From 8fc81adafb90be2e1d829272bb7e666f7f2b9165 Mon Sep 17 00:00:00 2001 From: Fredrik Skogman Date: Wed, 27 Mar 2024 09:00:39 +0100 Subject: [PATCH] Updated media type to a format compatible with OCI registries Signed-off-by: Fredrik Skogman --- gen/jsonschema/schemas/Bundle.schema.json | 6 +++--- gen/jsonschema/schemas/Input.schema.json | 8 ++++---- .../TimestampVerificationData.schema.json | 4 ++-- .../schemas/TrustedRoot.schema.json | 2 +- .../schemas/VerificationMaterial.schema.json | 4 ++-- gen/pb-go/bundle/v1/sigstore_bundle.pb.go | 9 ++++++--- .../trustroot/v1/sigstore_trustroot.pb.go | 6 +++++- .../dev/sigstore/bundle/v1/__init__.py | 8 +++++--- .../dev/sigstore/trustroot/v1/__init__.py | 7 ++++++- .../src/generated/dev.sigstore.bundle.v1.rs | 9 ++++++--- .../generated/dev.sigstore.trustroot.v1.rs | 6 +++++- .../src/generated/file_descriptor_set.bin | Bin 113941 -> 114261 bytes .../src/__generated__/sigstore_bundle.ts | 9 ++++++--- .../src/__generated__/sigstore_trustroot.ts | 8 +++++++- protos/sigstore_bundle.proto | 11 +++++++---- protos/sigstore_trustroot.proto | 6 +++++- 16 files changed, 70 insertions(+), 33 deletions(-) diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json index e35435f0..467e8a35 100644 --- a/gen/jsonschema/schemas/Bundle.schema.json +++ b/gen/jsonschema/schemas/Bundle.schema.json @@ -6,7 +6,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON." + "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3" }, "verificationMaterial": { "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial", @@ -52,8 +52,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.bundle.v1.VerificationMaterial": { "properties": { diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json index 01aa6008..4d995c1f 100644 --- a/gen/jsonschema/schemas/Input.schema.json +++ b/gen/jsonschema/schemas/Input.schema.json @@ -39,7 +39,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON." + "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3" }, "verificationMaterial": { "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial", @@ -85,8 +85,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.bundle.v1.VerificationMaterial": { "properties": { @@ -597,7 +597,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1" + "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1" }, "tlogs": { "items": { diff --git a/gen/jsonschema/schemas/TimestampVerificationData.schema.json b/gen/jsonschema/schemas/TimestampVerificationData.schema.json index d47fe95e..0a95207a 100644 --- a/gen/jsonschema/schemas/TimestampVerificationData.schema.json +++ b/gen/jsonschema/schemas/TimestampVerificationData.schema.json @@ -15,8 +15,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.common.v1.RFC3161SignedTimestamp": { "properties": { diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json index fd26f81b..8ee8a154 100644 --- a/gen/jsonschema/schemas/TrustedRoot.schema.json +++ b/gen/jsonschema/schemas/TrustedRoot.schema.json @@ -6,7 +6,7 @@ "properties": { "mediaType": { "type": "string", - "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1" + "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1" }, "tlogs": { "items": { diff --git a/gen/jsonschema/schemas/VerificationMaterial.schema.json b/gen/jsonschema/schemas/VerificationMaterial.schema.json index e076fd2c..4530cb2b 100644 --- a/gen/jsonschema/schemas/VerificationMaterial.schema.json +++ b/gen/jsonschema/schemas/VerificationMaterial.schema.json @@ -65,8 +65,8 @@ }, "additionalProperties": false, "type": "object", - "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.", - "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." + "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.", + "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'. Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future." }, "dev.sigstore.common.v1.LogId": { "properties": { diff --git a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go index 6803954b..6ba51cfe 100644 --- a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go +++ b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go @@ -261,10 +261,13 @@ type Bundle struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 - // or application/vnd.dev.sigstore.bundle+json;version=0.2 - // or application/vnd.dev.sigstore.bundle+json;version=0.3 + // MUST be application/vnd.dev.sigstore.bundle.v0.3+json when // when encoded as JSON. + // Clients must to be able to accept media type using the previously + // defined formats: + // * application/vnd.dev.sigstore.bundle+json;version=0.1 + // * application/vnd.dev.sigstore.bundle+json;version=0.2 + // * application/vnd.dev.sigstore.bundle+json;version=0.3 MediaType string `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // When a signer is identified by a X.509 certificate, a verifier MUST // verify that the signature was computed at the time the certificate diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go index 21ec693f..31b193dd 100644 --- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go +++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go @@ -243,7 +243,11 @@ type TrustedRoot struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1 + // MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + // when encoded as JSON. + // Clients MUST be able to process and parse content with the media + // type defined in the old format: + // application/vnd.dev.sigstore.trustedroot+json;version=0.1 MediaType string `protobuf:"bytes,1,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"` // A set of trusted Rekor servers. Tlogs []*TransparencyLogInstance `protobuf:"bytes,2,rep,name=tlogs,proto3" json:"tlogs,omitempty"` diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py index 6854ce0f..4acd86c8 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py @@ -80,9 +80,11 @@ class VerificationMaterial(betterproto.Message): class Bundle(betterproto.Message): media_type: str = betterproto.string_field(1) """ - MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or - application/vnd.dev.sigstore.bundle+json;version=0.2 or - application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON. + MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as + JSON. Clients must to be able to accept media type using the previously + defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * + application/vnd.dev.sigstore.bundle+json;version=0.2 * + application/vnd.dev.sigstore.bundle+json;version=0.3 """ verification_material: "VerificationMaterial" = betterproto.message_field(2) diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py index 66c851ce..656980d3 100644 --- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py +++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py @@ -104,7 +104,12 @@ class TrustedRoot(betterproto.Message): """ media_type: str = betterproto.string_field(1) - """MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1""" + """ + MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as + JSON. Clients MUST be able to process and parse content with the media type + defined in the old format: + application/vnd.dev.sigstore.trustedroot+json;version=0.1 + """ tlogs: List["TransparencyLogInstance"] = betterproto.message_field(2) """A set of trusted Rekor servers.""" diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs index 9a49169c..b542a92d 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs @@ -151,10 +151,13 @@ pub mod verification_material { #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, PartialEq, ::prost::Message)] pub struct Bundle { - /// MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 - /// or application/vnd.dev.sigstore.bundle+json;version=0.2 - /// or application/vnd.dev.sigstore.bundle+json;version=0.3 + /// MUST be application/vnd.dev.sigstore.bundle.v0.3+json when /// when encoded as JSON. + /// Clients must to be able to accept media type using the previously + /// defined formats: + /// * application/vnd.dev.sigstore.bundle+json;version=0.1 + /// * application/vnd.dev.sigstore.bundle+json;version=0.2 + /// * application/vnd.dev.sigstore.bundle+json;version=0.3 #[prost(string, tag = "1")] pub media_type: ::prost::alloc::string::String, /// When a signer is identified by a X.509 certificate, a verifier MUST diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs index 3fa8fa80..5fc8d291 100644 --- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs +++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs @@ -109,7 +109,11 @@ pub struct CertificateAuthority { #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, PartialEq, ::prost::Message)] pub struct TrustedRoot { - /// MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1 + /// MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json + /// when encoded as JSON. + /// Clients MUST be able to process and parse content with the media + /// type defined in the old format: + /// application/vnd.dev.sigstore.trustedroot+json;version=0.1 #[prost(string, tag = "1")] pub media_type: ::prost::alloc::string::String, /// A set of trusted Rekor servers. diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin index 13c9ef2f1259bcd0aa75c81abd9c17ca973b68b0..e767640e63f6eb0b32f27fd394f31d32df150608 100644 GIT binary patch delta 1173 zcmaiz%TE(g6o-3ehC02GS|-sz1LOvk@X$hA9tC`0Txk>%k)4n9F+j^OQ#vzkiis5B zq6&#DlnKT^K#e9QK4#&{l?yhyaBEz!F;Np2Zj1?@JDsVra?{Lr@BN)~&&=2Rzx*G6 z`ztTuYl^F!u)n9^tq^z>Bm1O=pl{t?q>$pQa1M51#|qEGb9iBI&w~IYQtXe!dvm&` z+MgA8+DO*{2qC<{fyAp~kbL5ZAaI;d;)`N?_&sNBY(nR9%2YFo{5MQXbFxaDUn;9< zEhA@WQm5yqCMP0j84YUp&q)D3EAG$qqyN|D)PGM$$523?Rd*(5c}d6}AeR-L8B zoJ{itxtP^VT`3cqk!P|h7M;-w3rV9vA0@QM`nCiELeza4hT6hNoRIybf!(=*T{`Fy z4pcnQ;t`M3+D4uU&UhdR6|f)QfFs;;qZ0-{TM}D|i_VF*n1?*u9USsdWH@}CgoucZ zL3}9s*h=CW39|Y~{uK~!L!cHAeOPVi8)T6X!g{ z-m7roqKDXf6()*qZ?4vR6(&uxQTujyzG~mQ2@+hYLa4*d@mRGAhxJ z7AJQG?PLXJg}~M^g2M)VOZJCb@RPuj{q8Qj@rQQ7(=LbF{Q#z2beRbkb!`2wYZs@d zF8?bUHcrdBPLpbe=92|orfE$zP)l0M8gq_sj)bIUq32sxb+$Bxspn_zjS}WvyY+e# zx_WYZ^vdngD~EbTT)TM15-sQ-QN)ldAo|5COgYywSzb9MGKxl z!mQ`f5#DS%>L%E~)$Ba!5$4VDGvt&LM<`iSTQHs|)zdttOZD!k0$=LxbJIKv#NuSc lNedERwzjumthZcG3z#m~dkdH@caFJf0n=qW`T%x1{s8Mf4uBOxDfRrke$86WSVMt!>r*ByE~n)QXo1)`~xP@dpFOVAZ%?w}LU< zTq5nQATq^z6{Pl{AS~E}c=F)62fYbiiXwW@g9!S~W+%|wzBAwRzO&!E@mG8NN2|Vu zZ+Y_LkoP?g?^xv75Z`8oqoGC5N*QA?3TDv6jgf%Ut_*G-c`H<51@;0Hnlf6%q#*Al6pLBlu%@A2XFCQnt3`wL7z=yQK{O zl<|I6;W~?K_HoT*(a@ZCwFbX9%y}1