diff --git a/node_modules/sigstore/dist/ca/index.js b/node_modules/sigstore/dist/ca/index.js index 0345b31720148..7e0f9e0c5c4c0 100644 --- a/node_modules/sigstore/dist/ca/index.js +++ b/node_modules/sigstore/dist/ca/index.js @@ -15,7 +15,11 @@ class CAClient { return certificate.signedCertificateEmbeddedSct.chain.certificates; } catch (err) { - throw new error_1.InternalError('error creating signing certificate', err); + throw new error_1.InternalError({ + code: 'CA_CREATE_SIGNING_CERTIFICATE_ERROR', + message: 'error creating signing certificate', + cause: err, + }); } } } diff --git a/node_modules/sigstore/dist/cli/index.js b/node_modules/sigstore/dist/cli/index.js index d7d6c76d73f6a..6015cd9df74ea 100644 --- a/node_modules/sigstore/dist/cli/index.js +++ b/node_modules/sigstore/dist/cli/index.js @@ -62,6 +62,19 @@ function printUsage() { sigstore help print help information `); } +function printRekorEntry(bundle, options) { + let url; + if (options.rekorURL === index_1.sigstore.DEFAULT_REKOR_URL) { + url = `https://search.sigstore.dev`; + } + else { + url = `${options.rekorURL}/api/v1/log/entries`; + } + const logIndex = bundle.verificationMaterial?.tlogEntries[0].logIndex; + console.error(`Created entry at index ${logIndex}, available at`); + console.error(`${url}?logIndex=${logIndex}`); +} +// TODO: Allow customing these options const signOptions = { oidcClientID: 'sigstore', oidcIssuer: 'https://oauth2.sigstore.dev/auth', @@ -71,15 +84,13 @@ const signOptions = { async function sign(artifactPath) { const buffer = fs_1.default.readFileSync(artifactPath); const bundle = await index_1.sigstore.sign(buffer, signOptions); - const url = `${signOptions.rekorURL}/api/v1/log/entries`; - const logIndex = bundle.verificationMaterial?.tlogEntries[0].logIndex; - console.error(`Created entry at index ${logIndex}, available at`); - console.error(`${url}?logIndex=${logIndex}`); + printRekorEntry(bundle, signOptions); console.log(JSON.stringify(bundle)); } async function attest(artifactPath, payloadType = INTOTO_PAYLOAD_TYPE) { const buffer = fs_1.default.readFileSync(artifactPath); const bundle = await index_1.sigstore.attest(buffer, payloadType, signOptions); + printRekorEntry(bundle, signOptions); console.log(JSON.stringify(bundle)); } async function verify(bundlePath, artifactPath) { diff --git a/node_modules/sigstore/dist/error.js b/node_modules/sigstore/dist/error.js index e302d3aee6ad5..cee15dff90b61 100644 --- a/node_modules/sigstore/dist/error.js +++ b/node_modules/sigstore/dist/error.js @@ -1,6 +1,6 @@ "use strict"; Object.defineProperty(exports, "__esModule", { value: true }); -exports.PolicyError = exports.InternalError = exports.ValidationError = exports.VerificationError = void 0; +exports.InternalError = exports.PolicyError = exports.ValidationError = exports.VerificationError = void 0; /* Copyright 2023 The Sigstore Authors. @@ -30,9 +30,13 @@ exports.VerificationError = VerificationError; class ValidationError extends BaseError { } exports.ValidationError = ValidationError; -class InternalError extends BaseError { -} -exports.InternalError = InternalError; class PolicyError extends BaseError { } exports.PolicyError = PolicyError; +class InternalError extends BaseError { + constructor({ code, message, cause, }) { + super(message, cause); + this.code = code; + } +} +exports.InternalError = InternalError; diff --git a/node_modules/sigstore/dist/sigstore.js b/node_modules/sigstore/dist/sigstore.js index e465f412e6374..f45270217b017 100644 --- a/node_modules/sigstore/dist/sigstore.js +++ b/node_modules/sigstore/dist/sigstore.js @@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) { return result; }; Object.defineProperty(exports, "__esModule", { value: true }); -exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.verify = exports.attest = exports.sign = void 0; +exports.DEFAULT_REKOR_URL = exports.DEFAULT_FULCIO_URL = exports.tuf = exports.utils = exports.VerificationError = exports.ValidationError = exports.PolicyError = exports.InternalError = exports.verify = exports.attest = exports.sign = void 0; /* Copyright 2023 The Sigstore Authors. @@ -92,6 +92,11 @@ const tufUtils = { }, }; exports.tuf = tufUtils; +var error_1 = require("./error"); +Object.defineProperty(exports, "InternalError", { enumerable: true, get: function () { return error_1.InternalError; } }); +Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return error_1.PolicyError; } }); +Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return