Skip to content

Commit

Permalink
Updated timestamp options:
Browse files Browse the repository at this point in the history 
default is to only require one observer of any kind.
added missing  options to the ArtifactVerificationOptions

Signed-off-by: Fredrik Skogman <[email protected]>
  • Loading branch information
@kommendorkapten
kommendorkapten committed Jan 8, 2024
1 parent c32e368 commit f6af7d3
Show file tree
Hide file tree
Showing 9 changed files with 299 additions and 142 deletions.
35 changes: 30 additions & 5 deletions gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"tlogOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions",
"additionalProperties": false,
"description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true"
"description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false"
},
"ctlogOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions",
Expand All @@ -26,12 +26,17 @@
"tsaOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions",
"additionalProperties": false,
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false"
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"integratedTsOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions",
"additionalProperties": false,
"description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"observerOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions",
"additionalProperties": false,
"description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
"description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
}
},
"additionalProperties": false,
Expand Down Expand Up @@ -62,6 +67,11 @@
"tsa_options"
]
},
{
"required": [
"integrated_ts_options"
]
},
{
"required": [
"observer_options"
Expand Down Expand Up @@ -226,11 +236,11 @@
"properties": {
"threshold": {
"type": "integer",
"description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
"description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future."
},
"disable": {
"type": "boolean",
"description": "Disable signed timestamp verification."
"description": "Disable observer timestamp verification."
}
},
"additionalProperties": false,
Expand All @@ -252,6 +262,21 @@
"type": "object",
"title": "Timestamp Authority Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of integrated timestamps that are expected."
},
"disable": {
"type": "boolean",
"description": "Disable integrated timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Tlog Integrated Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": {
"properties": {
"threshold": {
Expand Down
35 changes: 30 additions & 5 deletions gen/jsonschema/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,7 @@
"tlogOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions",
"additionalProperties": false,
"description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false Verify SET Timestamps: true"
"description": "Optional options for artifact transparency log verification. If none is provided, the default verification options are: Threshold: 1 Online verification: false Disable: false"
},
"ctlogOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.CtlogOptions",
Expand All @@ -662,12 +662,17 @@
"tsaOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TimestampAuthorityOptions",
"additionalProperties": false,
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 1 Disable: false"
"description": "Optional options for certificate signed timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"integratedTsOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions",
"additionalProperties": false,
"description": "Optional options for integrated timestamp verification. If none is provided, the default verification options are: Threshold: 0 Disable: true"
},
"observerOptions": {
"$ref": "#/definitions/dev.sigstore.verification.v1.ArtifactVerificationOptions.ObserverTimestampOptions",
"additionalProperties": false,
"description": "Optional options for timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
"description": "Optional options for observed timestamp verification. If none is provided, the default verification options are: Threshold 1 Disable: false"
}
},
"additionalProperties": false,
Expand Down Expand Up @@ -698,6 +703,11 @@
"tsa_options"
]
},
{
"required": [
"integrated_ts_options"
]
},
{
"required": [
"observer_options"
Expand Down Expand Up @@ -726,11 +736,11 @@
"properties": {
"threshold": {
"type": "integer",
"description": "The number of external ovservers of the timestamp, this is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log"
"description": "The number of external observers of the timestamp. This is a union of RFC3161 signed timestamps, and integrated timestamps from a transparency log, that could include additional timestamp sources in the future."
},
"disable": {
"type": "boolean",
"description": "Disable signed timestamp verification."
"description": "Disable observer timestamp verification."
}
},
"additionalProperties": false,
Expand All @@ -752,6 +762,21 @@
"type": "object",
"title": "Timestamp Authority Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogIntegratedTimestampOptions": {
"properties": {
"threshold": {
"type": "integer",
"description": "The number of integrated timestamps that are expected."
},
"disable": {
"type": "boolean",
"description": "Disable integrated timestamp verification."
}
},
"additionalProperties": false,
"type": "object",
"title": "Tlog Integrated Timestamp Options"
},
"dev.sigstore.verification.v1.ArtifactVerificationOptions.TlogOptions": {
"properties": {
"threshold": {
Expand Down
Loading

0 comments on commit f6af7d3

Please sign in to comment.