From bfdb850eb829a614c4d4cb5d414f858957ee173b Mon Sep 17 00:00:00 2001 From: Sigstore Bot <86837369+sigstore-bot@users.noreply.github.com> Date: Thu, 2 Mar 2023 13:27:30 +0100 Subject: [PATCH] update snapshot and timestamp (#698) Signed-off-by: GitHub Co-authored-by: kommendorkapten --- repository/staged/root.json | 144 +++++++++++++++++++++++++++++++ repository/staged/snapshot.json | 56 ++++++++++++ repository/staged/targets.json | 136 +++++++++++++++++++++++++++++ repository/staged/timestamp.json | 24 ++++++ 4 files changed, 360 insertions(+) create mode 100644 repository/staged/root.json create mode 100644 repository/staged/snapshot.json create mode 100644 repository/staged/targets.json create mode 100644 repository/staged/timestamp.json diff --git a/repository/staged/root.json b/repository/staged/root.json new file mode 100644 index 00000000..0b2c06bf --- /dev/null +++ b/repository/staged/root.json @@ -0,0 +1,144 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 6, + "expires": "2023-08-28T07:54:10Z", + "keys": { + "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n" + } + }, + "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n" + } + }, + "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n" + } + }, + "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n" + } + }, + "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n" + } + }, + "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n" + } + }, + "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c": { + "keytype": "ecdsa-sha2-nistp256", + "scheme": "ecdsa-sha2-nistp256", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n" + } + } + }, + "roles": { + "root": { + "keyids": [ + "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", + "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", + "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", + "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", + "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" + ], + "threshold": 3 + }, + "snapshot": { + "keyids": [ + "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", + "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", + "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", + "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", + "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de" + ], + "threshold": 3 + }, + "timestamp": { + "keyids": [ + "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a" + ], + "threshold": 1 + } + }, + "consistent_snapshot": true + }, + "signatures": [ + { + "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", + "sig": "3044022079941eab7035ffd603354ee9a072ad87ad24e084f2aa52a718f76b21545d90190220368a65bb4ac83a9938885f5bba6a0b9a25c9979c85d85840497a95e47466eafb" + }, + { + "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", + "sig": "3045022100ca33d35657c55b93c827ecad61be61e6d91da886d413f5083894a70d6e9af1cd022049d2b8b50d34a4e48cb3832a17a82c1ec1ae6b61af2a6db6e7d1c63d81a0dae7" + }, + { + "keyid": "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", + "sig": "304402207875857b20d8258e0c888e55516cb50593746543cd3c34c9743efb2921cb2a660220127107a67b585e67d3df0538a6be1f5d4834857d1d88da9f8a6b8b8ac8998904" + }, + { + "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", + "sig": "304502205c7b76ad222ffe16fed152f5bbf1c18b3df4814bf93703fea4605ae335914953022100a9d187ee02a4babe12b1646b572171bac60b23b0846ff3f067ded075194b549c" + }, + { + "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", + "sig": "30440220724e672fd7a2dbd338dfea683712a77bc1579ae5061dbc501d498ade02ea3aeb022012758bd3f1d4d245d92a692d26f743ad7a1f9af0982d1983a8619186c1fbcdd4" + } + ] +} \ No newline at end of file diff --git a/repository/staged/snapshot.json b/repository/staged/snapshot.json new file mode 100644 index 