From de70969cb06170f74a82f4393314a23343c28c73 Mon Sep 17 00:00:00 2001
From: Lily Sturmann <lsturman@redhat.com>
Date: Tue, 19 Mar 2024 10:33:29 -0400
Subject: [PATCH] Add canonicalized Rekor Bundle message

Signed-off-by: Lily Sturmann <lsturman@redhat.com>
---
 gen/pb-go/rekor/v1/sigstore_rekor.pb.go       | 187 +++++++++++++-----
 .../dev/sigstore/rekor/v1/__init__.py         |  13 ++
 gen/pb-ruby/lib/sigstore_rekor_pb.rb          |   7 +
 .../src/generated/dev.sigstore.rekor.v1.rs    |  21 ++
 .../src/generated/file_descriptor_set.bin     | Bin 113901 -> 114558 bytes
 .../src/__generated__/sigstore_rekor.ts       |  36 ++++
 protos/sigstore_rekor.proto                   |   9 +
 7 files changed, 227 insertions(+), 46 deletions(-)

diff --git a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
index a385e9fd..26a83d11 100644
--- a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
+++ b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
@@ -298,6 +298,79 @@ func (x *InclusionPromise) GetSignedEntryTimestamp() []byte {
 	return nil
 }
 
+// The RekorBundle is the signed material used to produce the Signed Entry
+// Timestamp signature. See notes on the InclusionPromise above.
+type RekorBundle struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Body           []byte `protobuf:"bytes,1,opt,name=body,proto3" json:"body,omitempty"`
+	IntegratedTime int64  `protobuf:"varint,2,opt,name=integrated_time,json=integratedTime,proto3" json:"integrated_time,omitempty"`
+	LogId          string `protobuf:"bytes,3,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
+	LogIndex       int64  `protobuf:"varint,4,opt,name=log_index,json=logIndex,proto3" json:"log_index,omitempty"`
+}
+
+func (x *RekorBundle) Reset() {
+	*x = RekorBundle{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_sigstore_rekor_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *RekorBundle) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RekorBundle) ProtoMessage() {}
+
+func (x *RekorBundle) ProtoReflect() protoreflect.Message {
+	mi := &file_sigstore_rekor_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RekorBundle.ProtoReflect.Descriptor instead.
+func (*RekorBundle) Descriptor() ([]byte, []int) {
+	return file_sigstore_rekor_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *RekorBundle) GetBody() []byte {
+	if x != nil {
+		return x.Body
+	}
+	return nil
+}
+
+func (x *RekorBundle) GetIntegratedTime() int64 {
+	if x != nil {
+		return x.IntegratedTime
+	}
+	return 0
+}
+
+func (x *RekorBundle) GetLogId() string {
+	if x != nil {
+		return x.LogId
+	}
+	return ""
+}
+
+func (x *RekorBundle) GetLogIndex() int64 {
+	if x != nil {
+		return x.LogIndex
+	}
+	return 0
+}
+
 // TransparencyLogEntry captures all the details required from Rekor to
 // reconstruct an entry, given that the payload is provided via other means.
 // This type can easily be created from the existing response from Rekor.
@@ -354,7 +427,7 @@ type TransparencyLogEntry struct {
 func (x *TransparencyLogEntry) Reset() {
 	*x = TransparencyLogEntry{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_sigstore_rekor_proto_msgTypes[4]
+		mi := &file_sigstore_rekor_proto_msgTypes[5]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -367,7 +440,7 @@ func (x *TransparencyLogEntry) String() string {
 func (*TransparencyLogEntry) ProtoMessage() {}
 
 func (x *TransparencyLogEntry) ProtoReflect() protoreflect.Message {
-	mi := &file_sigstore_rekor_proto_msgTypes[4]
+	mi := &file_sigstore_rekor_proto_msgTypes[5]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -380,7 +453,7 @@ func (x *TransparencyLogEntry) ProtoReflect() protoreflect.Message {
 
