sigstore · ramonpetgrave64 · Jun 6, 2025 · Jun 9, 2025 · Jun 9, 2025 · Jun 9, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,7 +21,7 @@ All versions prior to 0.9.0 are untracked.
 
 
 * Added a `RekorV2Client` for posting new entries to a Rekor V2 instance.
-  [#1400](https://github.com/sigstore/sigstore-python/pull/1400)
+  [#1400](https://github.com/sigstore/sigstore-python/pull/1422)
 
 ### Fixed
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -38,7 +38,7 @@ dependencies = [
   "rfc8785 ~= 0.1.2",
   "rfc3161-client >= 1.0.2,< 1.1.0",
   # NOTE(ww): Both under active development, so strictly pinned.
-  "sigstore-protobuf-specs == 0.4.2",
+  "sigstore-protobuf-specs @ git+https://github.com/sigstore/protobuf-specs.git@main#subdirectory=gen/pb-python",
   "sigstore-rekor-types == 0.0.18",
   "tuf ~= 6.0",
   "platformdirs ~= 4.2",

diff --git a/sigstore/_internal/rekor/__init__.py b/sigstore/_internal/rekor/__init__.py
@@ -35,7 +35,7 @@
     "_hashedrekord_from_parts",
 ]
 
-EntryRequest = NewType("EntryRequest", dict[str, Any])
+EntryRequestBody = NewType("EntryRequestBody", dict[str, Any])
 
 
 class RekorClientError(Exception):
@@ -60,15 +60,16 @@ def __init__(self, http_error: requests.HTTPError):
 
 
 class RekorLogSubmitter(ABC):
-    """Abstract class to represent a Rekor log entry submitter.
+    """
+    Abstract class to represent a Rekor log entry submitter.
 
-    Intended to be implemented by RekorClient and RekorV2Client
+    Intended to be implemented by RekorClient and RekorV2Client.
     """
 
     @abstractmethod
     def create_entry(
         self,
-        request: EntryRequest,
+        request: EntryRequestBody,
     ) -> LogEntry:
         """
         Submit the request to Rekor.
@@ -79,7 +80,7 @@ def create_entry(
     @abstractmethod
     def _build_hashed_rekord_request(
         self, hashed_input: Hashed, signature: bytes, certificate: Certificate
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a hashed rekord request to submit to Rekor.
         """
@@ -89,7 +90,7 @@ def _build_hashed_rekord_request(
     @abstractmethod
     def _build_dsse_request(
         self, envelope: Envelope, certificate: Certificate
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a dsse request to submit to Rekor.
         """

diff --git a/sigstore/_internal/rekor/client.py b/sigstore/_internal/rekor/client.py
@@ -32,7 +32,7 @@
 
 from sigstore._internal import USER_AGENT
 from sigstore._internal.rekor import (
-    EntryRequest,
+    EntryRequestBody,
     RekorClientError,
     RekorLogSubmitter,
 )
@@ -134,7 +134,7 @@ def get(
 
     def post(
         self,
-        payload: EntryRequest,
+        payload: EntryRequestBody,
     ) -> LogEntry:
         """
         Submit a new entry for inclusion in the Rekor log.
@@ -250,15 +250,15 @@ def log(self) -> RekorLog:
         """
         return RekorLog(f"{self.url}/log", session=self.session)
 
-    def create_entry(self, request: EntryRequest) -> LogEntry:
+    def create_entry(self, request: EntryRequestBody) -> LogEntry:
         """
         Submit the request to Rekor.
         """
         return self.log.entries.post(request)
 
     def _build_hashed_rekord_request(  # type: ignore[override]
         self, hashed_input: Hashed, signature: bytes, certificate: Certificate
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a hashed rekord payload to submit to Rekor.
         """
@@ -282,11 +282,11 @@ def _build_hashed_rekord_request(  # type: ignore[override]
                 ),
             ),
         )
-        return EntryRequest(rekord.model_dump(mode="json", by_alias=True))
+        return EntryRequestBody(rekord.model_dump(mode="json", by_alias=True))
 
