Document required client changes for Rekor v2#255
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #255 +/- ##
==========================================
- Coverage 38.25% 38.00% -0.26%
==========================================
Files 40 41 +1
Lines 2883 2963 +80
==========================================
+ Hits 1103 1126 +23
- Misses 1676 1731 +55
- Partials 104 106 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Hayden-IO
force-pushed
the
clients
branch
2 times, most recently
from
2533e17 to
3513369
Compare
|
Proposing we change how clients find the correct tlog to use to verify a proof, in sigstore/protobuf-specs#629. Will wait for reviews before updating this doc. Edit: Added |
There was a problem hiding this comment.
I think the one case where I'm not confident is where the v2 rekor instance is added to signing config:
- before any clients are updated this is straight forward: clients keep signing with v1, nothing breaks
- when client A is upgraded to support v2, the docs seem to imply that it should then only use the v2 instance when the signingconfig includes one (correct?)
- this leads to a client incompatibility if other clients are not able to verify rekor v2 at this point yet
Basically we may need to confirm verification support across the ecosystem before we make signingconfig changes where a rekor v2 instance is enabled
cc @loosebazooka for something to discuss at the client meeting This is a consequence of making a TLE v2 struct unfortunately, though even if we didn't, not all clients support signed timestamps so a TLE without an integrated timestamp wouldn't be verifiable anyways - there would have been incompatibility regardless. There will be a period in which some clients (-ruby and -js) will not be able to verify bundles produced by other clients. I'd like to chat more with GitHub to understand how much cross-compatibility we need between -js and -go for artifact attestations, if any is actually needed. |
Hayden-IO
force-pushed
the
clients
branch
2 times, most recently
from
ced505e to
97c042e
Compare
|
This would be a good place to include the details of what changes in the log entry "canonical_body", and how clients need to handle it -- I'm not sure what exactly is needed but I'm leaving this as reminder based on sigstore/protobuf-specs#632 (comment) |
|
Note to self: Split into changes for signingconfig, trustroot, and bundle. Add KindVersion and log ID (which is not hex-encoded, unlike rekor v1). Specify how clients should read InclusionProof, ignoring the index (which is always the same as the bundle index) and reading tree size and root hash from the checkpoint. Edit: Done |
Hayden-IO
force-pushed
the
clients
branch
2 times, most recently
from
c529002 to
d60f14c
Compare
|
Thanks everyone for comments! I've addressed all comments now. The primary changes are adding a section on entry parsing, some details about bundle-related changes, more info about log instance lookup in the trusted root, and a section on testing against a real instance using |
jku
left a comment
jku
left a comment
There was a problem hiding this comment.
This looks great, no notes from me after reading through it twice. Thanks for polishing.
Fixes sigstore#108 Signed-off-by: Hayden B <8418760+haydentherapper@users.noreply.github.com>
|
Merging now, will update based on API changes in a follow up. |
5 participants
Fixes #108
Summary
Release Note
Documentation