From 74061f913d6aa89472163b5b8fcf8d69eab16e6f Mon Sep 17 00:00:00 2001
From: Fredrik Skogman <kommendorkapten@github.com>
Date: Thu, 22 Aug 2024 09:54:25 +0200
Subject: [PATCH] added version to the signing config message.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
---
 .../schemas/ClientTrustConfig.schema.json     |   4 ++++
 .../schemas/SigningConfig.schema.json         |   4 ++++
 .../trustroot/v1/sigstore_trustroot.pb.go     |  15 +++++++++++++--
 .../dev/sigstore/trustroot/v1/__init__.py     |   3 +++
 gen/pb-ruby/lib/sigstore_trustroot_pb.rb      |   1 +
 .../generated/dev.sigstore.trustroot.v1.rs    |   3 +++
 .../src/generated/file_descriptor_set.bin     | Bin 118553 -> 118708 bytes
 .../src/__generated__/sigstore_trustroot.ts   |   6 +++++-
 protos/sigstore_trustroot.proto               |   3 +++
 9 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/gen/jsonschema/schemas/ClientTrustConfig.schema.json b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
index 24367583..f3397097 100644
--- a/gen/jsonschema/schemas/ClientTrustConfig.schema.json
+++ b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
@@ -188,6 +188,10 @@
         },
         "dev.sigstore.trustroot.v1.SigningConfig": {
             "properties": {
+                "mediaType": {
+                    "type": "string",
+                    "description": "MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json"
+                },
                 "caUrl": {
                     "type": "string",
                     "description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
diff --git a/gen/jsonschema/schemas/SigningConfig.schema.json b/gen/jsonschema/schemas/SigningConfig.schema.json
index 71d7723b..74c12fea 100644
--- a/gen/jsonschema/schemas/SigningConfig.schema.json
+++ b/gen/jsonschema/schemas/SigningConfig.schema.json
@@ -4,6 +4,10 @@
     "definitions": {
         "SigningConfig": {
             "properties": {
+                "mediaType": {
+                    "type": "string",
+                    "description": "MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json"
+                },
                 "caUrl": {
                     "type": "string",
                     "description": "A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing Requests (CSRs) and responding with issued certificates. This URL **MUST** be the \"base\" URL for the CA, which clients should construct an appropriate CSR endpoint on top of. For example, if `ca_url` is `https://example.com/ca`, then the client **MAY** construct the CSR endpoint as `https://example.com/ca/api/v2/signingCert`."
diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
index c8e00755..e86dfed4 100644
--- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
+++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
@@ -369,6 +369,8 @@ type SigningConfig struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
+	// MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json
+	MediaType string `protobuf:"bytes,5,opt,name=media_type,json=mediaType,proto3" json:"media_type,omitempty"`
 	// A URL to a Fulcio-compatible CA, capable of receiving
 	// Certificate Signing Requests (CSRs) and responding with
 	// issued certificates.
@@ -429,6 +431,13 @@ func (*SigningConfig) Descriptor() ([]byte, []int) {
 	return file_sigstore_trustroot_proto_rawDescGZIP(), []int{3}
 }
 
+func (x *SigningConfig) GetMediaType() string {
+	if x != nil {
+		return x.MediaType
+	}
+	return ""
+}
+
 func (x *SigningConfig) GetCaUrl() string {
 	if x != nil {
 		return x.CaUrl
@@ -597,8 +606,10 @@ var file_sigstore_trustroot_proto_rawDesc = []byte{
 	0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72,
 	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
 	0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68,
-	0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x79, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69,
-	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x75,
+	0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x98, 0x01, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e,
+	0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64,
+	0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d,
+	0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x75,
 	0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x61, 0x55, 0x72, 0x6c, 0x12,
 	0x19, 0x0a, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x09, 0x52, 0x07, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c,
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
index e50f2cfd..00f73142 100644
--- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
+++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
@@ -159,6 +159,9 @@ class SigningConfig(betterproto.Message):
     signer may need to connect to for the online aspects of signing.
     """
 