00000000..3eb55f72 --- /dev/null +++ b/repository/staged/snapshot.json @@ -0,0 +1,56 @@ +{ + "signed": { + "_type": "snapshot", + "spec_version": "1.0", + "version": 73, + "expires": "2023-03-23T12:12:10Z", + "meta": { + "rekor.json": { + "length": 797, + "hashes": { + "sha256": "9d2e1a5842937d8e0d3e3759170b0ad15c56c5df36afc5cf73583ddd283a463b", + "sha512": "176e9e710ddddd1b357a7d7970831bae59763395a0c18976110cbd35b25e5412dc50f356ec421a7a30265670cf7aec9ed84ee944ba700ec2394b9c876645b960" + }, + "version": 3 + }, + "revocation.json": { + "length": 800, + "hashes": { + "sha256": "6f60848ba8fb0955a02abfd1232fb3845dc9ee9f418bf03521a7ddb48217e040", + "sha512": "a965dddd0d0edef6c59e84cf02ecf5a53299f633fd339b2b61814a4219ab4df672a6390f265b8b29e1c8cea9368ea3440df013790759d50231a30df1c1f02551" + }, + "version": 2 + }, + "root.json": { + "length": 5297, + "hashes": { + "sha256": "f5ad897c9414cca99629f400ac3585e41bd8ebb44c5af07fb08dd636a9eced9c", + "sha512": "7445ddfdd338ef786c324fc3d68f75be28cb95b7fb581d2a383e3e5dde18aa17029a5636ec0a22e9631931bbcb34057788311718ea41e21e7cdd3c0de13ede42" + }, + "version": 2 + }, + "staging.json": { + "length": 401, + "hashes": { + "sha256": "cda57759abac5375397eea3531d7ca51e3a67da9a2dc93f2cdab749e2ae73149", + "sha512": "e9e59587bde453144c7079884a880c706f1d43f26e8bb23fac2b96a99569a2a30ae6cf51ec51c2454f760ce83d4c20915e062aede7f319b3da6a6ed1d26ca281" + }, + "version": 2 + }, + "targets.json": { + "length": 4737, + "hashes": { + "sha256": "79698024b773e7c669b8c5def0031fdc7cd2ab7785d80f7f72a7495472f63218", + "sha512": "e19872e801ccefee869177d72a6f929197fd02faaa823fbd0f0bb6a0833ef7246040f90c313a271fbb2d29ac7ca5cab7aa09d422a9ec85950f2ad297fc455915" + }, + "version": 6 + } + } + }, + "signatures": [ + { + "keyid": "45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b", + "sig": "30440220138586309855cb19cce0036a72c2119605eee68577eea2bd08c1d8c141e582d502207bc523dce58809c089af8b713b4f577965ba59c759761e899c4ccde5852c8c36" + } + ] +} \ No newline at end of file diff --git a/repository/staged/targets.json b/repository/staged/targets.json new file mode 100644 index 00000000..d096a05a --- /dev/null +++ b/repository/staged/targets.json @@ -0,0 +1,136 @@ +{ + "signed": { + "_type": "targets", + "spec_version": "1.0", + "version": 6, + "expires": "2023-08-28T07:54:10Z", + "targets": { + "artifact.pub": { + "length": 177, + "hashes": { + "sha256": "59ebf97a9850aecec4bc39c1f5c1dc46e6490a6b5fd2a6cacdcac0c3a6fc4cbf", + "sha512": "308fd1d1d95d7f80aa33b837795251cc3e886792982275e062409e13e4e236ffc34d676682aa96fdc751414de99c864bf132dde71581fa651c6343905e3bf988" + }, + "custom": { + "sigstore": { + "status": "Active", + "usage": "Unknown" + } + } + }, + "ctfe.pub": { + "length": 177, + "hashes": { + "sha256": "7fcb94a5d0ed541260473b990b99a6c39864c1fb16f3f3e594a5a3cebbfe138a", + "sha512": "4b20747d1afe2544238ad38cc0cc3010921b177d60ac743767e0ef675b915489bd01a36606c0ff83c06448622d7160f0d866c83d20f0c0f44653dcc3f9aa0bd4" + }, + "custom": { + "sigstore": { + "status": "Active", + "uri": "https://ctfe.sigstore.dev/test", + "usage": "CTFE" + } + } + }, + "ctfe_2022.pub": { + "length": 178, + "hashes": { + "sha256": "270488a309d22e804eeb245493e87c667658d749006b9fee9cc614572d4fbbdc", + "sha512": "e83fa4f427b24ee7728637fad1b4aa45ebde2ba02751fa860694b1bb16059a490328f9985e51cc70e4d237545315a1bc866dc4fdeef2f6248d99cc7a6077bf85" + }, + "custom": { + "sigstore": { + "status": "Active", + "uri": "https://ctfe.sigstore.dev/2022", + "usage": "CTFE" + } + } + }, + "fulcio.crt.pem": { + "length": 744, + "hashes": { + "sha256": "f360c53b2e13495a628b9b8096455badcb6d375b185c4816d95a5d746ff29908", + "sha512": "0713252a7fd17f7f3ab12f88a64accf2eb14b8ad40ca711d7fe8b4ecba3b24db9e9dffadb997b196d3867b8f9ff217faf930d80e4dab4e235c7fc3f07be69224" + }, + "custom": { + "sigstore": { + "status": "Expired", + "uri": "https://fulcio.sigstore.dev", + "usage": "Fulcio" + } + } + }, + "fulcio_intermediate_v1.crt.pem": { + "length": 