 // Deprecated: Use TransparencyLogEntry.ProtoReflect.Descriptor instead.
 func (*TransparencyLogEntry) Descriptor() ([]byte, []int) {
-	return file_sigstore_rekor_proto_rawDescGZIP(), []int{4}
+	return file_sigstore_rekor_proto_rawDescGZIP(), []int{5}
 }
 
 func (x *TransparencyLogEntry) GetLogIndex() int64 {
@@ -467,44 +540,53 @@ var file_sigstore_rekor_proto_rawDesc = []byte{
 	0x16, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69,
 	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0,
 	0x41, 0x02, 0x52, 0x14, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xc7, 0x03, 0x0a, 0x14, 0x54, 0x72, 0x61,
-	0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x45, 0x6e, 0x74, 0x72,
-	0x79, 0x12, 0x20, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e,
-	0x64, 0x65, 0x78, 0x12, 0x39, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f,
-	0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x67,
-	0x49, 0x64, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x4a,
-	0x0a, 0x0c, 0x6b, 0x69, 0x6e, 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74,
-	0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x69, 0x6e,
-	0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x6b,
-	0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x0f, 0x69, 0x6e,
-	0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72,
-	0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x11, 0x69, 0x6e, 0x63, 0x6c,
-	0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x18, 0x05, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f,
-	0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x63, 0x6c,
-	0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x52, 0x10, 0x69, 0x6e,
-	0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73, 0x65, 0x12, 0x53,
-	0x0a, 0x0f, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6f,
-	0x66, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69,
-	0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e,
-	0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x42, 0x03,
-	0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72,
-	0x6f, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c,
-	0x69, 0x7a, 0x65, 0x64, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52,
-	0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x42, 0x6f,
-	0x64, 0x79, 0x42, 0x78, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f,
-	0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76,
-	0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a,
-	0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73,
-	0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70,
-	0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x72, 0x65,
-	0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x13, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72,
-	0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x92, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x6b,
+	0x6f, 0x72, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x62, 0x6f, 0x64,
+	0x79, 0x12, 0x2c, 0x0a, 0x0f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f,
+	0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
+	0x0e, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12,
+	0x1a, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42,
+	0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x09, 0x6c,
+	0x6f, 0x67, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03,
+	0xe0, 0x41, 0x02, 0x52, 0x08, 0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x22, 0xc7, 0x03,
+	0x0a, 0x14, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f,
+	0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x20, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x6e,
+	0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08,
+	0x6c, 0x6f, 0x67, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x39, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f,
+	0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73,
+	0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76,
+	0x31, 0x2e, 0x4c, 0x6f, 0x67, 0x49, 0x64, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6c, 0x6f,
+	0x67, 0x49, 0x64, 0x12, 0x4a, 0x0a, 0x0c, 0x6b, 0x69, 0x6e, 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x64, 0x65, 0x76, 0x2e,
+	0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76,
+	0x31, 0x2e, 0x4b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0,
+	0x41, 0x02, 0x52, 0x0b, 0x6b, 0x69, 0x6e, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12,
+	0x2c, 0x0a, 0x0f, 0x69, 0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69,
+	0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69,
+	0x6e, 0x74, 0x65, 0x67, 0x72, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x54, 0x0a,
+	0x11, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x69,
+	0x73, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73,
+	0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31,
+	0x2e, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d, 0x69, 0x73,
+	0x65, 0x52, 0x10, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6d,
+	0x69, 0x73, 0x65, 0x12, 0x53, 0x0a, 0x0f, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e,
+	0x5f, 0x70, 0x72, 0x6f, 0x6f, 0x66, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x64,
+	0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x72, 0x65, 0x6b, 0x6f,
+	0x72, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x63, 0x6c, 0x75, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72,
+	0x6f, 0x6f, 0x66, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0e, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x73,
+	0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x61, 0x6e, 0x6f,
+	0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x5f, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x07,
+	0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x69,
+	0x7a, 0x65, 0x64, 0x42, 0x6f, 0x64, 0x79, 0x42, 0x78, 0x0a, 0x1b, 0x64, 0x65, 0x76, 0x2e, 0x73,
+	0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x72, 0x65,
+	0x6b, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d,
+	0x67, 0x6f, 0x2f, 0x72, 0x65, 0x6b, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0xea, 0x02, 0x13, 0x53, 0x69,
+	0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x52, 0x65, 0x6b, 0x6f, 0x72, 0x3a, 0x3a, 0x56,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -519,18 +601,19 @@ func file_sigstore_rekor_proto_rawDescGZIP() []byte {
 	return file_sigstore_rekor_proto_rawDescData
 }
 
