deps: sigstore@1.4.0

npm · May 3, 2023 · abdca39 · abdca39
1 parent 16f68fb
commit abdca39
Show file tree

Hide file tree

Showing 9 changed files with 70 additions and 22 deletions.
diff --git a/node_modules/sigstore/dist/ca/index.js b/node_modules/sigstore/dist/ca/index.js
@@ -15,7 +15,11 @@ class CAClient {
             return certificate.signedCertificateEmbeddedSct.chain.certificates;
         }
         catch (err) {
-            throw new error_1.InternalError('error creating signing certificate', err);
+            throw new error_1.InternalError({
+                code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR',
+                message: 'error creating signing certificate',
+                cause: err,
+            });
         }
     }
 }

diff --git a/node_modules/sigstore/dist/cli/index.js b/node_modules/sigstore/dist/cli/index.js
@@ -62,6 +62,19 @@ function printUsage() {
   sigstore help         print help information
   `);
 }
+function printRekorEntry(bundle, options) {
+    let url;
+    if (options.rekorURL === index_1.sigstore.DEFAULT_REKOR_URL) {
+        url = `https://search.sigstore.dev`;
+    }
+    else {
+        url = `${options.rekorURL}/api/v1/log/entries`;
+    }
+    const logIndex = bundle.verificationMaterial?.tlogEntries[0].logIndex;
+    console.error(`Created entry at index ${logIndex}, available at`);
+    console.error(`${url}?logIndex=${logIndex}`);
+}
+// TODO: Allow customing these options
 const signOptions = {
     oidcClientID: 'sigstore',
     oidcIssuer: 'https://oauth2.sigstore.dev/auth',
@@ -71,15 +84,13 @@ const signOptions = {
 async function sign(artifactPath) {
     const buffer = fs_1.default.readFileSync(artifactPath);
     const bundle = await index_1.sigstore.sign(buffer, signOptions);
-    const url = `${signOptions.rekorURL}/api/v1/log/entries`;
-    const logIndex = bundle.verificationMaterial?.tlogEntries[0].logIndex;
-    console.error(`Created entry at index ${logIndex}, available at`);
-    console.error(`${url}?logIndex=${logIndex}`);
+    printRekorEntry(bundle, signOptions);
     console.log(JSON.stringify(bundle));
 }
 async function attest(artifactPath, payloadType = INTOTO_PAYLOAD_TYPE) {
     const buffer = fs_1.default.readFileSync(artifactPath);
     const bundle = await index_1.sigstore.attest(buffer, payloadType, signOptions);
+    printRekorEntry(bundle, signOptions);
     console.log(JSON.stringify(bundle));
 }
 async function verify(bundlePath, artifactPath) {

diff --git a/node_modules/sigstore/dist/error.js b/node_modules/sigstore/dist/error.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PolicyError = exports.InternalError = exports.ValidationError = exports.VerificationError = void 0;
+exports.InternalError = exports.PolicyError = exports.ValidationError = exports.VerificationError = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -30,9 +30,13 @@ exports.VerificationError = VerificationError;
 class ValidationError extends BaseError {
 }
 exports.ValidationError = ValidationError;
-class InternalError extends BaseError {
-}
-exports.InternalError = InternalError;
 class PolicyError extends BaseError {
 }
 exports.PolicyError = PolicyError;
+class InternalError extends BaseError {
+    constructor({ code, message, cause, }) {
+        super(message, cause);
+        this.code = code;
+    }
+}
+exports.InternalError = InternalError;
diff --git a/node_modules/sigstore/dist/sigstore.js b/node_modules/sigstore/dist/sigstore.js
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.verify = exports.attest = exports.sign = void 0;
+exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.VerificationError = exports.ValidationError = exports.PolicyError = exports.InternalError = exports.verify = exports.attest = exports.sign = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -92,6 +92,11 @@ const tufUtils = {
     },
 };
 exports.tuf = tufUtils;
+var error_1 = require("./error");
+Object.defineProperty(exports, "InternalError", { enumerable: true, get: function () { return error_1.InternalError; } });
+Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return error_1.PolicyError; } });
+Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return error_1.ValidationError; } });
+Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return error_1.VerificationError; } });
 exports.utils = __importStar(require("./sigstore-utils"));
 exports.DEFAULT_FULCIO_URL = config.DEFAULT_FULCIO_URL;
 exports.DEFAULT_REKOR_URL = config.DEFAULT_REKOR_URL;
diff --git a/node_modules/sigstore/dist/tlog/index.js b/node_modules/sigstore/dist/tlog/index.js
@@ -48,11 +48,19 @@ class TLogClient {
                     entry = await this.rekor.getEntry(uuid);
                 }
                 catch (err) {
-                    throw new error_1.InternalError('error fetching tlog entry', err);
+                    throw new error_1.InternalError({
+                        code: 'TLOG_FETCH_ENTRY_ERROR',
+                        message: 'error fetching tlog entry',
+                        cause: err,
+                    });
                 }
             }
             else {
-                throw new error_1.InternalError('error creating tlog entry', err);
+                throw new error_1.InternalError({
+                    code: 'TLOG_CREATE_ENTRY_ERROR',
+                    message: 'error creating tlog entry',
+                    cause: err,
+                });
             }
         }
         return entry;