error_1.ValidationError; } }); +Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return error_1.VerificationError; } }); exports.utils = __importStar(require("./sigstore-utils")); exports.DEFAULT_FULCIO_URL = config.DEFAULT_FULCIO_URL; exports.DEFAULT_REKOR_URL = config.DEFAULT_REKOR_URL; diff --git a/node_modules/sigstore/dist/tlog/index.js b/node_modules/sigstore/dist/tlog/index.js index 062b3b155702b..4193e55752ff0 100644 --- a/node_modules/sigstore/dist/tlog/index.js +++ b/node_modules/sigstore/dist/tlog/index.js @@ -48,11 +48,19 @@ class TLogClient { entry = await this.rekor.getEntry(uuid); } catch (err) { - throw new error_1.InternalError('error fetching tlog entry', err); + throw new error_1.InternalError({ + code: 'TLOG_FETCH_ENTRY_ERROR', + message: 'error fetching tlog entry', + cause: err, + }); } } else { - throw new error_1.InternalError('error creating tlog entry', err); + throw new error_1.InternalError({ + code: 'TLOG_CREATE_ENTRY_ERROR', + message: 'error creating tlog entry', + cause: err, + }); } } return entry; diff --git a/node_modules/sigstore/dist/tuf/target.js b/node_modules/sigstore/dist/tuf/target.js index d3625abe59d72..b79411c3dd0a4 100644 --- a/node_modules/sigstore/dist/tuf/target.js +++ b/node_modules/sigstore/dist/tuf/target.js @@ -27,7 +27,11 @@ async function readTarget(tuf, targetPath) { return new Promise((resolve, reject) => { fs_1.default.readFile(path, 'utf-8', (err, data) => { if (err) { - reject(new error_1.InternalError(`error reading target: ${err}`)); + reject(new error_1.InternalError({ + code: 'TUF_READ_TARGET_ERROR', + message: `error reading target ${path}`, + cause: err, + })); } else { resolve(data); @@ -45,10 +49,17 @@ async function getTargetPath(tuf, target) { targetInfo = await tuf.refresh().then(() => tuf.getTargetInfo(target)); } catch (err) { - throw new error_1.InternalError(`error refreshing TUF metadata: ${err}`); + throw new error_1.InternalError({ + code: 'TUF_REFRESH_METADATA_ERROR', + message: 'error refreshing TUF metadata', + cause: err, + }); } if (!targetInfo) { - throw new error_1.InternalError(`target ${target} not found`); + throw new error_1.InternalError({ + code: 'TUF_FIND_TARGET_ERROR', + message: `target ${target} not found`, + }); } let path = await tuf.findCachedTarget(targetInfo); // An empty path here means the target has not been cached locally, or is @@ -58,7 +69,11 @@ async function getTargetPath(tuf, target) { path = await tuf.downloadTarget(targetInfo); } catch (err) { - throw new error_1.InternalError(`error downloading target: ${err}`); + throw new error_1.InternalError({ + code: 'TUF_DOWNLOAD_TARGET_ERROR', + message: `error downloading target ${path}`, + cause: err, + }); } } return path; diff --git a/node_modules/sigstore/package.json b/node_modules/sigstore/package.json index 8213554784230..2df3467186765 100644 --- a/node_modules/sigstore/package.json +++ b/node_modules/sigstore/package.json @@ -1,6 +1,6 @@ { "name": "sigstore", - "version": "1.3.0", + "version": "1.4.0", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -37,6 +37,7 @@ "homepage": "https://github.com/sigstore/sigstore-js#readme", "devDependencies": { "@changesets/cli": "^2.26.0", + "@total-typescript/shoehorn": "^0.1.0", "@tsconfig/node14": "^1.0.3", "@tufjs/repo-mock": "^1.1.0", "@types/jest": "^29.4.0", diff --git a/package-lock.json b/package-lock.json index 44445c8c24aef..76a2c7487a9d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11536,9 +11536,9 @@ "inBundle": true }, "node_modules/sigstore": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-1.3.0.tgz", - "integrity": "sha512-dhdv+jOAi1RgLHw13lxumk3rlgZtumUz9QrCNPTx9MazUnUV3BfAb74oYAMPQQ7uaeogB5vTosbz3POzKbEHUQ==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-1.4.0.tgz", + "integrity": "sha512-N7TRpSbFjY/TrFDg6yGAQSYBrQ5s6qmPiq4pD6fkv1LoyfMsLG0NwZWG2s5q+uttLHgyVyTa0Rogx2P78rN8kQ==", "inBundle": true, "dependencies": { "@sigstore/protobuf-specs": "^0.1.0", @@ -15669,7 +15669,7 @@ "npm-registry-fetch": "^14.0.3", "proc-log": "^3.0.0", "semver": "^7.3.7", - "sigstore": "^1.3.0", + "sigstore": "^1.4.0", "ssri": "^10.0.1" }, "devDependencies": { diff --git a/workspaces/libnpmpublish/package.json b/workspaces/libnpmpublish/package.json index 1557b8403d104..10cfddfb07bd5 100644 --- a/workspaces/libnpmpublish/package.json +++ b/workspaces/libnpmpublish/package.json @@ -44,7 +44,7 @@ "npm-registry-fetch": "^14.0.3", "proc-log": "^3.0.0", "semver": "^7.3.7", - "sigstore": "^1.0.0", + "sigstore": "^1.4.0", "ssri": "^10.0.1" }, "engines": {