Merge remote-tracking branch 'upstream/main' into ww/client-trust-config

Signed-off-by: William Woodruff <[email protected]>
trail-of-forks · Apr 1, 2024 · 7bb5b75 · 7bb5b75
2 parents 354b78a + 0d09353
commit 7bb5b75
Show file tree

Hide file tree

Showing 20 changed files with 76 additions and 38 deletions.
diff --git a/.github/workflows/python-build.yml b/.github/workflows/python-build.yml
@@ -40,7 +40,7 @@ jobs:
     steps:
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: ${{ matrix.python-version }}
 

diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
     - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
-    - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+    - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
       with:
         python-version: "3.x"
 

diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json
@@ -6,7 +6,7 @@
             "properties": {
                 "mediaType": {
                     "type": "string",
-                    "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
+                    "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3"
                 },
                 "verificationMaterial": {
                     "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
@@ -52,8 +52,8 @@
             },
             "additionalProperties": false,
             "type": "object",
-            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
-            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
+            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.",
+            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
         },
         "dev.sigstore.bundle.v1.VerificationMaterial": {
             "properties": {

diff --git a/gen/jsonschema/schemas/ClientTrustConfig.schema.json b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
@@ -255,7 +255,7 @@
             "properties": {
                 "mediaType": {
                     "type": "string",
-                    "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1"
+                    "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1"
                 },
                 "tlogs": {
                     "items": {

diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json
@@ -39,7 +39,7 @@
             "properties": {
                 "mediaType": {
                     "type": "string",
-                    "description": "MUST be application/vnd.dev.sigstore.bundle+json;version=0.1 or application/vnd.dev.sigstore.bundle+json;version=0.2 or application/vnd.dev.sigstore.bundle+json;version=0.3 when encoded as JSON."
+                    "description": "MUST be application/vnd.dev.sigstore.bundle.v0.3+json when when encoded as JSON. Clients must to be able to accept media type using the previously defined formats: * application/vnd.dev.sigstore.bundle+json;version=0.1 * application/vnd.dev.sigstore.bundle+json;version=0.2 * application/vnd.dev.sigstore.bundle+json;version=0.3"
                 },
                 "verificationMaterial": {
                     "$ref": "#/definitions/dev.sigstore.bundle.v1.VerificationMaterial",
@@ -85,8 +85,8 @@
             },
             "additionalProperties": false,
             "type": "object",
-            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
-            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
+            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.",
+            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
         },
         "dev.sigstore.bundle.v1.VerificationMaterial": {
             "properties": {
@@ -597,7 +597,7 @@
             "properties": {
                 "mediaType": {
                     "type": "string",
-                    "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1"
+                    "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1"
                 },
                 "tlogs": {
                     "items": {

diff --git a/gen/jsonschema/schemas/TimestampVerificationData.schema.json b/gen/jsonschema/schemas/TimestampVerificationData.schema.json
@@ -15,8 +15,8 @@
             },
             "additionalProperties": false,
             "type": "object",
-            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
-            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
+            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.",
+            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
         },
         "dev.sigstore.common.v1.RFC3161SignedTimestamp": {
             "properties": {

diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json
@@ -6,7 +6,7 @@
             "properties": {
                 "mediaType": {
                     "type": "string",
-                    "description": "MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1"
+                    "description": "MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json when encoded as JSON. Clients MUST be able to process and parse content with the media type defined in the old format: application/vnd.dev.sigstore.trustedroot+json;version=0.1"
                 },
                 "tlogs": {
                     "items": {

diff --git a/gen/jsonschema/schemas/VerificationMaterial.schema.json b/gen/jsonschema/schemas/VerificationMaterial.schema.json
@@ -65,8 +65,8 @@
             },
             "additionalProperties": false,
             "type": "object",
-            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle+json;version=0.3\n The semantic version is thus '0.3'.",
-            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle+json;version=0.3 The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
+            "title": "Notes on versioning.\n The primary message ('Bundle') MUST be versioned, by populating the\n 'media_type' field. Semver-ish (only major/minor versions) scheme MUST\n be used. The current version as specified by this file is:\n application/vnd.dev.sigstore.bundle.v0.3+json\n The semantic version is thus '0.3'.",
+            "description": "Notes on versioning. The primary message ('Bundle') MUST be versioned, by populating the 'media_type' field. Semver-ish (only major/minor versions) scheme MUST be used. The current version as specified by this file is: application/vnd.dev.sigstore.bundle.v0.3+json The semantic version is thus '0.3'.  Various timestamped counter signatures over the artifacts signature. Currently only RFC3161 signatures are provided. More formats may be added in the future."
         },
         "dev.sigstore.common.v1.LogId": {
             "properties": {

