From 6ceb7112aee8546a5d0ee5290d5080afc808a228 Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Thu, 25 Apr 2024 16:10:12 -0700
Subject: [PATCH] Switch to plain-ruby protos

---
 Gemfile.lock                                  | 82 +++++++++++++++++--
 .../commands/sigstore_verify_command.rb       |  2 +-
 lib/sigstore/trusted_root.rb                  |  9 +-
 sigstore-cosign-verify.gemspec                |  2 +-
 test/sigstore/models_test.rb                  |  4 +-
 5 files changed, 85 insertions(+), 14 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 7182252..ea63fb2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,7 +2,7 @@ PATH
   remote: .
   specs:
     sigstore (0.1.0)
-      sigstore_protobuf_specs (~> 0.3.0)
+      protobug_sigstore_protos (~> 0.1.0)
 
 GEM
   remote: https://rubygems.org/
@@ -36,9 +36,6 @@ GEM
     ffi (1.16.3)
     ffi (1.16.3-java)
     fileutils (1.7.2)
-    google-protobuf (3.25.3-arm64-darwin)
-    googleapis-common-protos-types (1.13.0)
-      google-protobuf (~> 3.18)
     hashdiff (1.1.0)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
@@ -56,6 +53,16 @@ GEM
       ast (~> 2.4.1)
       racc
     power_assert (2.0.3)
+    protobug (0.1.0)
+    protobug_googleapis_field_behavior_protos (0.1.0)
+      protobug (= 0.1.0)
+      protobug_well_known_protos (= 0.1.0)
+    protobug_sigstore_protos (0.1.0)
+      protobug (= 0.1.0)
+      protobug_googleapis_field_behavior_protos (= 0.1.0)
+      protobug_well_known_protos (= 0.1.0)
+    protobug_well_known_protos (0.1.0)
+      protobug (= 0.1.0)
     public_suffix (5.0.4)
     racc (1.7.3)
     racc (1.7.3-java)
@@ -86,9 +93,6 @@ GEM
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     securerandom (0.3.1)
-    sigstore_protobuf_specs (0.3.0)
-      google-protobuf (~> 3.21, >= 3.21.12)
-      googleapis-common-protos-types (~> 1.4)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -146,5 +150,69 @@ DEPENDENCIES
   vcr (~> 6.2)
   webmock (~> 3.23)
 
