(), []int{2} -} - -func (x *Signature) GetContent() []byte { - if x != nil { - return x.Content - } - return nil -} - -func (x *Signature) GetVerifier() *Verifier { - if x != nil { - return x.Verifier - } - return nil -} - -var File_rekor_v2_verifier_proto protoreflect.FileDescriptor - -var file_rekor_v2_verifier_proto_rawDesc = string([]byte{ - 0x0a, 0x17, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, - 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2d, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x09, 0x72, 0x61, 0x77, 0x5f, 0x62, 0x79, 0x74, - 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x72, - 0x61, 0x77, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x08, 0x56, 0x65, 0x72, 0x69, - 0x66, 0x69, 0x65, 0x72, 0x12, 0x46, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, - 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, - 0x00, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x59, 0x0a, 0x10, - 0x78, 0x35, 0x30, 0x39, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, - 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0f, 0x78, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x64, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x44, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x6b, 0x65, 0x79, - 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x22, 0x6c, 0x0a, 0x09, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x12, 0x1d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, - 0x40, 0x0a, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x42, 0x7d, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x32, - 0x42, 0x0f, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x56, 0x32, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, - 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x32, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x32, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -}) - -var ( - file_rekor_v2_verifier_proto_rawDescOnce sync.Once - file_rekor_v2_verifier_proto_rawDescData []byte -) - -func file_rekor_v2_verifier_proto_rawDescGZIP() []byte { - file_rekor_v2_verifier_proto_rawDescOnce.Do(func() { - file_rekor_v2_verifier_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rekor_v2_verifier_proto_rawDesc), len(file_rekor_v2_verifier_proto_rawDesc))) - }) - return file_rekor_v2_verifier_proto_rawDescData -} - -var file_rekor_v2_verifier_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_rekor_v2_verifier_proto_goTypes = []any{ - (*PublicKey)(nil), // 0: dev.sigstore.rekor.v2.PublicKey - (*Verifier)(nil), // 1: dev.sigstore.rekor.v2.Verifier - (*Signature)(nil), // 2: dev.sigstore.rekor.v2.Signature - (*v1.X509Certificate)(nil), // 3: dev.sigstore.common.v1.X509Certificate - (v1.PublicKeyDetails)(0), // 4: dev.sigstore.common.v1.PublicKeyDetails -} -var file_rekor_v2_verifier_proto_depIdxs = []int32{ - 0, // 0: dev.sigstore.rekor.v2.Verifier.public_key:type_name -> dev.sigstore.rekor.v2.PublicKey - 3, // 1: dev.sigstore.rekor.v2.Verifier.x509_certificate:type_name -> dev.sigstore.common.v1.X509Certificate - 4, // 2: dev.sigstore.rekor.v2.Verifier.key_details:type_name -> dev.sigstore.common.v1.PublicKeyDetails - 1, // 3: dev.sigstore.rekor.v2.Signature.verifier:type_name -> dev.sigstore.rekor.v2.Verifier - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name -} - -func init() { file_rekor_v2_verifier_proto_init() } -func file_rekor_v2_verifier_proto_init() { - if File_rekor_v2_verifier_proto != nil { - return - } - file_rekor_v2_verifier_proto_msgTypes[1].OneofWrappers = []any{ - (*Verifier_PublicKey)(nil), - (*Verifier_X509Certificate)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: unsafe.Slice(unsafe.StringData(file_rekor_v2_verifier_proto_rawDesc), len(file_rekor_v2_verifier_proto_rawDesc)), - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_rekor_v2_verifier_proto_goTypes, - DependencyIndexes: file_rekor_v2_verifier_proto_depIdxs, - MessageInfos: file_rekor_v2_verifier_proto_msgTypes, - }.Build() - File_rekor_v2_verifier_proto = out.File - file_rekor_v2_verifier_proto_goTypes = nil - file_rekor_v2_verifier_proto_depIdxs = nil -} diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index eaa250c5..580d1c69 100644 --- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -118,21 +118,23 @@ type TransparencyLogInstance struct { // The public key used to verify signatures generated by the log. // This attribute contains the signature algorithm used by the log. PublicKey *v1.PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` - // The unique identifier for this transparency log. + // The identifier for this transparency log. // Represented as the SHA-256 hash of the log's public key, // calculated over the DER encoding of the key represented as // SubjectPublicKeyInfo. // See https://www.rfc-editor.org/rfc/rfc6962#section-3.2 - // MUST set checkpoint_key_id if multiple logs use the same - // signing key. - // Deprecated: Use checkpoint_key_id instead, since log_id is not + // For Rekor v2 instances, log_id and checkpoint_key_id will be set + // to the same value. + // It is recommended to use checkpoint_key_id instead, since log_id is not // guaranteed to be unique across multiple deployments. Clients - // must use the key name and key ID from a checkpoint to determine - // the correct TransparencyLogInstance to verify a proof. - // - // Deprecated: Marked as deprecated in sigstore_trustroot.proto. + // must use the key name and key ID, as defined by the signed-note spec + // linked below, from a checkpoint to determine the correct + // TransparencyLogInstance to verify a proof. + // log_id will eventually be deprecated in favor of checkpoint_id. LogId *v1.LogId `protobuf:"bytes,4,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"` // The unique identifier for the log, used in the checkpoint. + // Only supported for TrustedRoot media types matching or greater than + // application/vnd.dev.sigstore.trustedroot.v0.2+json // Its calculation is described in // https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures // SHOULD be set for all logs. When not set, clients MUST use log_id. @@ -157,6 +159,8 @@ type TransparencyLogInstance struct { CheckpointKeyId *v1.LogId `protobuf:"bytes,5,opt,name=checkpoint_key_id,json=checkpointKeyId,proto3" json:"checkpoint_key_id,omitempty"` // The name of the operator of this log deployment. Operator MUST be // formatted as a scheme-less URI, e.g. sigstore.dev + // Only supported for TrustedRoot media types matching or greater than + // application/vnd.dev.sigstore.trustedroot.v0.2+json // This MUST be used when there are multiple transparency log instances // to determine if log proof verification meets a specified threshold, // e.g. two proofs from log deployments operated by the same operator @@ -217,7 +221,6 @@ func (x *TransparencyLogInstance) GetPublicKey() *v1.PublicKey { return nil } -// Deprecated: Marked as deprecated in sigstore_trustroot.proto. func (x *TransparencyLogInstance) GetLogId() *v1.LogId { if x != nil { return x.LogId @@ -374,10 +377,12 @@ func (x *CertificateAuthority) GetOperator() string { // is, a sub-set of the complete trust root) that is used for verification. type TrustedRoot struct { state protoimpl.MessageState `protogen:"open.v1"` - // MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + // MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json // when encoded as JSON. - // Clients MUST be able to process and parse content with the media - // type defined in the old format: + // Clients MAY choose to also support + // application/vnd.dev.sigstore.trustedroot.v0.1+json + // Clients MAY process and parse content with the media type defined + // in the old format: // application/vnd.dev.sigstore.trustedroot+json;version=0.1 MediaType string `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // A set of trusted Rekor servers. @@ -854,7 +859,7 @@ var file_sigstore_trustroot_proto_rawDesc = string([]byte{ 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe5, 0x02, + 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x02, 0x0a, 0x17, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x62, 0x61, 0x73, @@ -867,136 +872,136 @@ var file_sigstore_trustroot_proto_rawDesc = string([]byte{ 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x04, + 0x63, 0x4b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, - 0x67, 0x49, 0x64, 0x42, 0x02, 0x18, 0x01, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x49, - 0x0a, 0x11, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, - 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x52, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, - 0x6f, 0x69, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, 0x96, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x43, - 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x29, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, - 0x75, 0x69, 0x73, 0x68, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, - 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x4b, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x63, 0x68, - 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61, - 