Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: generate DSSE language clients from the protobuf #54

Open
kommendorkapten opened this issue Nov 4, 2022 · 4 comments
Open

Comments

@kommendorkapten
Copy link

Last week I talked to both @SantiagoTorres and @adityasaky about the initiative in Sigstore to start to define all the data types in protobuf, for easier client implementation. Sigstore is relying on DSSE envelopes, and it would be nice if the code generation for DSSE was performed in this repository, and published to the canonical package repositories. The way go deals with packages I would think of the go code being generated in this repository, so clients could pull the package.

If this is something you think are worth doing, I'm ready to do the work, including updating https://github.com/secure-systems-lab/go-securesystemslib/blob/main/dsse/ with a new major release (this will be a breaking change) that utilizes the envelope struct from the generated code.

@MarkLodato
Copy link
Collaborator

Sounds good to me. Why is it a breaking change?

@kommendorkapten
Copy link
Author

Hm I think I hear what you are saying, you would like for the protobuf generated code to be put in the same package as the dsse code is today? Then yes, it would not be a breaking change!

@MarkLodato
Copy link
Collaborator

Ah, I think there is some confusion about versions. There is the version of the spec itself, and the version of any libraries that implement the spec.

The spec itself is unaffected by this change. The protobuf describes the existing design.

Libraries that switch to protobuf-generated code from a custom interface might need to change.

@kommendorkapten
Copy link
Author

Ah, I think there is some confusion about versions. There is the version of the spec itself, and the version of any libraries that implement the spec.

Correct, but if the build job that generates the code always pulls the protobuf from this repository we can manage that, by being explicit by the version we use.

Libraries that switch to protobuf-generated code from a custom interface might need to change.

I think this can actually be avoided. So if we instead update the go-securesystemslib package, to generate the code on build, and publish that code into the go-securesystemslib package, we won't get a breaking change, as the generated code will end up in the same package as the definitions is today.

This is not something I have done before (generate structs into an existing package), so I can't determine if it's a hack, or if it's a good solution :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants