From 70cb986bbd2ffe227af464bd8b2b2a0ad333d8a8 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Fri, 25 Aug 2023 06:40:18 -0700 Subject: [PATCH] default to creating v0.2 Sigstore bundles (#644) Signed-off-by: Brian DeHamer --- .changeset/polite-donuts-jog.md | 7 +++++++ packages/bundle/src/__tests__/build.test.ts | 17 +++++------------ packages/bundle/src/build.ts | 6 +++--- .../sign/src/__tests__/bundler/base.test.ts | 4 ++-- .../sign/src/__tests__/bundler/bundle.test.ts | 8 ++++---- .../sign/src/__tests__/bundler/dsse.test.ts | 4 ++-- .../sign/src/__tests__/bundler/message.test.ts | 2 +- 7 files changed, 24 insertions(+), 24 deletions(-) create mode 100644 .changeset/polite-donuts-jog.md diff --git a/.changeset/polite-donuts-jog.md b/.changeset/polite-donuts-jog.md new file mode 100644 index 00000000..892f9455 --- /dev/null +++ b/.changeset/polite-donuts-jog.md @@ -0,0 +1,7 @@ +--- +'@sigstore/bundle': minor +'@sigstore/sign': minor +'sigstore': minor +--- + +Generate v0.2 Sigstore bundles diff --git a/packages/bundle/src/__tests__/build.test.ts b/packages/bundle/src/__tests__/build.test.ts index b429b7d9..7c45feba 100644 --- a/packages/bundle/src/__tests__/build.test.ts +++ b/packages/bundle/src/__tests__/build.test.ts @@ -16,6 +16,7 @@ limitations under the License. import { HashAlgorithm } from '@sigstore/protobuf-specs'; import assert from 'assert'; import { toDSSEBundle, toMessageSignatureBundle } from '../build'; +import { BUNDLE_V02_MEDIA_TYPE } from '../bundle'; const signature = Buffer.from('signature'); const keyHint = 'hint'; @@ -32,9 +33,7 @@ describe('toMessageSignatureBundle', () => { }); expect(b).toBeTruthy(); - expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' - ); + expect(b.mediaType).toEqual(BUNDLE_V02_MEDIA_TYPE); assert(b.content?.$case === 'messageSignature'); expect(b.content.messageSignature).toBeTruthy(); @@ -70,9 +69,7 @@ describe('toDSSEBundle', () => { }); expect(b).toBeTruthy(); - expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' - ); + expect(b.mediaType).toEqual(BUNDLE_V02_MEDIA_TYPE); assert(b.content?.$case === 'dsseEnvelope'); expect(b.content.dsseEnvelope).toBeTruthy(); @@ -98,9 +95,7 @@ describe('toDSSEBundle', () => { }); expect(b).toBeTruthy(); - expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' - ); + expect(b.mediaType).toEqual(BUNDLE_V02_MEDIA_TYPE); assert(b.content?.$case === 'dsseEnvelope'); expect(b.content.dsseEnvelope).toBeTruthy(); @@ -127,9 +122,7 @@ describe('toDSSEBundle', () => { }); expect(b).toBeTruthy(); - expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' - ); + expect(b.mediaType).toEqual(BUNDLE_V02_MEDIA_TYPE); assert(b.content?.$case === 'dsseEnvelope'); expect(b.content.dsseEnvelope).toBeTruthy(); diff --git a/packages/bundle/src/build.ts b/packages/bundle/src/build.ts index d9ed3d6c..fe806d3f 100644 --- a/packages/bundle/src/build.ts +++ b/packages/bundle/src/build.ts @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ import { HashAlgorithm } from '@sigstore/protobuf-specs'; -import { BUNDLE_V01_MEDIA_TYPE } from './bundle'; +import { BUNDLE_V02_MEDIA_TYPE } from './bundle'; import type { Envelope, Signature } from '@sigstore/protobuf-specs'; import type { @@ -46,7 +46,7 @@ export function toMessageSignatureBundle( options: MessageSignatureBundleOptions ): BundleWithMessageSignature { return { - mediaType: BUNDLE_V01_MEDIA_TYPE, + mediaType: BUNDLE_V02_MEDIA_TYPE, content: { $case: 'messageSignature', messageSignature: { @@ -67,7 +67,7 @@ export function toDSSEBundle( options: DSSEBundleOptions ): BundleWithDsseEnvelope { return { - mediaType: BUNDLE_V01_MEDIA_TYPE, + mediaType: BUNDLE_V02_MEDIA_TYPE, content: { $case: 'dsseEnvelope', dsseEnvelope: toEnvelope(options), diff --git a/packages/sign/src/__tests__/bundler/base.test.ts b/packages/sign/src/__tests__/bundler/base.test.ts index 0474e407..8165ed6b 100644 --- a/packages/sign/src/__tests__/bundler/base.test.ts +++ b/packages/sign/src/__tests__/bundler/base.test.ts @@ -146,7 +146,7 @@ describe('BaseBundleBuilder', () => { expect(bundle).toBeTruthy(); expect(bundle.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); expect(bundle.content).toBeTruthy(); expect(bundle.verificationMaterial).toBeTruthy(); @@ -238,7 +238,7 @@ describe('BaseBundleBuilder', () => { expect(bundle).toBeTruthy(); expect(bundle.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); expect(bundle.content).toBeTruthy(); expect(bundle.verificationMaterial).toBeTruthy(); diff --git a/packages/sign/src/__tests__/bundler/bundle.test.ts b/packages/sign/src/__tests__/bundler/bundle.test.ts index f542bc8e..6d8f60f0 100644 --- a/packages/sign/src/__tests__/bundler/bundle.test.ts +++ b/packages/sign/src/__tests__/bundler/bundle.test.ts @@ -43,7 +43,7 @@ describe('toMessageSignatureBundle', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); assert(b.content?.$case === 'messageSignature'); @@ -84,7 +84,7 @@ describe('toDSSEBundle', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); assert(b.content?.$case === 'dsseEnvelope'); @@ -120,7 +120,7 @@ describe('toDSSEBundle', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); assert(b.content?.$case === 'dsseEnvelope'); @@ -152,7 +152,7 @@ describe('toDSSEBundle', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); assert(b.content?.$case === 'dsseEnvelope'); diff --git a/packages/sign/src/__tests__/bundler/dsse.test.ts b/packages/sign/src/__tests__/bundler/dsse.test.ts index 120c565f..90732fbf 100644 --- a/packages/sign/src/__tests__/bundler/dsse.test.ts +++ b/packages/sign/src/__tests__/bundler/dsse.test.ts @@ -65,7 +65,7 @@ describe('DSSEBundleBuilder', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); expect(b.content.dsseEnvelope).toBeTruthy(); @@ -106,7 +106,7 @@ describe('DSSEBundleBuilder', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); expect(b.content.dsseEnvelope).toBeTruthy(); diff --git a/packages/sign/src/__tests__/bundler/message.test.ts b/packages/sign/src/__tests__/bundler/message.test.ts index 22a834d4..34ed4d47 100644 --- a/packages/sign/src/__tests__/bundler/message.test.ts +++ b/packages/sign/src/__tests__/bundler/message.test.ts @@ -69,7 +69,7 @@ describe('MessageSignatureBundleBuilder', () => { expect(b).toBeTruthy(); expect(b.mediaType).toEqual( - 'application/vnd.dev.sigstore.bundle+json;version=0.1' + 'application/vnd.dev.sigstore.bundle+json;version=0.2' ); expect(b.content.messageSignature).toBeTruthy();