0x69, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, - 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, - 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, 0x92, - 0x03, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1d, - 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, - 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, - 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x52, 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x67, 0x49, 0x64, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x49, 0x0a, 0x11, 0x63, 0x68, + 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, + 0x6f, 0x67, 0x49, 0x64, 0x52, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, + 0x4b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, + 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, + 0x72, 0x22, 0x96, 0x02, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x43, 0x0a, 0x07, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x64, 0x65, + 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, 0x68, + 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, + 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, + 0x69, 0x12, 0x4b, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, + 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, + 0x61, 0x69, 0x6e, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x3e, + 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, + 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x1a, + 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, 0x92, 0x03, 0x0a, 0x0b, 0x54, + 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, + 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x74, 0x6c, 0x6f, + 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, - 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, - 0x73, 0x12, 0x4a, 0x0a, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, - 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x64, 0x0a, - 0x15, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, - 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x14, 0x74, - 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x69, 0x65, 0x73, 0x22, 0xea, 0x03, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, - 0x54, 0x79, 0x70, 0x65, 0x12, 0x3b, 0x0a, 0x07, 0x63, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, - 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x06, 0x63, 0x61, 0x55, 0x72, 0x6c, - 0x73, 0x12, 0x3f, 0x0a, 0x09, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x07, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, + 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, + 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x74, 0x6c, + 0x6f, 0x67, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, - 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, - 0x6c, 0x73, 0x12, 0x4a, 0x0a, 0x0f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, - 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, - 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, - 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, - 0x0d, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x54, 0x6c, 0x6f, 0x67, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x5b, - 0x0a, 0x11, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x72, 0x65, 0x6b, 0x6f, - 0x72, 0x54, 0x6c, 0x6f, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x08, 0x74, - 0x73, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x4a, 0x0a, + 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, - 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x52, 0x07, 0x74, 0x73, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x4e, 0x0a, 0x0a, 0x74, 0x73, - 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, - 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, - 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x09, 0x74, 0x73, 0x61, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x05, - 0x22, 0xa3, 0x01, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x10, 0x0a, 0x03, - 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x2a, - 0x0a, 0x11, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x5f, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x6d, 0x61, 0x6a, 0x6f, 0x72, - 0x41, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, - 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, - 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, - 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, - 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x2a, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, + 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, + 0x65, 0x52, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x64, 0x0a, 0x15, 0x74, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, + 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, + 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, + 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, + 0xea, 0x03, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x3b, 0x0a, 0x07, 0x63, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, + 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x06, 0x63, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x3f, 0x0a, + 0x09, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xd8, 0x01, 0x0a, - 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x4e, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x6f, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, + 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x4a, + 0x0a, 0x0f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x75, 0x72, 0x6c, + 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, - 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, - 0x74, 0x12, 0x54, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, + 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x0d, 0x72, 0x65, 0x6b, + 0x6f, 0x72, 0x54, 0x6c, 0x6f, 0x67, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x5b, 0x0a, 0x11, 0x72, 0x65, + 0x6b, 0x6f, 0x72, 0x5f, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, + 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x54, 0x6c, 0x6f, + 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3d, 0x0a, 0x08, 0x74, 0x73, 0x61, 0x5f, 0x75, + 0x72, 0x6c, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, - 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, - 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2a, 0x4e, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1e, 0x0a, 0x1a, 0x53, 0x45, - 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x53, 0x45, 0x4c, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x5f, 0x55, - 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, - 0x4c, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, - 0x45, 0x58, 0x41, 0x43, 0x54, 0x10, 0x03, 0x42, 0x88, 0x01, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, - 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x54, 0x72, 0x75, - 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, - 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, - 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x74, 0x72, 0x75, 0x73, - 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x17, 0x53, 0x69, 0x67, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x3a, 0x3a, - 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x07, 0x74, + 0x73, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x4e, 0x0a, 0x0a, 0x74, 0x73, 0x61, 0x5f, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, + 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x74, 0x73, 0x61, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x05, 0x22, 0xa3, 0x01, 0x0a, + 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x61, + 0x6a, 0x6f, 0x72, 0x5f, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x41, 0x70, 0x69, 0x56, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, + 0x66, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, + 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, + 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, + 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, + 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x08, 0x73, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x64, + 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, + 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xd8, 0x01, 0x0a, 0x11, 0x43, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, + 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, + 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x54, 0x0a, + 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, + 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, + 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x2a, 0x4e, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1e, 0x0a, 0x1a, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, + 0x45, 0x5f, 0x53, 0x45, 0x4c, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, + 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4c, 0x4c, 0x10, 0x01, 0x12, + 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x58, 0x41, 0x43, + 0x54, 0x10, 0x03, 0x42, 0x88, 