diff --git a/gen/pb-go/bundle/v1/sigstore_bundle.pb.go b/gen/pb-go/bundle/v1/sigstore_bundle.pb.go
diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/bundle/v1/__init__.py
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.bundle.v1.rs
@@ -151,10 +151,13 @@ pub mod verification_material {
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct Bundle {
-    /// MUST be application/vnd.dev.sigstore.bundle+json;version=0.1
-    /// or application/vnd.dev.sigstore.bundle+json;version=0.2
-    /// or application/vnd.dev.sigstore.bundle+json;version=0.3
+    /// MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
     /// when encoded as JSON.
+    /// Clients must to be able to accept media type using the previously
+    /// defined formats:
+    /// * application/vnd.dev.sigstore.bundle+json;version=0.1
+    /// * application/vnd.dev.sigstore.bundle+json;version=0.2
+    /// * application/vnd.dev.sigstore.bundle+json;version=0.3
     #[prost(string, tag = "1")]
     pub media_type: ::prost::alloc::string::String,
     /// When a signer is identified by a X.509 certificate, a verifier MUST

diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
@@ -109,7 +109,11 @@ pub struct CertificateAuthority {
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct TrustedRoot {
-    /// MUST be application/vnd.dev.sigstore.trustedroot+json;version=0.1
+    /// MUST be application/vnd.dev.sigstore.trustedroot.v0.1+json
+    /// when encoded as JSON.
+    /// Clients MUST be able to process and parse content with the media
+    /// type defined in the old format:
+    /// application/vnd.dev.sigstore.trustedroot+json;version=0.1
     #[prost(string, tag = "1")]
     pub media_type: ::prost::alloc::string::String,
     /// A set of trusted Rekor servers.

diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
diff --git a/gen/pb-typescript/src/__generated__/sigstore_bundle.ts b/gen/pb-typescript/src/__generated__/sigstore_bundle.ts
diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
diff --git a/java/build.gradle.kts b/java/build.gradle.kts
@@ -22,7 +22,7 @@ repositories {
 }
 
 dependencies {
-    implementation("com.google.protobuf:protobuf-java:4.26.0")
+    implementation("com.google.protobuf:protobuf-java:4.26.1")
     implementation("com.google.api.grpc:proto-google-common-protos:2.37.1")
 }
 
@@ -39,7 +39,7 @@ java {
 
 protobuf {
     protoc {
-        artifact = "com.google.protobuf:protoc:4.26.0"
+        artifact = "com.google.protobuf:protoc:4.26.1"
     }
 }
 

diff --git a/protos/sigstore_bundle.proto b/protos/sigstore_bundle.proto
@@ -32,7 +32,7 @@ option ruby_package = "Sigstore::Bundle::V1";
 // The primary message ('Bundle') MUST be versioned, by populating the
 // 'media_type' field. Semver-ish (only major/minor versions) scheme MUST
 // be used. The current version as specified by this file is:
-// application/vnd.dev.sigstore.bundle+json;version=0.3
+// application/vnd.dev.sigstore.bundle.v0.3+json
 // The semantic version is thus '0.3'.
 
 // Various timestamped counter signatures over the artifacts signature.
@@ -109,10 +109,13 @@ message VerificationMaterial {
 }
 
 message Bundle {
-        // MUST be application/vnd.dev.sigstore.bundle+json;version=0.1
-        // or application/vnd.dev.sigstore.bundle+json;version=0.2
-        // or application/vnd.dev.sigstore.bundle+json;version=0.3
+        // MUST be application/vnd.dev.sigstore.bundle.v0.3+json when
         // when encoded as JSON.
+        // Clients must to be able to accept media type using the previously
+        // defined formats:
+        // * application/vnd.dev.sigstore.bundle+json;version=0.1
+        // * application/vnd.dev.sigstore.bundle+json;version=0.2
+        // * application/vnd.dev.sigstore.bundle+json;version=0.3
         string media_type = 1;
         // When a signer is identified by a X.509 certificate, a verifier MUST
         // verify that the signature was computed at the time the certificate