From ea7269b6033a94c2d3e9e74488fa06f1b4aa33e1 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Thu, 22 Aug 2024 17:57:08 +0200 Subject: [PATCH] added version to the signing config message. (#383) Signed-off-by: Fredrik Skogman --- .../schemas/ClientTrustConfig.schema.json | 4 ++++ .../schemas/SigningConfig.schema.json | 4 ++++ .../trustroot/v1/sigstore_trustroot.pb.go | 15 +++++++++++++-- .../dev/sigstore/trustroot/v1/__init__.py | 3 +++ gen/pb-ruby/lib/sigstore_trustroot_pb.rb | 1 + .../generated/dev.sigstore.trustroot.v1.rs | 3 +++ .../src/generated/file_descriptor_set.bin | Bin 118553 -> 118708 bytes .../src/__generated__/sigstore_trustroot.ts | 6 +++++- protos/sigstore_trustroot.proto | 3 +++ 9 files changed, 36 insertions(+), 3 deletions(-) diff --git a/gen/jsonschema/schemas/ClientTrustConfig.schema.json b/gen/jsonschema/schemas/ClientTrustConfig.schema.json index 24367583..f3397097 100644 --- a/gen/jsonschema/schemas/ClientTrustConfig.schema.json +++ b/gen/jsonschema/schemas/ClientTrustConfig.schema.json @@ -188,6 +188,10 @@ }, "dev.sigstore.trustroot.v1.SigningConfig": { "properties": { + "mediaType": { + "type": "string", + "description": "MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json" + }, "caUrl": { "type": "string", "description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`." diff --git a/gen/jsonschema/schemas/SigningConfig.schema.json b/gen/jsonschema/schemas/SigningConfig.schema.json index 71d7723b..74c12fea 100644 --- a/gen/jsonschema/schemas/SigningConfig.schema.json +++ b/gen/jsonschema/schemas/SigningConfig.schema.json @@ -4,6 +4,10 @@ "definitions": { "SigningConfig": { "properties": { + "mediaType": { + "type": "string", + "description": "MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json" + }, "caUrl": { "type": "string", "description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`." diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index c8e00755..e86dfed4 100644 --- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -369,6 +369,8 @@ type SigningConfig struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + // MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json + MediaType string `protobuf:"bytes,5,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // A URL to a Fulcio-compatible CA, capable of receiving // Certificate Signing Requests (CSRs) and responding with // issued certificates. @@ -429,6 +431,13 @@ func (*SigningConfig) Descriptor() ([]byte, []int) { return file_sigstore_trustroot_proto_rawDescGZIP(), []int{3} } +func (x *SigningConfig) GetMediaType() string { + if x != nil { + return x.MediaType + } + return "" +} + func (x *SigningConfig) GetCaUrl() string { if x != nil { return x.CaUrl @@ -597,8 +606,10 @@ var file_sigstore_trustroot_proto_rawDesc = []byte{ 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x79, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69, - 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x75, + 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x98, 0x01, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, + 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, + 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, + 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x61, 0x55, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c, diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py index e50f2cfd..00f73142 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py @@ -159,6 +159,9 @@ class SigningConfig(betterproto.Message): signer may need to connect to for the online aspects of signing. """ + media_type: str = betterproto.string_field(5) + """MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json""" + ca_url: str = betterproto.string_field(1) """ A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing diff --git a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb index 19c93e2e..f4be94fe 100644 --- a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb +++ b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb @@ -29,6 +29,7 @@ repeated :timestamp_authorities, :message, 5, "dev.sigstore.trustroot.v1.CertificateAuthority" end add_message "dev.sigstore.trustroot.v1.SigningConfig" do + optional :media_type, :string, 5 optional :ca_url, :string, 1 optional :oidc_url, :string, 2 repeated :tlog_urls, :string, 3 diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs index 42d7f77f..4aee83ac 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs @@ -170,6 +170,9 @@ pub struct TrustedRoot { #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, PartialEq, ::prost::Message)] pub struct SigningConfig { + /// MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json + #[prost(string, tag = "5")] + pub media_type: ::prost::alloc::string::String, /// A URL to a Fulcio-compatible CA, capable of receiving /// Certificate Signing Requests (CSRs) and responding with /// issued certificates. diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index 66e9233bca24e1218e9c397aeef337c2fc860372..1585c0a08280846cd917afbb1201d18061561a84 100644 GIT binary patch delta 695 zcmYL`&ubGw6vy+OoivjN?bfJuQ>{d8Yeg)zco9MT0isyNM!kqoL~Dp(s#FT47oi6a z{sE&PicxgaNDi8~LJ6*HPvXUYKm_q%@ox~{%xWCbdem{)HRDdY7s7my41w6iy_ojJ536+!Vufy;T#zW z&2aNk9F>V<7if@_jn5Ph4lzDM=d6=g9O*_A=TAgX@jpmm)*E3cm6-KL*gugt1v?`g Rm`$8QS!Wa+d57P7{{z||c&q>b delta 578 zcmYL`PfJ@t6vcC9CT6@PCXHH?YQg{3g{8QYy0A7bO0BIGH+}#^Hj!=$p&KC!H{B0{ z=%x>?PeGo-laz-qTM?wtZ&12u>4)f@_lNA}%$f7M+%s24x&6c3?iIFL^4B_<=jW*S zpIUgPicQLI)N74;qxNd2v0bnEKlkthy%#H#D`opK9slDfHia+0pr?#WLtpXd!Koyr zq{x)ik>7N1g859A&(M98r>u2gWnnOt(#mp$I*5YoI%eY-H}l|})6Ky;C=4YzaL&Qw zVY-WRqNH3?J;Ciuq4)@0OdblxxOkZ61Y=y3$5NLuE+(hwUyNbtnRnmtcUdyV>tZBh zye>vE#zT2D!AP6K#3WsUgi@uRYh*g+^C`T-HFSmE^KQzP(l(1OKFqb#z4($zZ4@dI zi6xWT7 String(e)) : [], @@ -342,6 +345,7 @@ export const SigningConfig = { toJSON(message: SigningConfig): unknown { const obj: any = {}; + message.mediaType !== undefined && (obj.mediaType = message.mediaType); message.caUrl !== undefined && (obj.caUrl = message.caUrl); message.oidcUrl !== undefined && (obj.oidcUrl = message.oidcUrl); if (message.tlogUrls) { diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto index 32c07a91..9adaf604 100644 --- a/protos/sigstore_trustroot.proto +++ b/protos/sigstore_trustroot.proto @@ -148,6 +148,9 @@ message TrustedRoot { // signing. In particular, it primarily contains service URLs that a Sigstore // signer may need to connect to for the online aspects of signing. message SigningConfig { + // MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json + string media_type = 5; + // A URL to a Fulcio-compatible CA, capable of receiving // Certificate Signing Requests (CSRs) and responding with // issued certificates.