Skip to content

Commit

Permalink
Added an option for a more generic observer time, and aligned with v0…
Browse files Browse the repository at this point in the history 
….2 (#179)

* Added an option for a more generic observer time, and aligned with v0.2
in v0.2 inclusion proofs are preferred over SETs, and so it's now optional
to extract the timestamp from the SET.

Signed-off-by: Fredrik Skogman <[email protected]>

* Renamed a field based on PR feed back and clarified the comment.

Signed-off-by: Fredrik Skogman <[email protected]>

* Update protos/sigstore_verification.proto

Co-authored-by: William Woodruff <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>

* Updated verification options for tlog integrated time

Signed-off-by: Fredrik Skogman <[email protected]>

* Update protos/sigstore_verification.proto

Co-authored-by: Hayden B <[email protected]>
Signed-off-by: Fredrik Skogman <[email protected]>

* Updated timestamp options:
default is to only require one observer of any kind.
added missing  options to the ArtifactVerificationOptions

Signed-off-by: Fredrik Skogman <[email protected]>

---------

Signed-off-by: Fredrik Skogman <[email protected]>
Co-authored-by: William Woodruff <[email protected]>
Co-authored-by: Hayden B <[email protected]>
  • Loading branch information
@kommendorkapten @woodruffw @haydentherapper
3 people authored Jan 11, 2024
1 parent d96fa44 commit a0c939f
Show file tree
Hide file tree
Showing 9 changed files with 677 additions and 103 deletions.
52 changes: 51 additions & 1 deletion gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,17 @@
"tsaOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions",
"additionalProperties": false,
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false"
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"integratedTsOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions",
"additionalProperties": false,
"description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"observerOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions",
"additionalProperties": false,
"description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
}
},
"additionalProperties": false,
Expand Down Expand Up @@ -56,6 +66,16 @@
"required": [
"tsa_options"
]
},
{
"required": [
"integrated_ts_options"
]
},
{
"required": [
"observer_options"
]
}
],
"title": "Artifact Verification Options",
Expand Down Expand Up @@ -212,6 +232,21 @@
"type": "object",
"title": "Ctlog Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future."
},
"disable": {
"type": "boolean",
"description": "Disable observer timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Observer Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": {
"properties": {
"threshold": {
Expand All @@ -227,6 +262,21 @@
"type": "object",
"title": "Timestamp Authority Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of integrated timestamps that are expected."
},
"disable": {
"type": "boolean",
"description": "Disable integrated timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Tlog Integrated Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": {
"properties": {
"threshold": {
Expand Down
52 changes: 51 additions & 1 deletion gen/jsonschema/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -662,7 +662,17 @@
"tsaOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions",
"additionalProperties": false,
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false"
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"integratedTsOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions",
"additionalProperties": false,
"description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"observerOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions",
"additionalProperties": false,
"description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
}
},
"additionalProperties": false,
Expand Down Expand Up @@ -692,6 +702,16 @@
"required": [
"tsa_options"
]
},
{
"required": [
"integrated_ts_options"
]
},
{
"required": [
"observer_options"
]
}
],
"title": "Artifact Verification Options",
Expand All @@ -712,6 +732,21 @@
"type": "object",
"title": "Ctlog Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future."
},
"disable": {
"type": "boolean",
"description": "Disable observer timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Observer Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions": {
"properties": {
"threshold": {
Expand All @@ -727,6 +762,21 @@
"type": "object",
"title": "Timestamp Authority Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of integrated timestamps that are expected."
},
"disable": {
"type": "boolean",
"description": "Disable integrated timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Tlog Integrated Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": {
"properties": {
"threshold": {
Expand Down
Loading

0 comments on commit a0c939f

Please sign in to comment.