-var file_sigstore_rekor_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_sigstore_rekor_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
 var file_sigstore_rekor_proto_goTypes = []interface{}{
 	(*KindVersion)(nil),          // 0: dev.sigstore.rekor.v1.KindVersion
 	(*Checkpoint)(nil),           // 1: dev.sigstore.rekor.v1.Checkpoint
 	(*InclusionProof)(nil),       // 2: dev.sigstore.rekor.v1.InclusionProof
 	(*InclusionPromise)(nil),     // 3: dev.sigstore.rekor.v1.InclusionPromise
-	(*TransparencyLogEntry)(nil), // 4: dev.sigstore.rekor.v1.TransparencyLogEntry
-	(*v1.LogId)(nil),             // 5: dev.sigstore.common.v1.LogId
+	(*RekorBundle)(nil),          // 4: dev.sigstore.rekor.v1.RekorBundle
+	(*TransparencyLogEntry)(nil), // 5: dev.sigstore.rekor.v1.TransparencyLogEntry
+	(*v1.LogId)(nil),             // 6: dev.sigstore.common.v1.LogId
 }
 var file_sigstore_rekor_proto_depIdxs = []int32{
 	1, // 0: dev.sigstore.rekor.v1.InclusionProof.checkpoint:type_name -> dev.sigstore.rekor.v1.Checkpoint
-	5, // 1: dev.sigstore.rekor.v1.TransparencyLogEntry.log_id:type_name -> dev.sigstore.common.v1.LogId
+	6, // 1: dev.sigstore.rekor.v1.TransparencyLogEntry.log_id:type_name -> dev.sigstore.common.v1.LogId
 	0, // 2: dev.sigstore.rekor.v1.TransparencyLogEntry.kind_version:type_name -> dev.sigstore.rekor.v1.KindVersion
 	3, // 3: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_promise:type_name -> dev.sigstore.rekor.v1.InclusionPromise
 	2, // 4: dev.sigstore.rekor.v1.TransparencyLogEntry.inclusion_proof:type_name -> dev.sigstore.rekor.v1.InclusionProof
@@ -596,6 +679,18 @@ func file_sigstore_rekor_proto_init() {
 			}
 		}
 		file_sigstore_rekor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RekorBundle); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_sigstore_rekor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*TransparencyLogEntry); i {
 			case 0:
 				return &v.state
@@ -614,7 +709,7 @@ func file_sigstore_rekor_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_sigstore_rekor_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   5,
+			NumMessages:   6,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
index 81f2c522..0de804aa 100644
--- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
+++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
@@ -93,6 +93,19 @@ class InclusionPromise(betterproto.Message):
     signed_entry_timestamp: bytes = betterproto.bytes_field(1)
 
