fix: upgrade sigstore Signer to use sigstore v4 (#532)

* fix: upgrade sigstore Signer to use `sigstore` v4

1. Manually specify `sigstore_protobuf_specs` as a dependency as
   `sigstore` no longer includes it.

2. Handle the sigstore_signer breaking changes based on:
   https://www.github.com/sigstore/sigstore-python/pull/1363

Signed-off-by: Spencer Schrock <[email protected]>

* specify utf-8 encoding for signatures

Rekor v2 makes use of an em dash `—` in its checkpoint format, which was
causing issues when writing the JSON bundle to disk. Linux and macOS
default to "utf-8" when writing text files without a provided encoding,
while Windows defaults to "cp1252".

RFC8259 states JSON text must be "utf-8":
https://datatracker.ietf.org/doc/html/rfc8259#section-8.1

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>

Author: spencerschrock

CHANGELOG.md

@@ -27,6 +27,7 @@ All versions prior to 1.0.0 are untracked.
 - Added support trace sigstore sign and verify operations using OpenTelemetry.
 - cli: Added support for `--ignore_unsigned_files` option
 - Implemented a new, minimal container image. This variant excludes optional dependencies (like OTel and PKCS#11) to reduce footprint, focusing solely on core signing and verification mechanisms.
+- The library now requires at least v4.0.0 of `sigstore` due to breaking changes in that library
 
 ## [1.0.1] - 2024-04-18
 

pyproject.toml

@@ -33,7 +33,7 @@ dependencies = [
   "cryptography",
   "in-toto-attestation",
   "sigstore-protobuf-specs == 0.3.2",
-  "sigstore==3.6.5",
+  "sigstore>=4.0",
   "typing_extensions",
 ]
 requires-python = ">=3.9"

src/model_signing/_signing/sign_sigstore.py

@@ -51,12 +51,12 @@ def __init__(self, bundle: sigstore_models.Bundle):
 
     @override
     def write(self, path: pathlib.Path) -> None:
-        path.write_text(self.bundle.to_json())
+        path.write_text(self.bundle.to_json(), encoding="utf-8")
 
     @classmethod
     @override
     def read(cls, path: pathlib.Path) -> Self:
-        content = path.read_text()
+        content = path.read_text(encoding="utf-8")
         return cls(sigstore_models.Bundle.from_json(content))
 
 
@@ -109,15 +109,17 @@ def __init__(
               secret.
         """
         if use_staging:
-            self._signing_context = sigstore_signer.SigningContext.staging()
-            self._issuer = sigstore_oidc.Issuer.staging()
+            trust_config = sigstore_models.ClientTrustConfig.staging()
         else:
-            self._signing_context = sigstore_signer.SigningContext.production()
-            if oidc_issuer is not None:
-                self._issuer = sigstore_oidc.Issuer(oidc_issuer)
-            else:
-                self._issuer = sigstore_oidc.Issuer.production()
+            trust_config = sigstore_models.ClientTrustConfig.production()
 
+        if not oidc_issuer:
+            oidc_issuer = trust_config.signing_config.get_oidc_url()
+
+        self._issuer = sigstore_oidc.Issuer(oidc_issuer)
+        self._signing_context = (
+            sigstore_signer.SigningContext.from_trust_config(trust_config)
+        )
         self._use_ambient_credentials = use_ambient_credentials
         self._identity_token = identity_token
         self._force_oob = force_oob

src/model_signing/_signing/sign_sigstore_pb.py

@@ -105,12 +105,12 @@ def __init__(self, bundle: bundle_pb.Bundle):
 
     @override
     def write(self, path: pathlib.Path) -> None:
-        path.write_text(self.bundle.to_json())
+        path.write_text(self.bundle.to_json(), encoding="utf-8")
 
     @classmethod
     @override
     def read(cls, path: pathlib.Path) -> Self:
-        content = path.read_text()
+        content = path.read_text(encoding="utf-8")
         parsed_dict = json.loads(content)
         return cls(bundle_pb.Bundle().from_dict(parsed_dict))
 

tests/_signing/sigstore_test.py

@@ -102,15 +102,25 @@ def mocked_oidc_provider_no_ambient():
 
 @pytest.fixture
 def mocked_sigstore_models():
-    with mock.patch.object(
-        sigstore.sigstore_models, "Bundle", autospec=True
-    ) as mocked_bundle:
+    with mock.patch.multiple(
+        sigstore.sigstore_models,
+        Bundle=mock.DEFAULT,
+        ClientTrustConfig=mock.DEFAULT,
+        autospec=True,
+    ) as mocked_objects:
+        mocked_bundle = mocked_objects["Bundle"]
         mocked_bundle.from_json = MockedSigstoreBundle.from_json
-        yield mocked_bundle
+
+        mocked_config = mock.MagicMock()
+        mocked_client_trust_config = mocked_objects["ClientTrustConfig"]
+        mocked_client_trust_config.production.return_value = mocked_config
+        mocked_client_trust_config.staging.return_value = mocked_config
+
+        yield mocked_objects
 
 
 @pytest.fixture
-def mocked_sigstore_signer():
+def mocked_sigstore_signer(mocked_sigstore_models):
     with mock.patch.multiple(
         sigstore.sigstore_signer,
         Signer=mock.DEFAULT,
@@ -128,8 +138,7 @@ def mocked_sigstore_signer():
         mocked_context.signer.return_value = signer
 
         mocked_signing_context = mocked_objects["SigningContext"]
-        mocked_signing_context.staging.return_value = mocked_context
-        mocked_signing_context.production.return_value = mocked_context
+        mocked_signing_context.from_trust_config.return_value = mocked_context
 
         yield mocked_objects
 
@@ -316,11 +325,11 @@ def test_verify_not_intoto_statement(
         signature_path = tmp_path / "model.sig"
         self._sign_manifest(manifest, signature_path, sigstore.Signer)
 
-        correct_signature = signature_path.read_text()
+        correct_signature = signature_path.read_text(encoding="utf-8")
         json_signature = json.loads(correct_signature)
         json_signature["_type"] = "Not in-toto"
         invalid_signature = json.dumps(json_signature)
-        signature_path.write_text(invalid_signature)
+        signature_path.write_text(invalid_signature, encoding="utf-8")
 
         with pytest.raises(ValueError, match="Expected in-toto .* payload"):
             self._verify_dsse_signature(signature_path)