Adds hashed rekord type (#501)

* WIP: new hashed type

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

* wip add signature verification

Signed-off-by: Asra Ali <asraa@google.com>

* address bobs comments

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: Dan Lorenc <lorenc.d@gmail.com>

cmd/rekor-cli/app/pflag_groups.go

@@ -109,11 +109,11 @@ func validateArtifactPFlags(uuidValid, indexValid bool) error {
 	}
 
 	// if neither --entry or --artifact were given, then a reference to a uuid or index is needed
-	if viper.GetString("entry") == "" && viper.GetString("artifact") == "" {
+	if viper.GetString("entry") == "" && viper.GetString("artifact") == "" && viper.GetString("artifact-hash") == "" {
 		if (uuidGiven && uuidValid) || (indexGiven && indexValid) {
 			return nil
 		}
-		return errors.New("either 'entry' or 'artifact' must be specified")
+		return errors.New("either 'entry' or 'artifact' or 'artifact-hash' must be specified")
 	}
 
 	return nil

cmd/rekor-cli/app/root.go

@@ -29,6 +29,7 @@ import (
 
 	// these imports are to call the packages' init methods
 	_ "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
+	_ "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1"
 	_ "github.com/sigstore/rekor/pkg/types/helm/v0.0.1"
 	_ "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1"
 	_ "github.com/sigstore/rekor/pkg/types/jar/v0.0.1"

cmd/rekor-server/app/serve.go

@@ -30,6 +30,8 @@ import (
 	"github.com/sigstore/rekor/pkg/log"
 	"github.com/sigstore/rekor/pkg/types/alpine"
 	alpine_v001 "github.com/sigstore/rekor/pkg/types/alpine/v0.0.1"
+	hashedrekord "github.com/sigstore/rekor/pkg/types/hashedrekord"
+	hashedrekord_v001 "github.com/sigstore/rekor/pkg/types/hashedrekord/v0.0.1"
 	"github.com/sigstore/rekor/pkg/types/helm"
 	helm_v001 "github.com/sigstore/rekor/pkg/types/helm/v0.0.1"
 	"github.com/sigstore/rekor/pkg/types/intoto"
@@ -80,14 +82,15 @@ var serveCmd = &cobra.Command{
 
 		// these trigger loading of package and therefore init() methods to run
 		pluggableTypeMap := map[string]string{
-			rekord.KIND:  rekord_v001.APIVERSION,
-			rpm.KIND:     rpm_v001.APIVERSION,
-			jar.KIND:     jar_v001.APIVERSION,
-			intoto.KIND:  intoto_v001.APIVERSION,
-			rfc3161.KIND: rfc3161_v001.APIVERSION,
-			alpine.KIND:  alpine_v001.APIVERSION,
-			helm.KIND:    helm_v001.APIVERSION,
-			tuf.KIND:     tuf_v001.APIVERSION,
+			rekord.KIND:       rekord_v001.APIVERSION,
+			rpm.KIND:          rpm_v001.APIVERSION,
+			jar.KIND:          jar_v001.APIVERSION,
+			intoto.KIND:       intoto_v001.APIVERSION,
+			rfc3161.KIND:      rfc3161_v001.APIVERSION,
+			alpine.KIND:       alpine_v001.APIVERSION,
+			helm.KIND:         helm_v001.APIVERSION,
+			tuf.KIND:          tuf_v001.APIVERSION,
+			hashedrekord.KIND: hashedrekord_v001.APIVERSION,
 		}
 
 		for k, v := range pluggableTypeMap {

openapi.yaml

@@ -312,6 +312,23 @@ definitions:
         - spec
       additionalProperties: false
 
+  hashedrekord:
+    type: object
+    description: Hashed Rekord object
+    allOf:
+    - $ref: '#/definitions/ProposedEntry'
+    - properties:
+        apiVersion:
+          type: string
+          pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+        spec:
+          type: object
+          $ref: 'pkg/types/hashedrekord/hashedrekord_schema.json'
+      required:
+        - apiVersion
+        - spec
+      additionalProperties: false
+
   rpm:
     type: object
     description: RPM package