+    media_type: str = betterproto.string_field(5)
+    """MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json"""
+
     ca_url: str = betterproto.string_field(1)
     """
     A URL to a Fulcio-compatible CA, capable of receiving Certificate Signing
diff --git a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
index 19c93e2e..f4be94fe 100644
--- a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
+++ b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
@@ -29,6 +29,7 @@
       repeated :timestamp_authorities, :message, 5, "dev.sigstore.trustroot.v1.CertificateAuthority"
     end
     add_message "dev.sigstore.trustroot.v1.SigningConfig" do
+      optional :media_type, :string, 5
       optional :ca_url, :string, 1
       optional :oidc_url, :string, 2
       repeated :tlog_urls, :string, 3
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
index 42d7f77f..4aee83ac 100644
--- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
+++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
@@ -170,6 +170,9 @@ pub struct TrustedRoot {
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct SigningConfig {
+    /// MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json
+    #[prost(string, tag = "5")]
+    pub media_type: ::prost::alloc::string::String,
     /// A URL to a Fulcio-compatible CA, capable of receiving
     /// Certificate Signing Requests (CSRs) and responding with
     /// issued certificates.
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
index 66e9233bca24e1218e9c397aeef337c2fc860372..1585c0a08280846cd917afbb1201d18061561a84 100644
GIT binary patch
delta 695
zcmYL`&ubGw6vy+OoivjN?bfJuQ>{d8Yeg)zco9MT0isyNM!kqoL~Dp(s#FT47oi6a
z{sE&PicxgaNDi8~LJ6*HPvXUYKm_q%@ox~{%<hugeCNH-=P_@dKF_sZ<Q}$hZB_g$
z2iI3|R!%(u^<S=5YSmih^g``+wNe-%x;uZXdSmXv^1XR4Tf#)XoVPbu_#$XO!gu7G
zXDC<54rDfh`z2fz!LP^Y^YBq`zQP}OhNN^vrXV%c?&0HlZUy7Bi}8?~cF5$?)a2oV
zcNQ0FME#UC-C5f{kVcs37SrgMxNC&g9P8$4J^1k&KBmE79V!K3N^rL)AQ-H}E7BKO
zP!y!EKfS@{X~CS|;{<a)+#LxgnDa5blfK0q$Chrq#n+RL<RjEz(&(_Jg)J%Pu%-oX
zPg*q`M#t!HtYNmJ+dei=NptLJBx^c7jbu#+UMbN?)^xCMls<q2lYQ&RZ0Mg2ym!~3
zigbzJCe6aT`sEtRhq~#z_>xWCbdem{)HRDdY7s7my41w6iy_ojJ536+!Vufy;T#zW
z&2aNk9F>V<7if@_jn5Ph4lzDM=d6=g9O*_A=TAgX@jpmm)*E3cm6-KL*gugt1v?`g
Rm`$8QS!Wa+d57P7{{z||c&q>b

delta 578
zcmYL`PfJ@t6vcC9CT6@PCXHH?YQg{3g{8QYy0A7bO0BIGH+}#^Hj!=$p&KC!H{B0{
z=%x>?PeGo-laz-qTM?wtZ&12u>4)f@_lNA}%$f7M+%s24x&6c3?iIFL^4B_<=jW*S
zpIUgPicQLI)N74;qxNd2v0bnEKlkthy%#H#D`opK9slDfHia+0pr?#WLtpXd!Koyr
zq{x)ik>7N1g859A&(M98r>u2gWnnOt(#mp$I*5YoI%eY-H}l|})6Ky;C=4YzaL&Qw
zVY-WRqNH3?J;Ciuq4)@0OdblxxOkZ61Y=y3$5NLuE+(hwUyNbtnRnmtcUdyV>tZBh
zye>vE#zT2D!AP6K#3WsUgi@uRYh*g+^C`T-HFSmE^KQzP(l(1OKFqb#z4($zZ4@dI
zi6xWT7<obqQH0IFe0T9;Er9M%-q<Pv48+5guvG+hxGk8awsPt%6-h_(K=a@L)2sA4
vVscfXsh;7@QV1RYgA%rv5RX!bU}lJ!rwLOqGsNtA!W24UhW`B-evkhLG#*|~

diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
index ef6e96b4..09738bd0 100644
--- a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
+++ b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
@@ -167,6 +167,8 @@ export interface TrustedRoot {
  * signer may need to connect to for the online aspects of signing.
  */
 export interface SigningConfig {
+  /** MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json */
+  mediaType: string;
   /**
    * A URL to a Fulcio-compatible CA, capable of receiving
    * Certificate Signing Requests (CSRs) and responding with
@@ -327,12 +329,13 @@ export const TrustedRoot = {
 };
 
 function createBaseSigningConfig(): SigningConfig {
-  return { caUrl: "", oidcUrl: "", tlogUrls: [], tsaUrls: [] };
+  return { mediaType: "", caUrl: "", oidcUrl: "", tlogUrls: [], tsaUrls: [] };
 }
 
 export const SigningConfig = {
   fromJSON(object: any): SigningConfig {
     return {
+      mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
       caUrl: isSet(object.caUrl) ? String(object.caUrl) : "",
       oidcUrl: isSet(object.oidcUrl) ? String(object.oidcUrl) : "",
       tlogUrls: Array.isArray(object?.tlogUrls) ? object.tlogUrls.map((e: any) => String(e)) : [],
@@ -342,6 +345,7 @@ export const SigningConfig = {
 
   toJSON(message: SigningConfig): unknown {
     const obj: any = {};
+    message.mediaType !== undefined && (obj.mediaType = message.mediaType);
     message.caUrl !== undefined && (obj.caUrl = message.caUrl);
     message.oidcUrl !== undefined && (obj.oidcUrl = message.oidcUrl);
     if (message.tlogUrls) {
diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto
index 32c07a91..9adaf604 100644
--- a/protos/sigstore_trustroot.proto
+++ b/protos/sigstore_trustroot.proto
@@ -148,6 +148,9 @@ message TrustedRoot {
 // signing. In particular, it primarily contains service URLs that a Sigstore
 // signer may need to connect to for the online aspects of signing.
 message SigningConfig {
+        // MUST be application/vnd.dev.sigstore.signingconfig.v0.1+json
+        string media_type = 5;
+
         // A URL to a Fulcio-compatible CA, capable of receiving
         // Certificate Signing Requests (CSRs) and responding with
         // issued certificates.