{"id":9305,"library":"sigstore-rekor-types","title":"Sigstore Rekor Types","description":"This package provides Python data models for the Sigstore Rekor API types. It primarily consists of Pydantic models generated from the Rekor OpenAPI specification, enabling programmatic interaction with Rekor's data structures. The library is currently at version 0.0.18 and receives updates as the upstream Rekor API evolves, maintaining an active release cadence.","status":"active","version":"0.0.18","language":"en","source_language":"en","source_url":"https://github.com/trailofbits/sigstore-rekor-types","tags":["sigstore","rekor","supply-chain","security","types","models","pydantic"],"install":[{"cmd":"pip install sigstore-rekor-types","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Provides the base models for API types and data validation.","package":"pydantic","optional":false}],"imports":[{"note":"Represents the Rekord entry type for general artifacts.","symbol":"Rekord","correct":"from sigstore_rekor_types.models.rekord import Rekord"},{"note":"Represents the HashedRekord entry type, common for large payloads and supported in Rekor v2.","symbol":"HashedRekord","correct":"from sigstore_rekor_types.models.hashedrekord import HashedRekord"},{"note":"The base model for a log entry response from Rekor.","symbol":"LogEntry","correct":"from sigstore_rekor_types.models.log_entry import LogEntry"}],"quickstart":{"code":"import datetime\nfrom sigstore_rekor_types.models.hashedrekord import HashedRekord, HashedRekordSchema\nfrom sigstore_rekor_types.models.log_entry import LogEntry\nfrom sigstore_rekor_types.models.rekord import RekordObj, RekordObjSchema, RekordObjSignature, RekordObjSignaturePublicKey, RekordObjSignatureData\n\n# Example of creating a HashedRekord object (a common Rekor v2 type)\n# Note: This library provides models, not client functionality to upload to Rekor.\n# For a full client, see sigstore-python.\n\ntry:\n    hashed_rekord_content = HashedRekordSchema(\n        apiVersion='0.0.1',\n        kind='hashedrekord',\n        spec=HashedRekord(\n            signature=RekordObjSignature(\n                content='base64encodedsignature==',\n                format='minisign',\n                publicKey=RekordObjSignaturePublicKey(\n                    content='base64encodedpublickey=='\n                )\n            ),\n            data=RekordObjData(\n                hash=RekordObjHash(\n                    algorithm='sha256',\n                    value='a' * 64 # Example SHA256 hash\n                )\n            )\n        )\n    )\n    print(\"HashedRekord object created successfully:\")\n    print(hashed_rekord_content.model_dump_json(indent=2))\n\n    # Example of a generic LogEntry structure, often returned by Rekor\n    example_log_entry = LogEntry(\n        apiVersion=\"1.0.0\",\n        kind=\"hashedrekord\",\n        spec=hashed_rekord_content.spec.model_dump(mode='json'), # embed the spec\n        uuid=\"some-unique-uuid\",\n        integratedTime=int(datetime.datetime.now(datetime.timezone.utc).timestamp()),\n        logID=\"some-log-id\",\n        logIndex=12345,\n        body=\"base64encodedlogentrybody==\",\n        verification=None\n    )\n    print(\"\\nExample LogEntry object (often retrieved from Rekor):\")\n    print(example_log_entry.model_dump_json(indent=2))\n\nexcept Exception as e:\n    print(f\"Error creating models: {e}\")","lang":"python","description":"This quickstart demonstrates how to instantiate core Pydantic models provided by `sigstore-rekor-types`, specifically `HashedRekord` which is a primary entry type in Rekor v2, and a generic `LogEntry` structure. This library focuses purely on data models, not client interaction with the Rekor API itself. For full client functionality (uploading, verifying), integrate with `sigstore-python`."},"warnings":[{"fix":"Review your Rekor entry types and migrate to `HashedRekord` or `DSSE` if targeting Rekor v2. Consult `sigstore-rekor-types` changelog for specific model version compatibility.","message":"Rekor v2 introduces significant breaking changes by removing many older entry types. Only `hashedrekord` and `dsse` entry types are supported in Rekor v2. Other types like `intoto`, `rekord` (generic), `helm`, `tuf`, `rfc3161`, `jar`, `rpm`, `cose`, and `alpine` are no longer supported.","severity":"breaking","affected_versions":"Rekor API v2.0.0 and above. Impact on `sigstore-rekor-types` depends on whether the specific model versions target v1 or v2."},{"fix":"For full Rekor client functionality, including signing, uploading, and verification, use the `sigstore-python` library, which integrates these models with API interaction logic.","message":"This library provides *only* the Python data models for Rekor's API. It does not include client-side functionality for interacting with the Rekor transparency log (e.g., uploading entries, querying).","severity":"gotcha","affected_versions":"All versions"},{"fix":"Plan to migrate your Rekor integrations to use Rekor v2 and ensure your `sigstore-rekor-types` models are compatible with the v2 API. Monitor Sigstore announcements for the v1 freezing timeline.","message":"Rekor v1 is now in maintenance mode, and users are strongly encouraged to transition to Rekor v2. Rekor v1 will eventually be frozen, disallowing new entry uploads with a one-year advance notice.","severity":"deprecated","affected_versions":"Rekor API v1.x (and corresponding models if specific to v1)"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Check the exact sub-package structure in `sigstore_rekor_types.models` for the specific Rekord type you intend to use. For example, generic `Rekord` is typically under `sigstore_rekor_types.models.rekord`, but the actual content data often resides within nested classes like `RekordObjSchema`. Always verify the package structure, e.g., using `dir(sigstore_rekor_types.models.rekord)`.","cause":"Incorrect import path for a specific Rekor model. While `RekordObj` exists within the Rekord-kind entry, the top-level import might be different or the internal structure has changed.","error":"from sigstore_rekor_types.models.rekord import RekordObj\nModuleNotFoundError: No module named 'sigstore_rekor_types.models.rekord'"},{"fix":"Ensure all required fields for the Pydantic model are provided during instantiation. Consult the model's signature or the Rekor OpenAPI specification to identify mandatory fields. For `HashedRekordSchema`, `apiVersion`, `kind`, and `spec` are typically required.","cause":"Attempting to instantiate a Pydantic model without providing a required field, in this case, the `kind` field for `HashedRekordSchema`.","error":"pydantic.error_wrappers.ValidationError: 1 validation error for HashedRekordSchema\nkind\n  field required (type=value_error.missing)"}]}