     def _build_dsse_request(  # type: ignore[override]
         self, envelope: Envelope, certificate: Certificate
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a dsse request to submit to Rekor.
         """
@@ -308,4 +308,4 @@ def _build_dsse_request(  # type: ignore[override]
                 ),
             ),
         )
-        return EntryRequest(dsse.model_dump(mode="json", by_alias=True))
+        return EntryRequestBody(dsse.model_dump(mode="json", by_alias=True))
diff --git a/sigstore/_internal/rekor/client_v2.py b/sigstore/_internal/rekor/client_v2.py
@@ -31,7 +31,11 @@
 from sigstore_protobuf_specs.io import intoto
 
 from sigstore._internal import USER_AGENT
-from sigstore._internal.rekor import EntryRequest, RekorClientError, RekorLogSubmitter
+from sigstore._internal.rekor import (
+    EntryRequestBody,
+    RekorClientError,
+    RekorLogSubmitter,
+)
 from sigstore.dsse import Envelope
 from sigstore.hashes import Hashed
 from sigstore.models import LogEntry
@@ -40,7 +44,8 @@
 
 
 class RekorV2Client(RekorLogSubmitter):
-    """The internal Rekor client for the v2 API
+    """
+    The internal Rekor client for the v2 API.
 
     See https://github.com/sigstore/rekor-tiles/blob/main/CLIENTS.md
     """
@@ -65,7 +70,7 @@ def __del__(self) -> None:
         """
         self.session.close()
 
-    def create_entry(self, payload: EntryRequest) -> LogEntry:
+    def create_entry(self, payload: EntryRequestBody) -> LogEntry:
         """
         Submit a new entry for inclusion in the Rekor log.
 
@@ -90,9 +95,11 @@ def create_entry(self, payload: EntryRequest) -> LogEntry:
 
     @staticmethod
     def _get_key_details(certificate: Certificate) -> common_v1.PublicKeyDetails:
-        """Determine PublicKeyDetails from a certificate
+        """
+        Determine PublicKeyDetails from a certificate
 
-        We know that sign.Signer only uses secp256r1 so do not support anything else"""
+        We know that sign.Signer only uses secp256r1, so do not support anything else.
+        """
         public_key = certificate.public_key()
         if isinstance(public_key, EllipticCurvePublicKey):
             if public_key.curve.name == "secp256r1":
@@ -109,7 +116,7 @@ def _build_hashed_rekord_request(
         hashed_input: Hashed,
         signature: bytes,
         certificate: Certificate,
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a hashed rekord request to submit to Rekor.
         """
@@ -129,12 +136,12 @@ def _build_hashed_rekord_request(
                 ),
             )
         )
-        return EntryRequest(req.to_dict())
+        return EntryRequestBody(req.to_dict())
 
     @classmethod
     def _build_dsse_request(
         cls, envelope: Envelope, certificate: Certificate
-    ) -> EntryRequest:
+    ) -> EntryRequestBody:
         """
         Construct a dsse request to submit to Rekor.
         """
@@ -163,4 +170,4 @@ def _build_dsse_request(
                 ],
             )
         )
-        return EntryRequest(req.to_dict())
+        return EntryRequestBody(req.to_dict())
diff --git a/sigstore/sign.py b/sigstore/sign.py
@@ -59,7 +59,7 @@
     ExpiredCertificate,
     FulcioClient,
 )
-from sigstore._internal.rekor import EntryRequest, RekorLogSubmitter
+from sigstore._internal.rekor import EntryRequestBody, RekorLogSubmitter
 from sigstore._internal.sct import verify_sct
 from sigstore._internal.timestamp import TimestampAuthorityClient, TimestampError
 from sigstore._internal.trust import ClientTrustConfig, KeyringPurpose, TrustedRoot
@@ -174,7 +174,7 @@ def _finalize_sign(
         self,
         cert: x509.Certificate,
         content: MessageSignature | dsse.Envelope,
-        proposed_entry: EntryRequest,
+        proposed_entry: EntryRequestBody,
     ) -> Bundle:
         """
         Perform the common "finalizing" steps in a Sigstore signing flow.