+CHECKSUMS
+  abbrev (0.1.2) sha256=ad1b4eaaaed4cb722d5684d63949e4bde1d34f2a95e20db93aecfe7cbac74242
+  activesupport (7.1.3.2) sha256=ad8445b7ae4a6d3acc5f88c8c5f437eb0b54062032aaf44856c7b6d3855b8b2e
+  addressable (2.8.6) sha256=798f6af3556641a7619bad1dce04cdb6eb44b0216a991b0396ea7339276f2b47
+  ast (2.4.2) sha256=1e280232e6a33754cde542bc5ef85520b74db2aac73ec14acef453784447cc12
+  base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507
+  bigdecimal (3.1.6) sha256=bcbc27d449cf8ed1b1814d21308f49c9d22ce73e33fff0d228e38799c02eab01
+  bigdecimal (3.1.6-java) sha256=2ef0e13a578e2411123254273f8b34c47ff9d45de91a6f64465fb217de8d5d04
+  concurrent-ruby (1.2.3) sha256=82fdd3f8a0816e28d513e637bb2b90a45d7b982bdf4f3a0511722d2e495801e2
+  connection_pool (2.4.1) sha256=0f40cf997091f1f04ff66da67eabd61a9fe0d4928b9a3645228532512fab62f4
+  crack (1.0.0) sha256=c83aefdb428cdc7b66c7f287e488c796f055c0839e6e545fec2c7047743c4a49
+  csv (3.2.8) sha256=2f5e11e8897040b97baf2abfe8fa265b314efeb8a9b7f756db9ebcf79e7db9fe
+  docile (1.4.0) sha256=5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3
+  drb (2.2.0) sha256=e9e4af1cded3306cfe37e064a0086e302d5f40df9cb4d161d059a6bb3a75d40f
+  ffi (1.16.3) sha256=6d3242ff10c87271b0675c58d68d3f10148fabc2ad6da52a18123f06078871fb
+  ffi (1.16.3-java) sha256=6f107fcd7c96f9c96f7e57db749b99502cc2f65665f7b2241d087a8f8c01d42c
+  fileutils (1.7.2) sha256=36a0fb324218263e52b486ad7408e9a295378fe8edc9fd343709e523c0980631
+  hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9
+  i18n (1.14.1) sha256=9d03698903547c060928e70a9bc8b6b87fda674453cda918fc7ab80235ae4a61
+  json (2.7.1) sha256=187ea312fb58420ff0c40f40af1862651d4295c8675267c6a1c353f1a0ac3265
+  json (2.7.1-java) sha256=bfd628c0f8357058c2cf848febfa6f140f70f94ec492693a31a0a1933038a61b
+  language_server-protocol (3.17.0.3) sha256=3d5c58c02f44a20d972957a9febe386d7e7468ab3900ce6bd2b563dd910c6b3f
+  listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67
+  logger (1.6.0) sha256=0ab7c120262dd8de2a18cb8d377f1f318cbe98535160a508af9e7710ff43ef3e
+  minitest (5.22.2) sha256=c5a5003fc2114a3fde506e87f377f32a0882b41d944d7b90cf4cd1f781dbc718
+  mutex_m (0.2.0) sha256=b6ef0c6c842ede846f2ec0ade9e266b1a9dac0bc151682b04835e8ebd54840d5
+  parallel (1.24.0) sha256=5bf38efb9b37865f8e93d7a762727f8c5fc5deb19949f4040c76481d5eee9397
+  parser (3.3.0.5) sha256=7748313e505ca87045dc0465c776c802043f777581796eb79b1654c5d19d2687
+  power_assert (2.0.3) sha256=cd5e13c267370427c9804ce6a57925d6030613e341cb48e02eec1f3c772d4cf8
+  protobug (0.1.0) sha256=5bf1356cedf99dcf311890743b78f5e602f62ca703e574764337f1996b746bf2
+  protobug_googleapis_field_behavior_protos (0.1.0) sha256=db48ef6a5913b2355b4a6931ab400a9e3e995fb48499977a3ad0be6365f9e265
+  protobug_sigstore_protos (0.1.0) sha256=4ad1eebaf6454131b6f432dda50ad0e513773613474b92470847614a5acacce1
+  protobug_well_known_protos (0.1.0) sha256=356757f562453bb34a28f12e8e9fa357346cca35a6807a549837c3fe256bb5b3
+  public_suffix (5.0.4) sha256=35cd648e0d21d06b8dce9331d19619538d1d898ba6d56a6f2258409d2526d1ae
+  racc (1.7.3) sha256=b785ab8a30ec43bce073c51dbbe791fd27000f68d1c996c95da98bf685316905
+  racc (1.7.3-java) sha256=b2ad737e788cfa083263ce7c9290644bb0f2c691908249eb4f6eb48ed2815dbf
+  rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a
+  rake (13.1.0) sha256=be6a3e1aa7f66e6c65fa57555234eb75ce4cf4ada077658449207205474199c6
+  rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe
+  rb-inotify (0.10.1) sha256=050062d4f31d307cca52c3f6a7f4b946df8de25fc4bd373e1a5142e41034a7ca
+  rbs (3.4.4) sha256=1376d2604a00832641bb47521595e63a1c0d1cc241ded383ba48ddb4396de5a8
+  regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9
+  rexml (3.2.6) sha256=e0669a2d4e9f109951cb1fde723d8acd285425d81594a2ea929304af50282816
+  rubocop (1.60.2) sha256=000da0bffba2da48efdab233b13085afc3fabad2aa17ef0470cbaa0fd7cbc76c
+  rubocop-ast (1.30.0) sha256=faad6452b1018fee0dd9e21a44445908e94ee2a4435932a9dae0e0740b6349b3
+  rubocop-rake (0.6.0) sha256=56b6f22189af4b33d4f4e490a555c09f1281b02f4d48c3a61f6e8fe5f401d8db
+  ruby-progressbar (1.13.0) sha256=80fc9c47a9b640d6834e0dc7b3c94c9df37f08cb072b7761e4a71e22cff29b33
+  ruby2_keywords (0.0.5) sha256=ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef
+  securerandom (0.3.1) sha256=98f0450c0ea46d2f9a4b6db4f391dbd83dc08049592eada155739f40e0341bde
+  sigstore (0.1.0)
+  simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5
+  simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b
+  simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428
+  steep (1.6.0) sha256=936072aee56f5e1c4f9a78a75a836c09a49b5f4befd665c2fced05eabdb63e7a
+  strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555
+  strscan (3.1.0-java) sha256=8645aa76e017e21764c6df572d2d79fcc1672284014f5bdbd806278cdbcd11b0
+  terminal-table (3.0.2) sha256=f951b6af5f3e00203fb290a669e0a85c5dd5b051b3b023392ccfd67ba5abae91
+  test-unit (3.6.2) sha256=3ce480c23990ca504a3f0d6619be2a560e21326cefd1b86d0f9433c387f26039
+  timecop (0.9.8) sha256=89996da54eafb25c007d309099ae18a1cb1c6a59fe42f7f1ab4148e21e98f563
+  tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b
+  unicode-display_width (2.5.0) sha256=7e7681dcade1add70cb9fda20dd77f300b8587c81ebbd165d14fd93144ff0ab4
+  vcr (6.2.0) sha256=f960a9a08f904f3577ba212de771171b7e934a319478aa397636daabfcf9490a
+  webmock (3.23.0) sha256=100787435c1f556129a238c11cc7cbee38cb9c2864709c6a0dcdcf822545f31f
+
 BUNDLED WITH
    2.5.6
diff --git a/lib/rubygems/commands/sigstore_verify_command.rb b/lib/rubygems/commands/sigstore_verify_command.rb
index 8d4c2d6..4f1e557 100644
--- a/lib/rubygems/commands/sigstore_verify_command.rb
+++ b/lib/rubygems/commands/sigstore_verify_command.rb
@@ -135,7 +135,7 @@ def collect_verification_state
           materials = File.open(file, "rb") do |input|
             if inputs[:bundle]
               bundle_bytes = Gem.read_binary(inputs[:bundle])
-              bundle = Sigstore::Bundle::V1::Bundle.decode_json(bundle_bytes)
+              bundle = Sigstore::Bundle::V1::Bundle.decode_json(bundle_bytes, registry: Sigstore::REGISTRY)
 
