Documentation
¶
Index ¶
- Variables
- type Build
- func (*Build) Descriptor() ([]byte, []int)
- func (m *Build) GetBuilderVersion() string
- func (m *Build) GetSignature() *BuildSignature
- func (*Build) ProtoMessage()
- func (m *Build) Reset()
- func (m *Build) String() string
- func (m *Build) XXX_DiscardUnknown()
- func (m *Build) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Build) XXX_Merge(src proto.Message)
- func (m *Build) XXX_Size() int
- func (m *Build) XXX_Unmarshal(b []byte) error
- type BuildSignature
- func (*BuildSignature) Descriptor() ([]byte, []int)
- func (m *BuildSignature) GetKeyId() string
- func (m *BuildSignature) GetKeyType() BuildSignature_KeyType
- func (m *BuildSignature) GetPublicKey() string
- func (m *BuildSignature) GetSignature() []byte
- func (*BuildSignature) ProtoMessage()
- func (m *BuildSignature) Reset()
- func (m *BuildSignature) String() string
- func (m *BuildSignature) XXX_DiscardUnknown()
- func (m *BuildSignature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *BuildSignature) XXX_Merge(src proto.Message)
- func (m *BuildSignature) XXX_Size() int
- func (m *BuildSignature) XXX_Unmarshal(b []byte) error
- type BuildSignature_KeyType
- type Details
- func (*Details) Descriptor() ([]byte, []int)
- func (m *Details) GetProvenance() *provenance.BuildProvenance
- func (m *Details) GetProvenanceBytes() string
- func (*Details) ProtoMessage()
- func (m *Details) Reset()
- func (m *Details) String() string
- func (m *Details) XXX_DiscardUnknown()
- func (m *Details) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Details) XXX_Merge(src proto.Message)
- func (m *Details) XXX_Size() int
- func (m *Details) XXX_Unmarshal(b []byte) error
Constants ¶
This section is empty.
Variables ¶
View Source
var BuildSignature_KeyType_name = map[int32]string{
0: "KEY_TYPE_UNSPECIFIED",
1: "PGP_ASCII_ARMORED",
2: "PKIX_PEM",
}
View Source
var BuildSignature_KeyType_value = map[string]int32{
"KEY_TYPE_UNSPECIFIED": 0,
"PGP_ASCII_ARMORED": 1,
"PKIX_PEM": 2,
}
Functions ¶
This section is empty.
Types ¶
type Build ¶
type Build struct {
// Version of the builder which produced this Note.
BuilderVersion string `protobuf:"bytes,1,opt,name=builder_version,json=builderVersion,proto3" json:"builder_version,omitempty"`
// Signature of the build in Occurrences pointing to the Note containing this
// `BuilderDetails`.
Signature *BuildSignature `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Note holding the version of the provider's builder and the signature of the provenance message in linked BuildDetails.
func (*Build) Descriptor ¶
func (*Build) GetBuilderVersion ¶
func (*Build) GetSignature ¶
func (m *Build) GetSignature() *BuildSignature
func (*Build) ProtoMessage ¶
func (*Build) ProtoMessage()
func (*Build) XXX_DiscardUnknown ¶
func (m *Build) XXX_DiscardUnknown()
func (*Build) XXX_Marshal ¶
func (*Build) XXX_Unmarshal ¶
type BuildSignature ¶
type BuildSignature struct {
// Public key of the builder which can be used to verify that the related
// findings are valid and unchanged. If `key_type` is empty, this defaults
// to PEM encoded public keys.
//
// This field may be empty if `key_id` references an external key.
//
// For Cloud Container Builder based signatures, this is a PEM encoded public
// key. To verify the Cloud Container Builder signature, place the contents of
// this field into a file (public.pem). The signature field is base64-decoded
// into its binary representation in signature.bin, and the provenance bytes
// from `BuildDetails` are base64-decoded into a binary representation in
// signed.bin. OpenSSL can then verify the signature:
// `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
PublicKey string `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// Signature of the related `BuildProvenance`. In JSON, this is base-64
// encoded.