789, + "hashes": { + "sha256": "f8cbecf186db7714624a5f4e99da31a917cbef70a94dd6921f5c3ca969dfe30a", + "sha512": "0f99f47dbc26c5f1e3cba0bfd9af4245a26e5cb735d6ef005792ec7e603f66fdb897de985973a6e50940ca7eff5e1849719e967b5ad2dac74a29115a41cf6f21" + }, + "custom": { + "sigstore": { + "status": "Active", + "uri": "https://fulcio.sigstore.dev", + "usage": "Fulcio" + } + } + }, + "fulcio_v1.crt.pem": { + "length": 740, + "hashes": { + "sha256": "f989aa23def87c549404eadba767768d2a3c8d6d30a8b793f9f518a8eafd2cf5", + "sha512": "f2e33a6dc208cee1f51d33bbea675ab0f0ced269617497985f9a0680689ee7073e4b6f8fef64c91bda590d30c129b3070dddce824c05bc165ac9802f0705cab6" + }, + "custom": { + "sigstore": { + "status": "Active", + "uri": "https://fulcio.sigstore.dev", + "usage": "Fulcio" + } + } + }, + "rekor.pub": { + "length": 178, + "hashes": { + "sha256": "dce5ef715502ec9f3cdfd11f8cc384b31a6141023d3e7595e9908a81cb6241bd", + "sha512": "0ae7705e02db33e814329746a4a0e5603c5bdcd91c96d072158d71011a2695788866565a2fec0fe363eb72cbcaeda39e54c5fe8d416daf9f3101fdba4217ef35" + }, + "custom": { + "sigstore": { + "status": "Active", + "uri": "https://rekor.sigstore.dev", + "usage": "Rekor" + } + } + }, + "trusted_root.json": { + "length": 4567, + "hashes": { + "sha256": "cec894ad77f79b1cb324150f6363012bcef7492954f3ab9134f932e6aa2e2e20", + "sha512": "08be2fd75c19e654caad30852847c566f97e6245f2bbcc54d347d6bdec7e879135e3395b5633b9e3b85d739fdb9b4eb8c09ddc70495792bc2ea65c8caf770d27" + } + } + } + }, + "signatures": [ + { + "keyid": "2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de", + "sig": "3044022061696eb6f8b51dd576b283f1326721fc1287ed87301f96b2b694e711efd0308702205a8f8b30c093032400d0e8a2d16388cebc3ad36fddd78baed7e8f6199a95aec8" + }, + { + "keyid": "ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c", + "sig": "3046022100b1c637be9b9ca306538a686f24943fa1bceb0e6efaeb8d8c66182502a6e1a651022100a9c002f701ecf37f7fbf493bd2a97751f1280d9786fb34fafa13b78182f59822" + }, + { + "keyid": "25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99", + "sig": "30450221009b51e35eb5f6fbe664d8d9f2131a0293d6bf4e9128debba563892d17e51c4132022056cf3a48a482dc09d56b78ffacf13a5045054b7861b154239fc6b78c44b282e7" + }, + { + "keyid": "f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f", + "sig": "3045022100c508e1c2ac28ff5beb50aa2868f55fcba73fe17ea02d73d76b334778a65aba8102203ffd85878fd0f8ec78f8124a5229720c2d91536608d5487022fe502d6e4d7649" + }, + { + "keyid": "7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b", + "sig": "3045022100968006fba63357bfbe81a6bd43228f46586fd5a15cd2519fc00d629636687ef1022002b2766ee0d845d48db09a8787d375d535d10573f4fc227b06a8b4ec46b883f4" + } + ] +} \ No newline at end of file diff --git a/repository/staged/timestamp.json b/repository/staged/timestamp.json new file mode 100644 index 00000000..cb034757 --- /dev/null +++ b/repository/staged/timestamp.json @@ -0,0 +1,24 @@ +{ + "signed": { + "_type": "timestamp", + "spec_version": "1.0", + "version": 73, + "expires": "2023-03-16T12:12:11Z", + "meta": { + "snapshot.json": { + "length": 1973, + "hashes": { + "sha256": "23d96b0c7ae506d0b58c09039d7ec726df1e2154ff6c85f0e68eec0270c3f02a", + "sha512": "92a5b49451b4c5230a5d705562c96d7ed930f4da3867ce2fee7f179950f8d1c965ce6db1e4ef4b3d99e9cb5a3fe5c0a8b7c38be0cffe058b91aee75ddb181411" + }, + "version": 73 + } + } + }, + "signatures": [ + { + "keyid": "e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a", + "sig": "3045022028dac7526636b8ad32aec458b10515ae959fb60333a5586ec9418969e2d5e439022100f92ffbea7e4cfebe3665b58e2343cfe59407bdc82f0dbe3a05e4519d8597d021" + } + ] +} \ No newline at end of file