Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove double encoding of payload and signature fields for intoto v0.0.2 #1150

Merged
merged 1 commit into from
Oct 25, 2022
Merged

remove double encoding of payload and signature fields for intoto v0.0.2 #1150

merged 1 commit into from
Oct 25, 2022

Conversation

bobcallaway
Copy link
Member

The intoto v0.0.2 type was defined with a hint to the code generation tool used in rekor-cli & rekor-server that indicated that these strings were base64 encoded (this caused the code generated to handle encoding and decoding to/from []byte slices). However, CreateArtifactFromProps unnecessarily double encoded uploads to Rekor (that originated from rekor-cli or any caller of CreateArtifactFromProps).

This patch removes that hint to the code generation tool, leaving the field to be handled internally as a string rather than strfmt.Base64, while still supporting either single or double encoded entries to provide backwards compatibility for released clients.

Fixes: #1139

Signed-off-by: Bob Callaway bcallaway@google.com

@bobcallaway
remove double encoding of payload and signature fields for intoto
12ae92b 
Signed-off-by: Bob Callaway <bcallaway@google.com>
@bobcallaway bobcallaway requested a review from a team as a code owner October 25, 2022 14:03
@bobcallaway bobcallaway merged commit a383edc into sigstore:main Oct 25, 2022
@github-actions github-actions bot added this to the v1.1.0 milestone Oct 25, 2022
bobcallaway added a commit that referenced this pull request Oct 31, 2022
@bobcallaway
Revert "remove double encoding of payload and signature fields for in…
b424212 
…toto (#1150)"

This reverts commit a383edc.
@bobcallaway bobcallaway mentioned this pull request Oct 31, 2022
Merged
bobcallaway added a commit that referenced this pull request Oct 31, 2022
@bobcallaway
Revert "remove double encoding of payload and signature fields for in…
9adeacf 
…toto (#1150)" (#1158)

This reverts commit a383edc.
@bobcallaway bobcallaway mentioned this pull request Nov 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asraa asraa asraa approved these changes

@priyawadhwa priyawadhwa priyawadhwa approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging this pull request may close these issues.

Signatures in DSSE envelopes for intoto/v0.0.2 are double encoded
3 participants
@bobcallaway @asraa @priyawadhwa