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
// An ID for the key used to sign. This could be either an Id for the key
// stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
// CN for a cert), or a reference to an external key (such as a reference to a
// key in Cloud Key Management Service).
KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// The type of the key, either stored in `public_key` or referenced in
// `key_id`
KeyType BuildSignature_KeyType `` /* 133-byte string literal not displayed */
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Message encapsulating the signature of the verified build.
func (*BuildSignature) Descriptor ¶
func (*BuildSignature) Descriptor() ([]byte, []int)
func (*BuildSignature) GetKeyId ¶
func (m *BuildSignature) GetKeyId() string
func (*BuildSignature) GetKeyType ¶
func (m *BuildSignature) GetKeyType() BuildSignature_KeyType
func (*BuildSignature) GetPublicKey ¶
func (m *BuildSignature) GetPublicKey() string
func (*BuildSignature) GetSignature ¶
func (m *BuildSignature) GetSignature() []byte
func (*BuildSignature) ProtoMessage ¶
func (*BuildSignature) ProtoMessage()
func (*BuildSignature) Reset ¶
func (m *BuildSignature) Reset()
func (*BuildSignature) String ¶
func (m *BuildSignature) String() string
func (*BuildSignature) XXX_DiscardUnknown ¶
func (m *BuildSignature) XXX_DiscardUnknown()
func (*BuildSignature) XXX_Marshal ¶
func (m *BuildSignature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*BuildSignature) XXX_Merge ¶
func (dst *BuildSignature) XXX_Merge(src proto.Message)
func (*BuildSignature) XXX_Size ¶
func (m *BuildSignature) XXX_Size() int
func (*BuildSignature) XXX_Unmarshal ¶
func (m *BuildSignature) XXX_Unmarshal(b []byte) error
type BuildSignature_KeyType ¶
type BuildSignature_KeyType int32
Public key formats
const ( // `KeyType` is not set. BuildSignature_KEY_TYPE_UNSPECIFIED BuildSignature_KeyType = 0 // `PGP ASCII Armored` public key. BuildSignature_PGP_ASCII_ARMORED BuildSignature_KeyType = 1 // `PKIX PEM` public key. BuildSignature_PKIX_PEM BuildSignature_KeyType = 2 )
func (BuildSignature_KeyType) EnumDescriptor ¶
func (BuildSignature_KeyType) EnumDescriptor() ([]byte, []int)
func (BuildSignature_KeyType) String ¶
func (x BuildSignature_KeyType) String() string
type Details ¶
type Details struct {
// The actual provenance for the build.
Provenance *provenance.BuildProvenance `protobuf:"bytes,1,opt,name=provenance,proto3" json:"provenance,omitempty"`
// Serialized JSON representation of the provenance, used in generating the
// `BuildSignature` in the corresponding Result. After verifying the
// signature, `provenance_bytes` can be unmarshalled and compared to the
// provenance to confirm that it is unchanged. A base64-encoded string
// representation of the provenance bytes is used for the signature in order
// to interoperate with openssl which expects this format for signature
// verification.
//
// The serialized form is captured both to avoid ambiguity in how the
// provenance is marshalled to json as well to prevent incompatibilities with
// future changes.
ProvenanceBytes string `protobuf:"bytes,2,opt,name=provenance_bytes,json=provenanceBytes,proto3" json:"provenance_bytes,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
Details of a build occurrence.
func (*Details) Descriptor ¶
func (*Details) GetProvenance ¶
func (m *Details) GetProvenance() *provenance.BuildProvenance
func (*Details) GetProvenanceBytes ¶
func (*Details) ProtoMessage ¶
func (*Details) ProtoMessage()
func (*Details) XXX_DiscardUnknown ¶
func (m *Details) XXX_DiscardUnknown()
func (*Details) XXX_Marshal ¶
func (*Details) XXX_Unmarshal ¶
Source Files
Click to show internal directories.
Click to hide internal directories.