Thanks to visit codestin.com
Credit goes to github.com

Skip to content

improve KindVersion compatibility #1370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

improve KindVersion compatibility #1370

wants to merge 8 commits into from
+25 −15

Conversation

ramonpetgrave64
Copy link
Contributor

Client support for Rekor V2: sigstore-python

Resolves #1369

Summary

  • Changes _from_response() to parse the KindVersion from the responses canonicalized json body and cache it.
  • Cahnges _from_dict_rekor() and _to_rekor() to store and reuse the cached KindVersion.

Release Note

  • Added LogEntry.kind_version, which is now parsed earlier upon receipt from the rekor API,
    either from the root of the response, or from the reponse's inner base64-encoded JSON body.

Documentation

None

@ramonpetgrave64
no trailing slash for post to /entries
79a6d31 
Signed-off-by: Ramon Petgrave <[email protected]>
@ramonpetgrave64
parse kind_version earlier
f69efca 
Signed-off-by: Ramon Petgrave <[email protected]>
@ramonpetgrave64
Revert "no trailing slash for post to /entries"
a6025a5 
This reverts commit 79a6d31.

Signed-off-by: Ramon Petgrave <[email protected]>
@ramonpetgrave64
lint
b06b4b5 
Signed-off-by: Ramon Petgrave <[email protected]>
@ramonpetgrave64
Copy link
Contributor Author

@woodruffw

@ramonpetgrave64 ramonpetgrave64 mentioned this pull request May 7, 2025
Open
28 tasks
jku
jku reviewed May 12, 2025
View reviewed changes
Copy link
Member

@jku jku left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you confirm I've understood correctly: we have two ways to deserialize some sort of log entry:

  • _from_response() that deserializes the rekor v1 response (that is not an actual v1.TransparencyLogEntry) while signing
  • _from_dict_rekor() deserializer for actual v1.TransparencyLogEntry, currently used by verification when parsing a bundle

And you want to use _from_dict_rekor() to also parse the responses from rekor v2 when signing (because now the response is an actual v1.TransparencyLogEntry)

The changes are required because previously kindversion was only parsed when serializing:

  • in rekor v1 response only canonicalized_body contains the kindversion?
  • with rekor v2, you want to get kindversion from v1.TransparencyLogEntry -- I think that makes sense since that way you don't have to parse the canonicalized body before you know what kind it is?

This seems to make sense, there is one part here I don't understand:

In rekor V2, we may not be including the KindVersion in the "canonicalized body"

I didn't think this is possible: don't the log witnesses operate only with canonicalized body so need the kindversion there?

@ramonpetgrave64
Copy link
Contributor Author

@jku I checked and with these two patches, KindVersion is now in the canonicalized_body for Rerkor V2. Still the new canonicalized body has a different layout in rekorV2, so I think this patch is simpler.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jku jku jku left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Parsing KindVersion in rekor V2
2 participants
@ramonpetgrave64 @jku