0x01, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, + 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, + 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, + 0x6f, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, + 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, + 0x74, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x17, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, + 0x3a, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, }) var ( diff --git a/gen/pb-python/pyproject.toml b/gen/pb-python/pyproject.toml index 2dbac94e..ab0b9fbd 100644 --- a/gen/pb-python/pyproject.toml +++ b/gen/pb-python/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "flit_core.buildapi" [project] name = "sigstore-protobuf-specs" -version = "0.4.3" +version = "0.5.0" description = "A library for serializing and deserializing Sigstore messages" readme = "README.md" license = { file = "LICENSE" } diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py index 18ba95be..d694e694 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py @@ -2,7 +2,7 @@ # sources: sigstore_trustroot.proto # plugin: python-betterproto # This file has been @generated -import warnings + from typing import TYPE_CHECKING @@ -84,22 +84,26 @@ class TransparencyLogInstance(betterproto.Message): log_id: "__common_v1__.LogId" = betterproto.message_field(4) """ - The unique identifier for this transparency log. + The identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2 - MUST set checkpoint_key_id if multiple logs use the same - signing key. - Deprecated: Use checkpoint_key_id instead, since log_id is not + For Rekor v2 instances, log_id and checkpoint_key_id will be set + to the same value. + It is recommended to use checkpoint_key_id instead, since log_id is not guaranteed to be unique across multiple deployments. Clients - must use the key name and key ID from a checkpoint to determine - the correct TransparencyLogInstance to verify a proof. + must use the key name and key ID, as defined by the signed-note spec + linked below, from a checkpoint to determine the correct + TransparencyLogInstance to verify a proof. + log_id will eventually be deprecated in favor of checkpoint_id. """ checkpoint_key_id: "__common_v1__.LogId" = betterproto.message_field(5) """ The unique identifier for the log, used in the checkpoint. + Only supported for TrustedRoot media types matching or greater than + application/vnd.dev.sigstore.trustedroot.v0.2+json Its calculation is described in https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures SHOULD be set for all logs. When not set, clients MUST use log_id. @@ -127,19 +131,14 @@ class TransparencyLogInstance(betterproto.Message): """ The name of the operator of this log deployment. Operator MUST be formatted as a scheme-less URI, e.g. sigstore.dev + Only supported for TrustedRoot media types matching or greater than + application/vnd.dev.sigstore.trustedroot.v0.2+json This MUST be used when there are multiple transparency log instances to determine if log proof verification meets a specified threshold, e.g. two proofs from log deployments operated by the same operator should count as only one valid proof. """ - def __post_init__(self) -> None: - super().__post_init__() - if self.is_set("log_id"): - warnings.warn( - "TransparencyLogInstance.log_id is deprecated", DeprecationWarning - ) - @dataclass(eq=False, repr=False) class CertificateAuthority(betterproto.Message): @@ -231,10 +230,12 @@ class TrustedRoot(betterproto.Message): media_type: str = betterproto.string_field(1) """ - MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json when encoded as JSON. - Clients MUST be able to process and parse content with the media - type defined in the old format: + Clients MAY choose to also support + application/vnd.dev.sigstore.trustedroot.v0.1+json + Clients MAY process and parse content with the media type defined + in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1 """ diff --git a/gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb b/gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb index 6df21825..7ec3cc3b 100644 --- a/gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb +++ b/gen/pb-ruby/lib/sigstore_protobuf_specs/version.rb @@ -16,6 +16,6 @@ module Dev module Sigstore - VERSION = '0.4.3' + VERSION = '0.5.0' end end diff --git a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb index 67f63bb7..ff59c644 100644 --- a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb +++ b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb @@ -8,7 +8,7 @@ require 'sigstore_common_pb' -descriptor_data = "\n\x18sigstore_trustroot.proto\x12\x19\x64\x65v.sigstore.trustroot.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\"\xa0\x02\n\x17TransparencyLogInstance\x12\x10\n\x08\x62\x61se_url\x18\x01 \x01(\t\x12=\n\x0ehash_algorithm\x18\x02 \x01(\x0e\x32%.dev.sigstore.common.v1.HashAlgorithm\x12\x35\n\npublic_key\x18\x03 \x01(\x0b\x32!.dev.sigstore.common.v1.PublicKey\x12\x31\n\x06log_id\x18\x04 \x01(\x0b\x32\x1d.dev.sigstore.common.v1.LogIdB\x02\x18\x01\x12\x38\n\x11\x63heckpoint_key_id\x18\x05 \x01(\x0b\x32\x1d.dev.sigstore.common.v1.LogId\x12\x10\n\x08operator\x18\x06 \x01(\t\"\xe9\x01\n\x14\x43\x65rtificateAuthority\x12:\n\x07subject\x18\x01 \x01(\x0b\x32).dev.sigstore.common.v1.DistinguishedName\x12\x0b\n\x03uri\x18\x02 \x01(\t\x12@\n\ncert_chain\x18\x03 \x01(\x0b\x32,.dev.sigstore.common.v1.X509CertificateChain\x12\x34\n\tvalid_for\x18\x04 \x01(\x0b\x32!.dev.sigstore.common.v1.TimeRange\x12\x10\n\x08operator\x18\x05 \x01(\t\"\xca\x02\n\x0bTrustedRoot\x12\x12\n\nmedia_type\x18\x01 \x01(\t\x12\x41\n\x05tlogs\x18\x02 \x03(\x0b\x32\x32.dev.sigstore.trustroot.v1.TransparencyLogInstance\x12P\n\x17\x63\x65rtificate_authorities\x18\x03 \x03(\x0b\x32/.dev.sigstore.trustroot.v1.CertificateAuthority\x12\x42\n\x06\x63tlogs\x18\x04 \x03(\x0b\x32\x32.dev.sigstore.trustroot.v1.TransparencyLogInstance\x12N\n\x15timestamp_authorities\x18\x05 \x03(\x0b\x32/.dev.sigstore.trustroot.v1.CertificateAuthority\"\x99\x03\n\rSigningConfig\x12\x12\n\nmedia_type\x18\x05 \x01(\t\x12\x33\n\x07\x63\x61_urls\x18\x06 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12\x35\n\toidc_urls\x18\x07 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12;\n\x0frekor_tlog_urls\x18\x08 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12J\n\x11rekor_tlog_config\x18\t \x01(\x0b\x32/.dev.sigstore.trustroot.v1.ServiceConfiguration\x12\x34\n\x08tsa_urls\x18\n \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12\x43\n\ntsa_config\x18\x0b \x01(\x0b\x32/.dev.sigstore.trustroot.v1.ServiceConfigurationJ\x04\x08\x01\x10\x05\"y\n\x07Service\x12\x0b\n\x03url\x18\x01 \x01(\t\x12\x19\n\x11major_api_version\x18\x02 \x01(\r\x12\x34\n\tvalid_for\x18\x03 \x01(\x0b\x32!.dev.sigstore.common.v1.TimeRange\x12\x10\n\x08operator\x18\x04 \x01(\t\"c\n\x14ServiceConfiguration\x12<\n\x08selector\x18\x01 \x01(\x0e\x32*.dev.sigstore.trustroot.v1.ServiceSelector\x12\r\n\x05\x63ount\x18\x02 \x01(\r\"\xb1\x01\n\x11\x43lientTrustConfig\x12\x12\n\nmedia_type\x18\x01 \x01(\t\x12\x41\n\x0ctrusted_root\x18\x02 \x01(\x0b\x32&.dev.sigstore.trustroot.v1.TrustedRootB\x03\xe0\x41\x02\x12\x45\n\x0esigning_config\x18\x03 \x01(\x0b\x32(.dev.sigstore.trustroot.v1.SigningConfigB\x03\xe0\x41\x02*N\n\x0fServiceSelector\x12\x1e\n\x1aSERVICE_SELECTOR_UNDEFINED\x10\x00\x12\x07\n\x03\x41LL\x10\x01\x12\x07\n\x03\x41NY\x10\x02\x12\t\n\x05\x45XACT\x10\x03\x42\x88\x01\n\x1f\x64\x65v.sigstore.proto.trustroot.v1B\x0eTrustRootProtoP\x01Z9github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1\xea\x02\x17Sigstore::TrustRoot::V1b\x06proto3" +descriptor_data = "\n\x18sigstore_trustroot.proto\x12\x19\x64\x65v.sigstore.trustroot.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x15sigstore_common.proto\"\x9c\x02\n\x17TransparencyLogInstance\x12\x10\n\x08\x62\x61se_url\x18\x01 \x01(\t\x12=\n\x0ehash_algorithm\x18\x02 \x01(\x0e\x32%.dev.sigstore.common.v1.HashAlgorithm\x12\x35\n\npublic_key\x18\x03 \x01(\x0b\x32!.dev.sigstore.common.v1.PublicKey\x12-\n\x06log_id\x18\x04 \x01(\x0b\x32\x1d.dev.sigstore.common.v1.LogId\x12\x38\n\x11\x63heckpoint_key_id\x18\x05 \x01(\x0b\x32\x1d.dev.sigstore.common.v1.LogId\x12\x10\n\x08operator\x18\x06 \x01(\t\"\xe9\x01\n\x14\x43\x65rtificateAuthority\x12:\n\x07subject\x18\x01 \x01(\x0b\x32).dev.sigstore.common.v1.DistinguishedName\x12\x0b\n\x03uri\x18\x02 \x01(\t\x12@\n\ncert_chain\x18\x03 \x01(\x0b\x32,.dev.sigstore.common.v1.X509CertificateChain\x12\x34\n\tvalid_for\x18\x04 \x01(\x0b\x32!.dev.sigstore.common.v1.TimeRange\x12\x10\n\x08operator\x18\x05 \x01(\t\"\xca\x02\n\x0bTrustedRoot\x12\x12\n\nmedia_type\x18\x01 \x01(\t\x12\x41\n\x05tlogs\x18\x02 \x03(\x0b\x32\x32.dev.sigstore.trustroot.v1.TransparencyLogInstance\x12P\n\x17\x63\x65rtificate_authorities\x18\x03 \x03(\x0b\x32/.dev.sigstore.trustroot.v1.CertificateAuthority\x12\x42\n\x06\x63tlogs\x18\x04 \x03(\x0b\x32\x32.dev.sigstore.trustroot.v1.TransparencyLogInstance\x12N\n\x15timestamp_authorities\x18\x05 \x03(\x0b\x32/.dev.sigstore.trustroot.v1.CertificateAuthority\"\x99\x03\n\rSigningConfig\x12\x12\n\nmedia_type\x18\x05 \x01(\t\x12\x33\n\x07\x63\x61_urls\x18\x06 