 
+@dataclass(eq=False, repr=False)
+class RekorBundle(betterproto.Message):
+    """
+    The RekorBundle is the signed material used to produce the Signed Entry
+    Timestamp signature. See notes on the InclusionPromise above.
+    """
+
+    body: bytes = betterproto.bytes_field(1)
+    integrated_time: int = betterproto.int64_field(2)
+    log_id: str = betterproto.string_field(3)
+    log_index: int = betterproto.int64_field(4)
+
+
 @dataclass(eq=False, repr=False)
 class TransparencyLogEntry(betterproto.Message):
     """
diff --git a/gen/pb-ruby/lib/sigstore_rekor_pb.rb b/gen/pb-ruby/lib/sigstore_rekor_pb.rb
index 73a343a3..3e3d7f88 100644
--- a/gen/pb-ruby/lib/sigstore_rekor_pb.rb
+++ b/gen/pb-ruby/lib/sigstore_rekor_pb.rb
@@ -25,6 +25,12 @@
     add_message "dev.sigstore.rekor.v1.InclusionPromise" do
       optional :signed_entry_timestamp, :bytes, 1
     end
+    add_message "dev.sigstore.rekor.v1.RekorBundle" do
+      optional :body, :bytes, 1
+      optional :integrated_time, :int64, 2
+      optional :log_id, :string, 3
+      optional :log_index, :int64, 4
+    end
     add_message "dev.sigstore.rekor.v1.TransparencyLogEntry" do
       optional :log_index, :int64, 1
       optional :log_id, :message, 2, "dev.sigstore.common.v1.LogId"
@@ -44,6 +50,7 @@ module V1
       Checkpoint = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.Checkpoint").msgclass
       InclusionProof = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.InclusionProof").msgclass
       InclusionPromise = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.InclusionPromise").msgclass
+      RekorBundle = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.RekorBundle").msgclass
       TransparencyLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("dev.sigstore.rekor.v1.TransparencyLogEntry").msgclass
     end
   end
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
index 6147a67a..a30efa03 100644
--- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
+++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
@@ -94,6 +94,27 @@ pub struct InclusionPromise {
     #[prost(bytes = "vec", tag = "1")]
     pub signed_entry_timestamp: ::prost::alloc::vec::Vec<u8>,
 }
+/// The RekorBundle is the signed material used to produce the Signed Entry
+/// Timestamp signature. See notes on the InclusionPromise above.
+#[derive(
+    sigstore_protobuf_specs_derive::Deserialize_proto,
+    sigstore_protobuf_specs_derive::Serialize_proto
+)]
+#[derive(::prost_reflect::ReflectMessage)]
+#[prost_reflect(message_name = "dev.sigstore.rekor.v1.RekorBundle")]
+#[prost_reflect(file_descriptor_set_bytes = "crate::FILE_DESCRIPTOR_SET_BYTES")]
+#[allow(clippy::derive_partial_eq_without_eq)]
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct RekorBundle {
+    #[prost(bytes = "vec", tag = "1")]
+    pub body: ::prost::alloc::vec::Vec<u8>,
+    #[prost(int64, tag = "2")]
+    pub integrated_time: i64,
+    #[prost(string, tag = "3")]
+    pub log_id: ::prost::alloc::string::String,
+    #[prost(int64, tag = "4")]
+    pub log_index: i64,
+}
 /// TransparencyLogEntry captures all the details required from Rekor to
 /// reconstruct an entry, given that the payload is provided via other means.
 /// This type can easily be created from the existing response from Rekor.
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
index 5689ad9f4d5b9d2b4b77907bce36ed5417b04e76..ac1713f2a46c2262929b05c427ae1e3515535abe 100644
GIT binary patch
delta 1281
zcmYk5&u<e)6vs2OJ7zK=j<o!+F+>^&K@`$J4u})bgoHLfNTbBDoe+wgc;p&qchP!n
z!6`kK_Ev;eNT4407m(6FpohW%Dse=W(nD2o;1A$}_|EKXgirqLd++n!yq*2<G56_H
z?xz>z;WT|Yx%=xh>8DqIBVu4#wZmwt8#K0+R}k)I*mzJRlAJv_<?Kz;W%Ixr6GN>a
zR?Vm$tHzzU<*Oo1?tV*3S4twc9X9W@8bt?1{b>=yquGWhMZbv!4RychBJ8ALuEYA_
z?xP!IhW7t+Ssd_KzVDaaf4?LD=XV|xL0#8#%YAF4^fQs=AC>%KOxfzl7>_!wW}q6<
z$4pVHzAd{QP#ns8QP}8iDU-93=F9|f^gzfm2Jggm|DLI>$K6Pc%N3<$5XPz_!@$(+
z%m!QA-A*eEmZH#ab(E}chCMYd@N-<3cutug5(C0@UE1e4tNa^rP%sTl(_ltOT+MqK
zIiMp)Gvc7aH8CW(uH#R+78S1=>yArNTH*6HnLu0F*AgAe4`(rGEAnJU&{j^(SuIJm
zm62IHEcKi!zix9WtW}=R2-fP*5ku%tp{*8=WkG1Gr75eWskVB2(rS@g<1;qbfws0k
ztOIQ=U&vxQvvfQoSZgPyt<_1bwc+bx;BOc2pLuKxH{xxTEKrZZv&Bz{Wh|ZPrK@CO
zoh*Kj|LCV|KM?Yi?FT|XW&459PuYH&%+3}1T{KcuHj~%uWNe91k^}J5W>An0jh@d4
z(&qSuj38}ZteHa~GnF<cs^S?jR;;|8%-teSHW;O_wsCXxWdXt3J}fhWwLOw`q_DO}
zZ(6Hec>BzPSTIuL`h320&3qWEi?g+4;yx)Pl?`%wl~Mf${QZsSH{jdrf|xF~*9C+&
zzP&D*%tm}%m-p%LuIEJjLg^hzme$D8<i8E_YJyQ0$B1~*4z53k=-9c8;E%o@7td1x
zCg~-6x5@9=DMMM0ryl?aWxc`~TgFh<`zn(#jMY28Vo%S~v3g_6;;#ed_&LvgxclY@
e@~1P(XpVshjyq_!nj;$XGDAn_{;^3et$zk6HOQa<

