Skip to content

Commit

Permalink
add DSSE rekor type to support any DSSE envelope
Browse files Browse the repository at this point in the history 
Adds a DSSE envelope type to rekor.  If the DSSE envelope's payload is
an in-toto statement the in-toto subjects will be used as indices for
the envelope's rekord.  If the envelope's payload is within the server's
configured attestation size the payload will be stored as an
attestation.

Signed-off-by: Mikhail Swift <mikhail@testifysec.com>
  • Loading branch information
@mikhailswift
mikhailswift committed Jun 6, 2022
1 parent d6988cc commit 8ae8c48
Show file tree
Hide file tree
Showing 15 changed files with 1,485 additions and 8 deletions.
1 change: 1 addition & 0 deletions cmd/rekor-cli/app/root.go
View file
Expand Up @@ -28,6 +28,7 @@ import (

// these imports are to call the packages' init methods
_ "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
_ "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1"
_ "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1"
_ "github.com/sigstore/rekor/pkg/types/helm/v0.0.1"
_ "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1"
Expand Down
3 changes: 3 additions & 0 deletions cmd/rekor-server/app/serve.go
View file
Expand Up @@ -31,6 +31,8 @@ import (
"github.com/sigstore/rekor/pkg/log"
"github.com/sigstore/rekor/pkg/types/alpine"
alpine_v001 "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
"github.com/sigstore/rekor/pkg/types/dsse"
dsse_v001 "github.com/sigstore/rekor/pkg/types/dsse/v0.0.1"
hashedrekord "github.com/sigstore/rekor/pkg/types/hashedrekord"
hashedrekord_v001 "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1"
"github.com/sigstore/rekor/pkg/types/helm"
Expand Down Expand Up @@ -92,6 +94,7 @@ var serveCmd = &cobra.Command{
helm.KIND: helm_v001.APIVERSION,
tuf.KIND: tuf_v001.APIVERSION,
hashedrekord.KIND: hashedrekord_v001.APIVERSION,
dsse.KIND: dsse_v001.APIVERSION,
}

for k, v := range pluggableTypeMap {
Expand Down
17 changes: 17 additions & 0 deletions openapi.yaml
View file
Expand Up @@ -395,6 +395,23 @@ definitions:
- spec
additionalProperties: false

dsse:
type: object
description: DSSE object
allOf:
- $ref: '#/definitions/ProposedEntry'
- properties:
apiVersion:
type: string
pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
spec:
type: object
$ref: 'pkg/types/dsse/dsse_schema.json'
required:
- apiVersion
- spec
additionalProperties: false

rfc3161:
type: object
description: RFC3161 Timestamp
Expand Down
210 changes: 210 additions & 0 deletions pkg/generated/models/dsse.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 29 additions & 0 deletions pkg/generated/models/dsse_schema.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 8ae8c48

Please sign in to comment.