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12\x35\n\toidc_urls\x18\x07 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12;\n\x0frekor_tlog_urls\x18\x08 \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12J\n\x11rekor_tlog_config\x18\t \x01(\x0b\x32/.dev.sigstore.trustroot.v1.ServiceConfiguration\x12\x34\n\x08tsa_urls\x18\n \x03(\x0b\x32\".dev.sigstore.trustroot.v1.Service\x12\x43\n\ntsa_config\x18\x0b \x01(\x0b\x32/.dev.sigstore.trustroot.v1.ServiceConfigurationJ\x04\x08\x01\x10\x05\"y\n\x07Service\x12\x0b\n\x03url\x18\x01 \x01(\t\x12\x19\n\x11major_api_version\x18\x02 \x01(\r\x12\x34\n\tvalid_for\x18\x03 \x01(\x0b\x32!.dev.sigstore.common.v1.TimeRange\x12\x10\n\x08operator\x18\x04 \x01(\t\"c\n\x14ServiceConfiguration\x12<\n\x08selector\x18\x01 \x01(\x0e\x32*.dev.sigstore.trustroot.v1.ServiceSelector\x12\r\n\x05\x63ount\x18\x02 \x01(\r\"\xb1\x01\n\x11\x43lientTrustConfig\x12\x12\n\nmedia_type\x18\x01 \x01(\t\x12\x41\n\x0ctrusted_root\x18\x02 \x01(\x0b\x32&.dev.sigstore.trustroot.v1.TrustedRootB\x03\xe0\x41\x02\x12\x45\n\x0esigning_config\x18\x03 \x01(\x0b\x32(.dev.sigstore.trustroot.v1.SigningConfigB\x03\xe0\x41\x02*N\n\x0fServiceSelector\x12\x1e\n\x1aSERVICE_SELECTOR_UNDEFINED\x10\x00\x12\x07\n\x03\x41LL\x10\x01\x12\x07\n\x03\x41NY\x10\x02\x12\t\n\x05\x45XACT\x10\x03\x42\x88\x01\n\x1f\x64\x65v.sigstore.proto.trustroot.v1B\x0eTrustRootProtoP\x01Z9github.com/sigstore/protobuf-specs/gen/pb-go/trustroot/v1\xea\x02\x17Sigstore::TrustRoot::V1b\x06proto3" pool = Google::Protobuf::DescriptorPool.generated_pool pool.add_serialized_file(descriptor_data) diff --git a/gen/pb-rust/Cargo.lock b/gen/pb-rust/Cargo.lock index 48663743..d1aa007e 100644 --- a/gen/pb-rust/Cargo.lock +++ b/gen/pb-rust/Cargo.lock @@ -13,9 +13,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.97" +version = "1.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f" +checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487" [[package]] name = "autocfg" @@ -232,9 +232,9 @@ dependencies = [ [[package]] name = "prost" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2796faa41db3ec313a31f7624d9286acf277b52de526150b7e69f3debf891ee5" +checksum = "7231bd9b3d3d33c86b58adbac74b5ec0ad9f496b19d22801d773636feaa95f3d" dependencies = [ "bytes", "prost-derive", @@ -242,9 +242,9 @@ dependencies = [ [[package]] name = "prost-build" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be769465445e8c1474e9c5dac2018218498557af32d9ed057325ec9a41ae81bf" +checksum = "ac6c3320f9abac597dcbc668774ef006702672474aad53c6d596b62e487b40b1" dependencies = [ "heck", "itertools", @@ -262,9 +262,9 @@ dependencies = [ [[package]] name = "prost-derive" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" +checksum = "9120690fafc389a67ba3803df527d0ec9cbbc9cc45e4cc20b332996dfb672425" dependencies = [ "anyhow", "itertools", @@ -275,56 +275,33 @@ dependencies = [ [[package]] name = "prost-reflect" -version = "0.14.6" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7b318f733603136dcc61aa9e77c928d67f87d2436c34ec052ba3f1b5ca219de" +checksum = "6e6b545c556471033fc1099868fca468bff8cf034f7bb9153b445f24d00aa28d" dependencies = [ "base64", - "once_cell", "prost", - "prost-reflect-derive 0.14.0", + "prost-reflect-derive", "prost-types", "serde", "serde-value", ] -[[package]] -name = "prost-reflect" -version = "0.15.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebb644dd3ad12d7cf62a18234d385ea5511ac6abb208704c18098e7e3a5e1b69" -dependencies = [ - "prost", - "prost-reflect-derive 0.15.1", - "prost-types", -] - [[package]] name = "prost-reflect-build" -version = "0.15.1" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab2f1a2229c170ebef43cffa6ff2cfc94c275bda7d52fd8463d2bf41d05a6d77" +checksum = "8214ae2c30bbac390db0134d08300e770ef89b6d4e5abf855e8d300eded87e28" dependencies = [ "prost-build", - "prost-reflect 0.15.2", + "prost-reflect", ] [[package]] name = "prost-reflect-derive" -version = "0.14.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4fce6b22f15cc8d8d400a2b98ad29202b33bd56c7d9ddd815bc803a807ecb65" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "prost-reflect-derive" -version = "0.15.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ab076798900edeaf1499ed1c30097db86e6697c5d02660a63d72fe4ebdcfefd2" +checksum = "7b6d90e29fa6c0d13c2c19ba5e4b3fb0efbf5975d27bcf4e260b7b15455bcabe" dependencies = [ "proc-macro2", "quote", @@ -333,9 +310,9 @@ dependencies = [ [[package]] name = "prost-types" -version = "0.13.5" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52c2c1bf36ddb1a1c396b3601a3cec27c2462e45f07c386894ec3ccf5332bd16" +checksum = "b9b4db3d6da204ed77bb26ba83b6122a73aeb2e87e25fbf7ad2e84c4ccbf8f72" dependencies = [ "prost", ] @@ -473,13 +450,13 @@ dependencies = [ [[package]] name = "sigstore_protobuf_specs" -version = "0.4.3" +version = "0.5.0" dependencies = [ "anyhow", "glob", "prost", "prost-build", - "prost-reflect 0.14.6", + "prost-reflect", "prost-reflect-build", "prost-types", "serde", @@ -490,9 +467,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.101" +version = "2.0.104" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +checksum = "17b6f705963418cdb9927482fa304bc562ece2fdd4f616084c50b7023b435a40" dependencies = [ "proc-macro2", "quote", @@ -527,11 +504,10 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "which" -version = "7.0.3" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", "rustix 1.0.7", "winsafe", diff --git a/gen/pb-rust/sigstore-protobuf-specs-codegen/Cargo.toml b/gen/pb-rust/sigstore-protobuf-specs-codegen/Cargo.toml index 7cdfd19f..cf0f75a4 100644 --- a/gen/pb-rust/sigstore-protobuf-specs-codegen/Cargo.toml +++ b/gen/pb-rust/sigstore-protobuf-specs-codegen/Cargo.toml @@ -4,8 +4,8 @@ version = "0.0.1" edition = "2021" [dependencies] -anyhow = "1.0.97" +anyhow = "1.0.98" glob = "0.3" -prost-build = "0.13.5" -prost-reflect-build = "0.15.1" -which = "7.0.3" +prost-build = "0.14.1" +prost-reflect-build = "0.16.0" +which = "8.0.0" diff --git a/gen/pb-rust/sigstore-protobuf-specs/Cargo.toml b/gen/pb-rust/sigstore-protobuf-specs/Cargo.toml index 0b4769f6..36abce0b 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/Cargo.toml +++ b/gen/pb-rust/sigstore-protobuf-specs/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "sigstore_protobuf_specs" -version = "0.4.3" +version = "0.5.0" authors = ["Sigstore Authors "] edition = "2021" homepage = "https://github.com/sigstore/protobuf-specs" @@ -12,16 +12,16 @@ keywords = ["sigstore"] categories = ["encoding", "parser-implementations"] [dependencies] -prost-types = "0.13.5" -prost = "0.13.5" -prost-reflect = { version = "0.14.6", features = ["serde", "derive"] } +prost-types = "0.14.1" +prost = "0.14.1" +prost-reflect = { version = "0.16.0", features = ["serde", "derive"] } serde = {version = "1.0", features = ["derive"]} serde_json = "1.0" sigstore-protobuf-specs-derive = { version = "0.0.1", path = "../sigstore-protobuf-specs-derive" } [build-dependencies] -anyhow = "1.0.97" +anyhow = "1.0.98" glob = "0.3" -prost-build = "0.13.5" -prost-reflect-build = "0.15.1" -which = "7.0.3" +prost-build = "0.14.1" +prost-reflect-build = "0.16.0" +which = "8.0.0" diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs index 2d4cae1d..2392f538 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs @@ -8,7 +8,7 @@ #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.HashOutput")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct HashOutput { #[prost(enumeration = "HashAlgorithm", tag = "1")] pub algorithm: i32, @@ -25,7 +25,7 @@ pub struct HashOutput { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.MessageSignature")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct MessageSignature { /// Message digest can be used to identify the artifact. /// Clients MUST NOT attempt to use this digest to verify the associated @@ -51,7 +51,7 @@ pub struct MessageSignature { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.LogId")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct LogId { /// The unique identity of the log, represented by its public key. #[prost(bytes = "vec", tag = "1")] @@ -65,7 +65,7 @@ pub struct LogId { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.RFC3161SignedTimestamp")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Rfc3161SignedTimestamp { /// Signed timestamp is the DER encoded TimeStampResponse. /// See @@ -79,7 +79,7 @@ pub struct Rfc3161SignedTimestamp { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.PublicKey")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct PublicKey { /// DER-encoded public key, encoding method is specified by the /// key_details attribute. @@ -101,7 +101,7 @@ pub struct PublicKey { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.PublicKeyIdentifier")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct PublicKeyIdentifier { /// Optional unauthenticated hint on which key to use. /// The format of the hint must be agreed upon out of band by the @@ -123,7 +123,7 @@ pub struct PublicKeyIdentifier { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.ObjectIdentifier")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct ObjectIdentifier { #[prost(int32, repeated, packed = "false", tag = "1")] pub id: ::prost::alloc::vec::Vec, @@ -136,7 +136,7 @@ pub struct ObjectIdentifier { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.ObjectIdentifierValuePair")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct ObjectIdentifierValuePair { #[prost(message, optional, tag = "1")] pub oid: ::core::option::Option, @@ -150,7 +150,7 @@ pub struct ObjectIdentifierValuePair { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.DistinguishedName")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct DistinguishedName { #[prost(string, tag = "1")] pub organization: ::prost::alloc::string::String, @@ -164,7 +164,7 @@ pub struct DistinguishedName { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.X509Certificate")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct X509Certificate { /// DER-encoded X.509 certificate. #[prost(bytes = "vec", tag = "1")] @@ -177,7 +177,7 @@ pub struct X509Certificate { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.SubjectAlternativeName")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct SubjectAlternativeName { #[prost(enumeration = "SubjectAlternativeNameType", tag = "1")] pub r#type: i32, @@ -190,7 +190,7 @@ pub mod subject_alternative_name { sigstore_protobuf_specs_derive::Deserialize_proto, sigstore_protobuf_specs_derive::Serialize_proto )] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)] pub enum Identity { /// A regular expression describing the expected value for /// the SAN. @@ -234,7 +234,7 @@ pub struct X509CertificateChain { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.common.v1.TimeRange")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, Copy, PartialEq, ::prost::Message)] +#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct TimeRange { #[prost(message, optional, tag = "1")] pub start: ::core::option::Option<::prost_types::Timestamp>, diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.events.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.events.v1.rs index 24578699..f4523f56 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.events.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.events.v1.rs @@ -39,7 +39,7 @@ pub mod cloud_event { message_name = "dev.sigstore.events.v1.CloudEvent.CloudEventAttributeValue" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, PartialEq, ::prost::Message)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct CloudEventAttributeValue { #[prost( oneof = "cloud_event_attribute_value::Attr", @@ -53,7 +53,7 @@ pub mod cloud_event { sigstore_protobuf_specs_derive::Deserialize_proto, sigstore_protobuf_specs_derive::Serialize_proto )] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)] pub enum Attr { #[prost(bool, tag = "1")] CeBoolean(bool), @@ -76,7 +76,7 @@ pub mod cloud_event { sigstore_protobuf_specs_derive::Deserialize_proto, sigstore_protobuf_specs_derive::Serialize_proto )] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)] pub enum Data { #[prost(bytes, tag = "6")] BinaryData(::prost::alloc::vec::Vec), diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs index 0e2f2b84..3e83be7b 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs @@ -7,7 +7,7 @@ #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v1.KindVersion")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct KindVersion { /// Kind is the type of entry being stored in the log. /// See here for a list: @@ -34,7 +34,7 @@ pub struct KindVersion { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v1.Checkpoint")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Checkpoint { #[prost(string, tag = "1")] pub envelope: ::prost::alloc::string::String, @@ -48,7 +48,7 @@ pub struct Checkpoint { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v1.InclusionProof")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct InclusionProof { /// The index of the entry in the tree it was written to. #[prost(int64, tag = "1")] @@ -89,7 +89,7 @@ pub struct InclusionProof { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v1.InclusionPromise")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct InclusionPromise { #[prost(bytes = "vec", tag = "1")] pub signed_entry_timestamp: ::prost::alloc::vec::Vec, @@ -109,7 +109,7 @@ pub struct InclusionPromise { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v1.TransparencyLogEntry")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct TransparencyLogEntry { /// The global index of the entry, used when querying the log by index. #[prost(int64, tag = "1")] diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs index 05f5cac8..463b7b55 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v2.rs @@ -7,7 +7,7 @@ #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v2.PublicKey")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct PublicKey { /// DER-encoded public key #[prost(bytes = "vec", tag = "1")] @@ -21,7 +21,7 @@ pub struct PublicKey { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v2.Verifier")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Verifier { /// Key encoding and signature algorithm to use for this key #[prost(enumeration = "super::super::common::v1::PublicKeyDetails", tag = "3")] @@ -35,7 +35,7 @@ pub mod verifier { sigstore_protobuf_specs_derive::Deserialize_proto, sigstore_protobuf_specs_derive::Serialize_proto )] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)] pub enum Verifier { /// DER-encoded public key. Encoding method is specified by the key_details attribute #[prost(message, tag = "1")] @@ -53,7 +53,7 @@ pub mod verifier { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v2.Signature")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Signature { #[prost(bytes = "vec", tag = "1")] pub content: ::prost::alloc::vec::Vec, @@ -103,7 +103,7 @@ pub struct DsseLogEntryV002 { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v2.HashedRekordRequestV002")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct HashedRekordRequestV002 { /// The hashed data #[prost(bytes = "vec", tag = "1")] @@ -119,7 +119,7 @@ pub struct HashedRekordRequestV002 { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.rekor.v2.HashedRekordLogEntryV002")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct HashedRekordLogEntryV002 { /// The hashed data #[prost(message, optional, tag = "1")] diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs index 3b3cffa9..ea2807b5 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs @@ -12,7 +12,7 @@ #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.trustroot.v1.TransparencyLogInstance")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct TransparencyLogInstance { /// The base URL at which can be used to URLs for the client. /// SHOULD match the origin on the log checkpoint: @@ -26,21 +26,24 @@ pub struct TransparencyLogInstance { /// This attribute contains the signature algorithm used by the log. #[prost(message, optional, tag = "3")] pub public_key: ::core::option::Option, - /// The unique identifier for this transparency log. + /// The identifier for this transparency log. /// Represented as the SHA-256 hash of the log's public key, /// calculated over the DER encoding of the key represented as /// SubjectPublicKeyInfo. /// See - /// MUST set checkpoint_key_id if multiple logs use the same - /// signing key. - /// Deprecated: Use checkpoint_key_id instead, since log_id is not + /// For Rekor v2 instances, log_id and checkpoint_key_id will be set + /// to the same value. + /// It is recommended to use checkpoint_key_id instead, since log_id is not /// guaranteed to be unique across multiple deployments. Clients - /// must use the key name and key ID from a checkpoint to determine - /// the correct TransparencyLogInstance to verify a proof. - #[deprecated] + /// must use the key name and key ID, as defined by the signed-note spec + /// linked below, from a checkpoint to determine the correct + /// TransparencyLogInstance to verify a proof. + /// log_id will eventually be deprecated in favor of checkpoint_id. #[prost(message, optional, tag = "4")] pub log_id: ::core::option::Option, /// The unique identifier for the log, used in the checkpoint. + /// Only supported for TrustedRoot media types matching or greater than + /// application/vnd.dev.sigstore.trustedroot.v0.2+json /// Its calculation is described in /// /// SHOULD be set for all logs. When not set, clients MUST use log_id. @@ -66,6 +69,8 @@ pub struct TransparencyLogInstance { pub checkpoint_key_id: ::core::option::Option, /// The name of the operator of this log deployment. Operator MUST be /// formatted as a scheme-less URI, e.g. sigstore.dev + /// Only supported for TrustedRoot media types matching or greater than + /// application/vnd.dev.sigstore.trustedroot.v0.2+json /// This MUST be used when there are multiple transparency log instances /// to determine if log proof verification meets a specified threshold, /// e.g. two proofs from log deployments operated by the same operator @@ -161,10 +166,12 @@ pub struct CertificateAuthority { #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] #[derive(Clone, PartialEq, ::prost::Message)] pub struct TrustedRoot { - /// MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + /// MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json /// when encoded as JSON. - /// Clients MUST be able to process and parse content with the media - /// type defined in the old format: + /// Clients MAY choose to also support + /// application/vnd.dev.sigstore.trustedroot.v0.1+json + /// Clients MAY process and parse content with the media type defined + /// in the old format: /// application/vnd.dev.sigstore.trustedroot+json;version=0.1 #[prost(string, tag = "1")] pub media_type: ::prost::alloc::string::String, @@ -299,7 +306,7 @@ pub struct SigningConfig { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.trustroot.v1.Service")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Service { /// URL of the service. MUST include scheme and authority. MAY include path. #[prost(string, tag = "1")] @@ -332,7 +339,7 @@ pub struct Service { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.trustroot.v1.ServiceConfiguration")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, Copy, PartialEq, ::prost::Message)] +#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct ServiceConfiguration { /// How a client should select a set of Services to connect to. /// Clients SHOULD NOT select services from multiple API versions. diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.verification.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.verification.v1.rs index 62dc0c10..288b645f 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.verification.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.verification.v1.rs @@ -115,7 +115,7 @@ pub mod artifact_verification_options { message_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, Copy, PartialEq, ::prost::Message)] + #[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct TlogOptions { /// Number of transparency logs the entry must appear on. #[prost(int32, tag = "1")] @@ -136,7 +136,7 @@ pub mod artifact_verification_options { message_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, Copy, PartialEq, ::prost::Message)] + #[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct CtlogOptions { /// The number of ct transparency logs the certificate must /// appear on. @@ -155,7 +155,7 @@ pub mod artifact_verification_options { message_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, Copy, PartialEq, ::prost::Message)] + #[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct TimestampAuthorityOptions { /// The number of signed timestamps that are expected. #[prost(int32, tag = "1")] @@ -173,7 +173,7 @@ pub mod artifact_verification_options { message_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, Copy, PartialEq, ::prost::Message)] + #[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct TlogIntegratedTimestampOptions { /// The number of integrated timestamps that are expected. #[prost(int32, tag = "1")] @@ -191,7 +191,7 @@ pub mod artifact_verification_options { message_name = "dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions" )] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] - #[derive(Clone, Copy, PartialEq, ::prost::Message)] + #[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)] pub struct ObserverTimestampOptions { /// The number of external observers of the timestamp. /// This is a union of RFC3161 signed timestamps, and @@ -235,7 +235,7 @@ pub mod artifact_verification_options { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "dev.sigstore.verification.v1.Artifact")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Artifact { #[prost(oneof = "artifact::Data", tags = "1, 2, 3")] pub data: ::core::option::Option, @@ -246,7 +246,7 @@ pub mod artifact { sigstore_protobuf_specs_derive::Deserialize_proto, sigstore_protobuf_specs_derive::Serialize_proto )] - #[derive(Clone, PartialEq, ::prost::Oneof)] + #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)] pub enum Data { /// Location of the artifact #[prost(string, tag = "1")] diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index 6ebf1ec2..6b5fa6aa 100644 Binary files a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin and b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin differ diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/io.intoto.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/io.intoto.rs index a00c8660..42d929cb 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/io.intoto.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/io.intoto.rs @@ -22,7 +22,7 @@ pub struct Envelope { #[derive(::prost_reflect::ReflectMessage)] #[prost_reflect(message_name = "io.intoto.Signature")] #[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")] -#[derive(Clone, PartialEq, ::prost::Message)] +#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)] pub struct Signature { /// Signature itself. (In JSON, this is encoded as base64.) /// REQUIRED. diff --git a/gen/pb-typescript/package-lock.json b/gen/pb-typescript/package-lock.json index 1b33b309..629981b0 100644 --- a/gen/pb-typescript/package-lock.json +++ b/gen/pb-typescript/package-lock.json @@ -1,12 +1,12 @@ { "name": "@sigstore/protobuf-specs", - "version": "0.4.0", + "version": "0.5.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@sigstore/protobuf-specs", - "version": "0.4.0", + "version": "0.5.0", "license": "Apache-2.0", "devDependencies": { "@tsconfig/node18": "^18.2.4", diff --git a/gen/pb-typescript/package.json b/gen/pb-typescript/package.json index 3080a305..f87b2540 100644 --- a/gen/pb-typescript/package.json +++ b/gen/pb-typescript/package.json @@ -1,9 +1,13 @@ { "name": "@sigstore/protobuf-specs", - "version": "0.4.3", + "version": "0.5.0", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", + "exports": { + ".": "./dist/index.js", + "./rekor/v2": "./dist/rekor/v2/index.js" + }, "scripts": { "build": "tsc" }, diff --git a/gen/pb-typescript/src/__generated__/envelope.ts b/gen/pb-typescript/src/__generated__/envelope.ts index d9ff3c67..b36c50d8 100644 --- a/gen/pb-typescript/src/__generated__/envelope.ts +++ b/gen/pb-typescript/src/__generated__/envelope.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: envelope.proto diff --git a/gen/pb-typescript/src/__generated__/events.ts b/gen/pb-typescript/src/__generated__/events.ts index 90c01384..09d56b00 100644 --- a/gen/pb-typescript/src/__generated__/events.ts +++ b/gen/pb-typescript/src/__generated__/events.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: events.proto diff --git a/gen/pb-typescript/src/__generated__/google/api/field_behavior.ts b/gen/pb-typescript/src/__generated__/google/api/field_behavior.ts index 36af9fa5..f5fc219f 100644 --- a/gen/pb-typescript/src/__generated__/google/api/field_behavior.ts +++ b/gen/pb-typescript/src/__generated__/google/api/field_behavior.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: google/api/field_behavior.proto diff --git a/gen/pb-typescript/src/__generated__/google/protobuf/any.ts b/gen/pb-typescript/src/__generated__/google/protobuf/any.ts index 60c43837..481a0ed7 100644 --- a/gen/pb-typescript/src/__generated__/google/protobuf/any.ts +++ b/gen/pb-typescript/src/__generated__/google/protobuf/any.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: google/protobuf/any.proto diff --git a/gen/pb-typescript/src/__generated__/google/protobuf/descriptor.ts b/gen/pb-typescript/src/__generated__/google/protobuf/descriptor.ts index 86b792f7..62bcfd97 100644 --- a/gen/pb-typescript/src/__generated__/google/protobuf/descriptor.ts +++ b/gen/pb-typescript/src/__generated__/google/protobuf/descriptor.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: google/protobuf/descriptor.proto diff --git a/gen/pb-typescript/src/__generated__/google/protobuf/timestamp.ts b/gen/pb-typescript/src/__generated__/google/protobuf/timestamp.ts index a6c325ed..e0dd14e7 100644 --- a/gen/pb-typescript/src/__generated__/google/protobuf/timestamp.ts +++ b/gen/pb-typescript/src/__generated__/google/protobuf/timestamp.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: google/protobuf/timestamp.proto diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts b/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts index 801dc640..c7def1b9 100644 --- a/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts +++ b/gen/pb-typescript/src/__generated__/rekor/v2/dsse.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: rekor/v2/dsse.proto diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts b/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts index 3811a32e..08d0ecde 100644 --- a/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts +++ b/gen/pb-typescript/src/__generated__/rekor/v2/entry.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: rekor/v2/entry.proto diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts b/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts index 87dc0254..77da3e7a 100644 --- a/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts +++ b/gen/pb-typescript/src/__generated__/rekor/v2/hashedrekord.