delta 634
zcmX|;yGz4R6o-56BVMnzLVQ$f3-wXKcZ;~WS@2aKC`G9?YKTLH3@*+(y1E2G5%FIT
z;;as$gYKO=IygDG6i<?S-SXxB&X?cGZ8nYXU*qfnE{gPVPI@0l(Cyz9;RpQD1t^l%
z#*Az+c_Mc14;(|8`0p!l+1~caBw@_t6@2ehphQdtCas9H+?0$l5;JMld#b|PIzDp*
z5tr?f2Pc@TCX$*cQmS8*KuQ;7hZI3lT#LYynV0!cij$VNzXuZ=jDUe4hSeYhN4arL
zD7B`hHKEkX?<grmQme2nZy>Z1liFT=53aB(L8~n~)g(cy-IdjZR(nW)k)YMittu;t
ztoBGrmO?3J9q-wK#WEul_jmsHrzmw286~AbFgu_LrOx28lF~@(3@yp8s46pQO-!fi
z;5Bxk$2;AJw*n&!OV>oNas>BK>l@RA{@Ub}ypIIf#Pv=N;1>TN$1zv*s36BNH#wpS
z$J|jZ;aJNZ-%_=BRLh;%l&>w}vWCgd{DVVyp*cnjjs&=FJiKlL0!(Bz(jdEZ1hbVt
D%fwXY

diff --git a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
index 8ff7d451..17ceeaf5 100644
--- a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
+++ b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
@@ -70,6 +70,17 @@ export interface InclusionPromise {
   signedEntryTimestamp: Buffer;
 }
 
+/**
+ * The RekorBundle is the signed material used to produce the Signed Entry
+ * Timestamp signature. See notes on the InclusionPromise above.
+ */
+export interface RekorBundle {
+  body: Buffer;
+  integratedTime: string;
+  logId: string;
+  logIndex: string;
+}
+
 /**
  * TransparencyLogEntry captures all the details required from Rekor to
  * reconstruct an entry, given that the payload is provided via other means.
@@ -228,6 +239,31 @@ export const InclusionPromise = {
   },
 };
 
+function createBaseRekorBundle(): RekorBundle {
+  return { body: Buffer.alloc(0), integratedTime: "0", logId: "", logIndex: "0" };
+}
+
+export const RekorBundle = {
+  fromJSON(object: any): RekorBundle {
+    return {
+      body: isSet(object.body) ? Buffer.from(bytesFromBase64(object.body)) : Buffer.alloc(0),
+      integratedTime: isSet(object.integratedTime) ? String(object.integratedTime) : "0",
+      logId: isSet(object.logId) ? String(object.logId) : "",
+      logIndex: isSet(object.logIndex) ? String(object.logIndex) : "0",
+    };
+  },
+
+  toJSON(message: RekorBundle): unknown {
+    const obj: any = {};
+    message.body !== undefined &&
+      (obj.body = base64FromBytes(message.body !== undefined ? message.body : Buffer.alloc(0)));
+    message.integratedTime !== undefined && (obj.integratedTime = message.integratedTime);
+    message.logId !== undefined && (obj.logId = message.logId);
+    message.logIndex !== undefined && (obj.logIndex = message.logIndex);
+    return obj;
+  },
+};
+
 function createBaseTransparencyLogEntry(): TransparencyLogEntry {
   return {
     logIndex: "0",
diff --git a/protos/sigstore_rekor.proto b/protos/sigstore_rekor.proto
index 2eca88f7..781d9c8f 100644
--- a/protos/sigstore_rekor.proto
+++ b/protos/sigstore_rekor.proto
@@ -80,6 +80,15 @@ message InclusionPromise {
         bytes signed_entry_timestamp = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
+// The RekorBundle is the signed material used to produce the Signed Entry
+// Timestamp signature. See notes on the InclusionPromise above.
+message RekorBundle {
+	bytes body = 1 [(google.api.field_behavior) = REQUIRED];
+	int64 integrated_time = 2 [(google.api.field_behavior) = REQUIRED];
+	string log_id = 3 [(google.api.field_behavior) = REQUIRED];
+	int64 log_index = 4 [(google.api.field_behavior) = REQUIRED];
+}
+
 // TransparencyLogEntry captures all the details required from Rekor to
 // reconstruct an entry, given that the payload is provided via other means.
 // This type can easily be created from the existing response from Rekor.