diff --git a/node_modules/sigstore/dist/tuf/target.js b/node_modules/sigstore/dist/tuf/target.js
@@ -27,7 +27,11 @@ async function readTarget(tuf, targetPath) {
     return new Promise((resolve, reject) => {
         fs_1.default.readFile(path, 'utf-8', (err, data) => {
             if (err) {
-                reject(new error_1.InternalError(`error reading target: ${err}`));
+                reject(new error_1.InternalError({
+                    code: 'TUF_READ_TARGET_ERROR',
+                    message: `error reading target ${path}`,
+                    cause: err,
+                }));
             }
             else {
                 resolve(data);
@@ -45,10 +49,17 @@ async function getTargetPath(tuf, target) {
         targetInfo = await tuf.refresh().then(() => tuf.getTargetInfo(target));
     }
     catch (err) {
-        throw new error_1.InternalError(`error refreshing TUF metadata: ${err}`);
+        throw new error_1.InternalError({
+            code: 'TUF_REFRESH_METADATA_ERROR',
+            message: 'error refreshing TUF metadata',
+            cause: err,
+        });
     }
     if (!targetInfo) {
-        throw new error_1.InternalError(`target ${target} not found`);
+        throw new error_1.InternalError({
+            code: 'TUF_FIND_TARGET_ERROR',
+            message: `target ${target} not found`,
+        });
     }
     let path = await tuf.findCachedTarget(targetInfo);
     // An empty path here means the target has not been cached locally, or is
@@ -58,7 +69,11 @@ async function getTargetPath(tuf, target) {
             path = await tuf.downloadTarget(targetInfo);
         }
         catch (err) {
-            throw new error_1.InternalError(`error downloading target: ${err}`);
+            throw new error_1.InternalError({
+                code: 'TUF_DOWNLOAD_TARGET_ERROR',
+                message: `error downloading target ${path}`,
+                cause: err,
+            });
         }
     }
     return path;

diff --git a/node_modules/sigstore/package.json b/node_modules/sigstore/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sigstore",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -37,6 +37,7 @@
   "homepage": "https://github.com/sigstore/sigstore-js#readme",
   "devDependencies": {
     "@changesets/cli": "^2.26.0",
+    "@total-typescript/shoehorn": "^0.1.0",
     "@tsconfig/node14": "^1.0.3",
     "@tufjs/repo-mock": "^1.1.0",
     "@types/jest": "^29.4.0",

diff --git a/package-lock.json b/package-lock.json
@@ -11536,9 +11536,9 @@
       "inBundle": true
     },
     "node_modules/sigstore": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-1.3.0.tgz",
-      "integrity": "sha512-dhdv+jOAi1RgLHw13lxumk3rlgZtumUz9QrCNPTx9MazUnUV3BfAb74oYAMPQQ7uaeogB5vTosbz3POzKbEHUQ==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-1.4.0.tgz",
+      "integrity": "sha512-N7TRpSbFjY/TrFDg6yGAQSYBrQ5s6qmPiq4pD6fkv1LoyfMsLG0NwZWG2s5q+uttLHgyVyTa0Rogx2P78rN8kQ==",
       "inBundle": true,
       "dependencies": {
         "@sigstore/protobuf-specs": "^0.1.0",
@@ -15669,7 +15669,7 @@
         "npm-registry-fetch": "^14.0.3",
         "proc-log": "^3.0.0",
         "semver": "^7.3.7",
-        "sigstore": "^1.3.0",
+        "sigstore": "^1.4.0",
         "ssri": "^10.0.1"
       },
       "devDependencies": {

diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json
@@ -44,7 +44,7 @@
     "npm-registry-fetch": "^14.0.3",
     "proc-log": "^3.0.0",
     "semver": "^7.3.7",
-    "sigstore": "^1.0.0",
+    "sigstore": "^1.4.0",
     "ssri": "^10.0.1"
   },
   "engines": {