               Sigstore::VerificationMaterials.from_bundle(input: input, bundle: bundle,
                                                           offline: options[:offline])
diff --git a/lib/sigstore/trusted_root.rb b/lib/sigstore/trusted_root.rb
index e3c4611..eac1c9d 100644
--- a/lib/sigstore/trusted_root.rb
+++ b/lib/sigstore/trusted_root.rb
@@ -2,13 +2,16 @@
 
 require "delegate"
 require "json"
-require "sigstore_protobuf_specs"
-require "google/protobuf/well_known_types"
+require "protobug_sigstore_protos"
 require "openssl"
 
 require_relative "tuf"
 
 module Sigstore
+  REGISTRY = Protobug::Registry.new do |registry|
+    Sigstore::TrustRoot::V1.register_sigstore_trustroot_protos(registry)
+    Sigstore::Bundle::V1.register_sigstore_bundle_protos(registry)
+  end
   class TrustedRoot < DelegateClass(Sigstore::TrustRoot::V1::TrustedRoot)
     def self.production(offline: false)
       from_tuf(TUF::DEFAULT_TUF_URL, offline)
@@ -21,7 +24,7 @@ def self.from_tuf(url, offline)
 
     def self.from_file(path)
       contents = Gem.read_binary(path)
-      new Sigstore::TrustRoot::V1::TrustedRoot.decode_json(contents)
+      new Sigstore::TrustRoot::V1::TrustedRoot.decode_json(contents, registry: REGISTRY)
     end
 
     def rekor_keys
diff --git a/sigstore-cosign-verify.gemspec b/sigstore-cosign-verify.gemspec
index dbdc348..9d5408a 100644
--- a/sigstore-cosign-verify.gemspec
+++ b/sigstore-cosign-verify.gemspec
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency "sigstore_protobuf_specs", "~> 0.3.0" # TODO: DELETE
+  spec.add_runtime_dependency "protobug_sigstore_protos", "~> 0.1.0"
 
   spec.metadata["rubygems_mfa_required"] = "true"
 end
diff --git a/test/sigstore/models_test.rb b/test/sigstore/models_test.rb
index 8019e65..ab99fa0 100644
--- a/test/sigstore/models_test.rb
+++ b/test/sigstore/models_test.rb
@@ -2,12 +2,12 @@
 
 require "test_helper"
 require "sigstore/models"
-require "sigstore_protobuf_specs"
+require "sigstore/trusted_root"
 
 class Sigstore::VerificationMaterialsTest < Test::Unit::TestCase
   def test_verification_materials_from_bundle
     json = File.read("test/sigstore-conformance/test/assets/a.txt.good.sigstore")
-    bundle = Sigstore::Bundle::V1::Bundle.decode_json(json)
+    bundle = Sigstore::Bundle::V1::Bundle.decode_json(json, registry: Sigstore::REGISTRY)
     materials = File.open("test/sigstore-conformance/test/assets/a.txt.good.sigstore", "rb") do |file|
       Sigstore::VerificationMaterials.from_bundle(
         input: file,