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: rekor/v2/hashedrekord.proto diff --git a/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts b/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts index 097bfe08..020112a5 100644 --- a/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts +++ b/gen/pb-typescript/src/__generated__/rekor/v2/verifier.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: rekor/v2/verifier.proto diff --git a/gen/pb-typescript/src/__generated__/sigstore_bundle.ts b/gen/pb-typescript/src/__generated__/sigstore_bundle.ts index b6cef7c4..ae6e86da 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_bundle.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_bundle.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: sigstore_bundle.proto diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts index 334cd62d..4b56f7e2 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_common.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: sigstore_common.proto diff --git a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts index 18aa5856..c396e91a 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: sigstore_rekor.proto diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts index ea6196d4..3727a9c9 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: sigstore_trustroot.proto @@ -102,25 +102,27 @@ export interface TransparencyLogInstance { | PublicKey | undefined; /** - * The unique identifier for this transparency log. + * The identifier for this transparency log. * Represented as the SHA-256 hash of the log's public key, * calculated over the DER encoding of the key represented as * SubjectPublicKeyInfo. * See https://www.rfc-editor.org/rfc/rfc6962#section-3.2 - * MUST set checkpoint_key_id if multiple logs use the same - * signing key. - * Deprecated: Use checkpoint_key_id instead, since log_id is not + * For Rekor v2 instances, log_id and checkpoint_key_id will be set + * to the same value. + * It is recommended to use checkpoint_key_id instead, since log_id is not * guaranteed to be unique across multiple deployments. Clients - * must use the key name and key ID from a checkpoint to determine - * the correct TransparencyLogInstance to verify a proof. - * - * @deprecated + * must use the key name and key ID, as defined by the signed-note spec + * linked below, from a checkpoint to determine the correct + * TransparencyLogInstance to verify a proof. + * log_id will eventually be deprecated in favor of checkpoint_id. */ logId: | LogId | undefined; /** * The unique identifier for the log, used in the checkpoint. + * Only supported for TrustedRoot media types matching or greater than + * application/vnd.dev.sigstore.trustedroot.v0.2+json * Its calculation is described in * https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures * SHOULD be set for all logs. When not set, clients MUST use log_id. @@ -149,6 +151,8 @@ export interface TransparencyLogInstance { /** * The name of the operator of this log deployment. Operator MUST be * formatted as a scheme-less URI, e.g. sigstore.dev + * Only supported for TrustedRoot media types matching or greater than + * application/vnd.dev.sigstore.trustedroot.v0.2+json * This MUST be used when there are multiple transparency log instances * to determine if log proof verification meets a specified threshold, * e.g. two proofs from log deployments operated by the same operator @@ -244,10 +248,12 @@ export interface CertificateAuthority { */ export interface TrustedRoot { /** - * MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + * MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json * when encoded as JSON. - * Clients MUST be able to process and parse content with the media - * type defined in the old format: + * Clients MAY choose to also support + * application/vnd.dev.sigstore.trustedroot.v0.1+json + * Clients MAY process and parse content with the media type defined + * in the old format: * application/vnd.dev.sigstore.trustedroot+json;version=0.1 */ mediaType: string; diff --git a/gen/pb-typescript/src/__generated__/sigstore_verification.ts b/gen/pb-typescript/src/__generated__/sigstore_verification.ts index f0e8925c..ad07b613 100644 --- a/gen/pb-typescript/src/__generated__/sigstore_verification.ts +++ b/gen/pb-typescript/src/__generated__/sigstore_verification.ts @@ -1,6 +1,6 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: -// protoc-gen-ts_proto v2.7.0 +// protoc-gen-ts_proto v2.7.5 // protoc v6.30.2 // source: sigstore_verification.proto diff --git a/gen/pb-typescript/src/rekor/v2/index.ts b/gen/pb-typescript/src/rekor/v2/index.ts new file mode 100644 index 00000000..6ce3df3b --- /dev/null +++ b/gen/pb-typescript/src/rekor/v2/index.ts @@ -0,0 +1,19 @@ +/* +Copyright 2025 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +export * from '../../__generated__/rekor/v2/dsse'; +export * from '../../__generated__/rekor/v2/entry'; +export * from '../../__generated__/rekor/v2/hashedrekord'; +export * from '../../__generated__/rekor/v2/verifier'; diff --git a/java/build.gradle.kts b/java/build.gradle.kts index 92a0b231..c7c0984e 100644 --- a/java/build.gradle.kts +++ b/java/build.gradle.kts @@ -2,7 +2,7 @@ plugins { `java-library` `maven-publish` id("dev.sigstore.sign") version "1.3.0" - id("com.diffplug.spotless") version "7.0.3" + id("com.diffplug.spotless") version "7.0.4" `signing` } diff --git a/protoc-builder/Dockerfile.go b/protoc-builder/Dockerfile.go index 0005dafd..3a4f0cde 100644 --- a/protoc-builder/Dockerfile.go +++ b/protoc-builder/Dockerfile.go @@ -1,11 +1,11 @@ -FROM golang:1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 AS go-builder +FROM golang:1.24.4-alpine@sha256:68932fa6d4d4059845c8f40ad7e654e626f3ebd3706eef7846f319293ab5cb7a AS go-builder ADD hack/go/go.* tools/ # the specific versions of these tools are in hack/go.mod so that Dependabot can bump them for updates RUN cd tools && GOBIN=/go/tools go install tool -FROM gcr.io/distroless/static-debian12:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc +FROM gcr.io/distroless/static-debian12:nonroot@sha256:627d6c5a23ad24e6bdff827f16c7b60e0289029b0c79e9f7ccd54ae3279fb45f COPY --from=go-builder /go/tools/protoc-* /usr/local/bin/ COPY --from=protoc-base:go /protobuf/bin/protoc /usr/local/bin/ diff --git a/protoc-builder/Dockerfile.jsonschema b/protoc-builder/Dockerfile.jsonschema index 7d78d97b..75ea2d84 100644 --- a/protoc-builder/Dockerfile.jsonschema +++ b/protoc-builder/Dockerfile.jsonschema @@ -1,11 +1,11 @@ -FROM golang:1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386 AS jsonschema-builder +FROM golang:1.24.4-alpine@sha256:68932fa6d4d4059845c8f40ad7e654e626f3ebd3706eef7846f319293ab5cb7a AS jsonschema-builder ADD hack/jsonschema/go.* hack/jsonschema/tools.go tools/ # the specific versions of these tools are in hack/go.mod so that Dependabot can bump them for updates RUN cd tools && go build --trimpath -o /usr/local/bin/protoc-gen-jsonschema github.com/chrusty/protoc-gen-jsonschema/cmd/protoc-gen-jsonschema -FROM gcr.io/distroless/static-debian12:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc +FROM gcr.io/distroless/static-debian12:nonroot@sha256:627d6c5a23ad24e6bdff827f16c7b60e0289029b0c79e9f7ccd54ae3279fb45f COPY --from=jsonschema-builder /usr/local/bin/protoc-gen-jsonschema /usr/local/bin/ COPY --from=protoc-base:jsonschema /protobuf/bin/protoc /usr/local/bin/ diff --git a/protoc-builder/Dockerfile.protoc b/protoc-builder/Dockerfile.protoc index cb70908b..3f713182 100644 --- a/protoc-builder/Dockerfile.protoc +++ b/protoc-builder/Dockerfile.protoc @@ -2,7 +2,7 @@ # This container grabs the protoc compiler and the googleapi includes # /protobuf will contain the extracted protoc # /googleapis will contain the various googleapis proto imports one might need -FROM debian:bullseye-slim@sha256:fdd75562fdcde1039c2480a1ea1cd2cf03b18b6e4cb551cabb03bde66ade8a5d AS protoc-builder +FROM debian:bullseye-slim@sha256:b5f9bc44bdfbd9d551dfdd432607cbc6bb5d9d6dea726a1191797d7749166973 AS protoc-builder # Create output directories RUN mkdir /protobuf /googleapis diff --git a/protoc-builder/Dockerfile.python b/protoc-builder/Dockerfile.python index 77a6e2e3..2c9ee810 100644 --- a/protoc-builder/Dockerfile.python +++ b/protoc-builder/Dockerfile.python @@ -1,4 +1,4 @@ -FROM python:3.13.3-alpine@sha256:18159b2be11db91f84b8f8f655cd860f805dbd9e49a583ddaac8ab39bf4fe1a7 +FROM python:3.13.5-alpine@sha256:9b4929a72599b6c6389ece4ecbf415fd1355129f22bb92bb137eea098f05e975 RUN pip3 install --upgrade --quiet pip diff --git a/protoc-builder/Dockerfile.ruby b/protoc-builder/Dockerfile.ruby index 888ce1ac..30c27290 100644 --- a/protoc-builder/Dockerfile.ruby +++ b/protoc-builder/Dockerfile.ruby @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static-debian12:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc +FROM gcr.io/distroless/static-debian12:nonroot@sha256:627d6c5a23ad24e6bdff827f16c7b60e0289029b0c79e9f7ccd54ae3279fb45f COPY --from=protoc-base:ruby /protobuf/bin/protoc /usr/local/bin/ COPY --from=protoc-base:ruby /protobuf/include/google /opt/include/google diff --git a/protoc-builder/Dockerfile.rust b/protoc-builder/Dockerfile.rust index 7683c516..346d92c9 100644 --- a/protoc-builder/Dockerfile.rust +++ b/protoc-builder/Dockerfile.rust @@ -1,4 +1,4 @@ -FROM rust:1.86.0@sha256:640960fe15de2f67cc88db7f0f547977cb759cba9eab246df29d98d02aaf24b8 +FROM rust:1.87.0@sha256:25038aa450210c53cf05dbf7b256e1df1ee650a58bb46cbc7d6fa79c1d98d083 COPY --from=protoc-base:rust /protobuf/bin/protoc /usr/local/bin/ COPY --from=protoc-base:rust /protobuf/include/google /opt/include/google diff --git a/protoc-builder/Dockerfile.typescript b/protoc-builder/Dockerfile.typescript index e864e310..80242433 100644 --- a/protoc-builder/Dockerfile.typescript +++ b/protoc-builder/Dockerfile.typescript @@ -1,4 +1,4 @@ -FROM node:22@sha256:816f04d578545be8f3faadaefaa0926c65e67056d9bf2864009976380c2b0713 AS typescript-builder +FROM node:24@sha256:4b383ce285ed2556aa05a01c76305405a3fecd410af56e2d47a039c59bdc2f04 AS typescript-builder RUN mkdir /app COPY hack/package*.json /app WORKDIR /app @@ -9,7 +9,7 @@ RUN npm ci --install-strategy=shallow # /usr/bin/env is called from ts-proto but not in distroless by default; we use busybox for this FROM gcr.io/distroless/base-debian12:debug-nonroot@sha256:5baa38c4513f1eeb010c1f6c6bbc5b2c244b40afce7d4100142be22024a48630 AS env-source -FROM gcr.io/distroless/nodejs22-debian12:nonroot@sha256:7461370c8473cfcbf5def249423d5e8301b0e6b98cb256b3c8707f0201c2ea4a +FROM gcr.io/distroless/nodejs22-debian12:nonroot@sha256:581893ba58980f0b4c7444d7a16b89f4e966cd89a89f3e0c6f26c482e312f008 # node is installed in a non-default location in distroless ENV PATH=$PATH:/nodejs/bin diff --git a/protoc-builder/hack/package-lock.json b/protoc-builder/hack/package-lock.json index 06978fd4..fd4fc664 100644 --- a/protoc-builder/hack/package-lock.json +++ b/protoc-builder/hack/package-lock.json @@ -10,7 +10,7 @@ "grpc_tools_node_protoc_ts": "5.3.3", "grpc-tools": "1.13.0", "protoc-gen-grpc-web": "1.5.0", - "ts-proto": "2.7.0" + "ts-proto": "2.7.5" } }, "node_modules/@bufbuild/protobuf": { @@ -167,9 +167,10 @@ } }, "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -566,6 +567,7 @@ "version": "1.0.8", "resolved": "https://registry.npmjs.org/dprint-node/-/dprint-node-1.0.8.tgz", "integrity": "sha512-iVKnUtYfGrYcW1ZAlfR/F59cUVL8QIhWoBJoSjkkdua/dkWIgjZfiLMeTjiB06X0ZLkQ0M2C1VbUj/CxkIf1zg==", + "license": "MIT", "dependencies": { "detect-libc": "^1.0.3" } @@ -574,6 +576,7 @@ "version": "1.0.3", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-1.0.3.tgz", "integrity": "sha512-pGjwhsmsp4kL2RTz08wcOlGN83otlqHeD/Z5T8GXZB+/YcpQ/dgo+lbU8ZsGxV0HIvqqxo9l7mqYwyYMD9bKDg==", + "license": "Apache-2.0", "bin": { "detect-libc": "bin/detect-libc.js" }, @@ -1678,22 +1681,22 @@ } }, "node_modules/ts-poet": { - "version": "6.9.0", - "resolved": "https://registry.npmjs.org/ts-poet/-/ts-poet-6.9.0.tgz", - "integrity": "sha512-roe6W6MeZmCjRmppyfOURklO5tQFQ6Sg7swURKkwYJvV7dbGCrK28um5+51iW3twdPRKtwarqFAVMU6G1mvnuQ==", + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/ts-poet/-/ts-poet-6.12.0.tgz", + "integrity": "sha512-xo+iRNMWqyvXpFTaOAvLPA5QAWO6TZrSUs5s4Odaya3epqofBu/fMLHEWl8jPmjhA0s9sgj9sNvF1BmaQlmQkA==", + "license": "Apache-2.0", "dependencies": { "dprint-node": "^1.0.8" } }, "node_modules/ts-proto": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/ts-proto/-/ts-proto-2.7.0.tgz", - "integrity": "sha512-BGHjse2wTOeswOqnnPKinpxmbaRd882so/e1En6ww59YMG7AO9Kg4vPpJcbVfrpBixPRDqHafXD/RDyd2T99GA==", - "license": "ISC", + "version": "2.7.5", + "resolved": "https://registry.npmjs.org/ts-proto/-/ts-proto-2.7.5.tgz", + "integrity": "sha512-FoRxSaNW+P3m+GiXIZjUjhaHXT67Ah4zMGKzn4yklbGRQTS+PqpUhKo5AJnwfUDUByjEUG7ch36byFUYWRH9Nw==", "dependencies": { "@bufbuild/protobuf": "^2.0.0", "case-anything": "^2.1.13", - "ts-poet": "^6.7.0", + "ts-poet": "^6.12.0", "ts-proto-descriptors": "2.0.0" }, "bin": { @@ -1939,9 +1942,9 @@ } }, "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -3087,21 +3090,21 @@ } }, "ts-poet": { - "version": "6.9.0", - "resolved": "https://registry.npmjs.org/ts-poet/-/ts-poet-6.9.0.tgz", - "integrity": "sha512-roe6W6MeZmCjRmppyfOURklO5tQFQ6Sg7swURKkwYJvV7dbGCrK28um5+51iW3twdPRKtwarqFAVMU6G1mvnuQ==", + "version": "6.12.0", + "resolved": "https://registry.npmjs.org/ts-poet/-/ts-poet-6.12.0.tgz", + "integrity": "sha512-xo+iRNMWqyvXpFTaOAvLPA5QAWO6TZrSUs5s4Odaya3epqofBu/fMLHEWl8jPmjhA0s9sgj9sNvF1BmaQlmQkA==", "requires": { "dprint-node": "^1.0.8" } }, "ts-proto": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/ts-proto/-/ts-proto-2.7.0.tgz", - "integrity": "sha512-BGHjse2wTOeswOqnnPKinpxmbaRd882so/e1En6ww59YMG7AO9Kg4vPpJcbVfrpBixPRDqHafXD/RDyd2T99GA==", + "version": "2.7.5", + "resolved": "https://registry.npmjs.org/ts-proto/-/ts-proto-2.7.5.tgz", + "integrity": "sha512-FoRxSaNW+P3m+GiXIZjUjhaHXT67Ah4zMGKzn4yklbGRQTS+PqpUhKo5AJnwfUDUByjEUG7ch36byFUYWRH9Nw==", "requires": { "@bufbuild/protobuf": "^2.0.0", "case-anything": "^2.1.13", - "ts-poet": "^6.7.0", + "ts-poet": "^6.12.0", "ts-proto-descriptors": "2.0.0" } }, diff --git a/protoc-builder/hack/package.json b/protoc-builder/hack/package.json index 9a91ce9e..3d2092d0 100644 --- a/protoc-builder/hack/package.json +++ b/protoc-builder/hack/package.json @@ -6,6 +6,6 @@ "grpc_tools_node_protoc_ts": "5.3.3", "grpc-tools": "1.13.0", "protoc-gen-grpc-web": "1.5.0", - "ts-proto": "2.7.0" + "ts-proto": "2.7.5" } } diff --git a/protoc-builder/versions.mk b/protoc-builder/versions.mk index 74f2e4a9..782e5a08 100644 --- a/protoc-builder/versions.mk +++ b/protoc-builder/versions.mk @@ -15,7 +15,7 @@ DEFAULT_PROTOC_VERSION=v30.2 DEFAULT_PROTOC_CHECKSUM=sha256:327e9397c6fb3ea2a542513a3221334c6f76f7aa524a7d2561142b67b312a01f # git commit from https://github.com/googleapis/googleapis -DEFAULT_GOOGLEAPIS_COMMIT=cc6c360ec4509ef0288d5e2c85bd6ec1a3b1de83 +DEFAULT_GOOGLEAPIS_COMMIT=f37bfb8159ea687e6c2a6b587f5cf1dada04b9f8 ################################################################################## ### DO NOT EDIT BELOW THIS LINE, AS THESE VALUES ARE USED IN THE CORE MAKEFILE ### diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto index d36cb81b..11a9b503 100644 --- a/protos/sigstore_trustroot.proto +++ b/protos/sigstore_trustroot.proto @@ -40,19 +40,23 @@ message TransparencyLogInstance { // The public key used to verify signatures generated by the log. // This attribute contains the signature algorithm used by the log. dev.sigstore.common.v1.PublicKey public_key = 3; - // The unique identifier for this transparency log. + // The identifier for this transparency log. // Represented as the SHA-256 hash of the log's public key, // calculated over the DER encoding of the key represented as // SubjectPublicKeyInfo. // See https://www.rfc-editor.org/rfc/rfc6962#section-3.2 - // MUST set checkpoint_key_id if multiple logs use the same - // signing key. - // Deprecated: Use checkpoint_key_id instead, since log_id is not + // For Rekor v2 instances, log_id and checkpoint_key_id will be set + // to the same value. + // It is recommended to use checkpoint_key_id instead, since log_id is not // guaranteed to be unique across multiple deployments. Clients - // must use the key name and key ID from a checkpoint to determine - // the correct TransparencyLogInstance to verify a proof. - dev.sigstore.common.v1.LogId log_id = 4 [deprecated = true]; + // must use the key name and key ID, as defined by the signed-note spec + // linked below, from a checkpoint to determine the correct + // TransparencyLogInstance to verify a proof. + // log_id will eventually be deprecated in favor of checkpoint_id. + dev.sigstore.common.v1.LogId log_id = 4; // The unique identifier for the log, used in the checkpoint. + // Only supported for TrustedRoot media types matching or greater than + // application/vnd.dev.sigstore.trustedroot.v0.2+json // Its calculation is described in // https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures // SHOULD be set for all logs. When not set, clients MUST use log_id. @@ -77,6 +81,8 @@ message TransparencyLogInstance { dev.sigstore.common.v1.LogId checkpoint_key_id = 5; // The name of the operator of this log deployment. Operator MUST be // formatted as a scheme-less URI, e.g. sigstore.dev + // Only supported for TrustedRoot media types matching or greater than + // application/vnd.dev.sigstore.trustedroot.v0.2+json // This MUST be used when there are multiple transparency log instances // to determine if log proof verification meets a specified threshold, // e.g. two proofs from log deployments operated by the same operator @@ -150,10 +156,12 @@ message CertificateAuthority { // for a suitable instance before creating a per artifact trust root (that // is, a sub-set of the complete trust root) that is used for verification. message TrustedRoot { - // MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + // MUST be application/vnd.dev.sigstore.trustedroot.v0.2+json // when encoded as JSON. - // Clients MUST be able to process and parse content with the media - // type defined in the old format: + // Clients MAY choose to also support + // application/vnd.dev.sigstore.trustedroot.v0.1+json + // Clients MAY process and parse content with the media type defined + // in the old format: // application/vnd.dev.sigstore.trustedroot+json;version=0.1 string media_type = 1; // A set of trusted Rekor servers.