Adds support for new Rekor 'dsse' entry type

[bobcallaway]

Summary

This add support for uploading Rekor entries about DSSE envelope-based attestations using the new dsse type added in sigstore/rekor#1487.

This PR builds on #525 (given the codegen changes can not be cleanly separated).

Release Note

• Adds support for uploading entries to Rekor using dsse pluggable type

part of #526

[changeset-bot]

🦋 Changeset detected

Latest commit: 83a38ea

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@sigstore/rekor-types	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[bdehamer]

@bobcallaway I'd like to do try generating/verifying some bundles with the new DSSE Rekor type -- has the build with the DSSE type been deployed to production yet?

Before I merge this, I'm going to add some unit tests around the new verification code as well.

[bdehamer]

Is this comment about the double base64 encoding still true for the DSSE type?

[bdehamer]

Did a test in staging and I don't think we need to decode the signature at all here. The sig value from the DSSE envelope above is b64 encoded which should then match the value we pull from the tlog entry here.

[bobcallaway]

do you have docs somewhere on how to target staging with the client? I had to make several code changes when I was doing that.

[bdehamer]

There's a new CLI in the "packages/cli" directory which supports a flag for overriding the rekor URL. From the root of the project you can do:

./packages/cli/bin/dev attest --help

That should show you the various flags

[bdehamer]

Added a unit test for verifying the dsse TLog type. Thanks again @bobcallaway for tackling this.