tuf

package module

v0.0.0-...-e1345f7 Latest Latest Go to latest Published: Oct 21, 2015 License: BSD-3-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/diogomonica/gotuf

Links

Open Source Insights

README ¶

GOTUF

This is still a work in progress but will shortly be a fully compliant Go implementation of The Update Framework (TUF).

Where's the CLI

This repository provides a library only. The Notary project from Docker should be considered the official CLI to be used with this implementation of TUF.

TODOs:

Add Targets to existing repo
Sign metadata files
Refactor TufRepo to take care of signing ~~and verification~~
Ensure consistent capitalization in naming (TUF___ vs Tuf___)
Make caching of metadata files smarter - PR #5
~~Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaults~~ Notary should be the official CLI
Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files
Comprehensive test cases
Delete files no longer in use
Fix up errors. Some have to be instantiated, others don't, the inconsistency is annoying.
Bump version numbers in meta files (could probably be done better)

Credits

This implementation was originally forked from flynn/go-tuf, however in attempting to add delegations I found I was making such significant changes that I could not maintain backwards compatibility without the code becoming overly convoluted.

Some features such as pluggable verifiers have alreayd been merged upstream to flynn/go-tuf and we are in discussion with titanous about working to merge the 2 implementations.

This implementation retains the same 3 Clause BSD license present on the original flynn implementation.

Documentation ¶

Overview ¶

Package tuf defines the core TUF logic around manipulating a repo.

Index ¶

type ErrLocalRootExpired
- func (e ErrLocalRootExpired) Error() string
type ErrMetaExpired
- func (e ErrMetaExpired) Error() string
type ErrNotLoaded
- func (err ErrNotLoaded) Error() string
type ErrSigVerifyFail
- func (e ErrSigVerifyFail) Error() string
type Repo
- func NewRepo(keysDB *keys.KeyDB, cryptoService signed.CryptoService) *Repo

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ErrLocalRootExpired ¶

type ErrLocalRootExpired struct{}

ErrLocalRootExpired - the local root file is out of date

func (ErrLocalRootExpired) Error ¶

func (e ErrLocalRootExpired) Error() string

type ErrMetaExpired ¶

type ErrMetaExpired struct{}

ErrMetaExpired - metadata file has expired

func (ErrMetaExpired) Error ¶

func (e ErrMetaExpired) Error() string

type ErrNotLoaded ¶

type ErrNotLoaded struct {
	// contains filtered or unexported fields
}

ErrNotLoaded - attempted to access data that has not been loaded into the repo

func (ErrNotLoaded) Error ¶

func (err ErrNotLoaded) Error() string

type ErrSigVerifyFail ¶

type ErrSigVerifyFail struct{}

ErrSigVerifyFail - signature verification failed

func (ErrSigVerifyFail) Error ¶

func (e ErrSigVerifyFail) Error() string

type Repo ¶

type Repo struct {
	Root      *data.SignedRoot
	Targets   map[string]*data.SignedTargets
	Snapshot  *data.SignedSnapshot
	Timestamp *data.SignedTimestamp
	// contains filtered or unexported fields
}

Repo is an in memory representation of the TUF Repo. It operates at the data.Signed level, accepting and producing data.Signed objects. Users of a Repo are responsible for fetching raw JSON and using the Set* functions to populate the Repo instance.

func NewRepo ¶

func NewRepo(keysDB *keys.KeyDB, cryptoService signed.CryptoService) *Repo

NewRepo initializes a Repo instance with a keysDB and a signer. If the Repo will only be used for reading, the signer should be nil.

func (*Repo) AddBaseKeys ¶

func (tr *Repo) AddBaseKeys(role string, keys ...data.PublicKey) error

AddBaseKeys is used to add keys to the role in root.json

func (*Repo) AddTargets ¶

func (tr *Repo) AddTargets(role string, targets data.Files) (data.Files, error)

AddTargets will attempt to add the given targets specifically to the directed role. If the user does not have the signing keys for the role the function will return an error and the full slice of targets.

func (Repo) FindTarget ¶

func (tr Repo) FindTarget(path string) *data.FileMeta

FindTarget attempts to find the target represented by the given path by starting at the top targets file and traversing appropriate delegations until the first entry is found or it runs out of locations to search. N.B. Multiple entries may exist in different delegated roles

for the same target. Only the first one encountered is returned.

func (*Repo) InitRepo ¶

func (tr *Repo) InitRepo(consistent bool) error

InitRepo creates the base files for a repo. It inspects data.ValidRoles and data.ValidTypes to determine what the role names and filename should be. It also relies on the keysDB having already been populated with the keys and roles.

func (*Repo) InitRoot ¶

func (tr *Repo) InitRoot(consistent bool) error

InitRoot initializes an empty root file with the 4 core roles based on the current content of th ekey db

func (*Repo) InitSnapshot ¶

func (tr *Repo) InitSnapshot() error

InitSnapshot initializes a snapshot based on the current root and targets

func (*Repo) InitTargets ¶

func (tr *Repo) InitTargets() error

InitTargets initializes an empty targets

func (*Repo) InitTimestamp ¶

func (tr *Repo) InitTimestamp() error

InitTimestamp initializes a timestamp based on the current snapshot

func (*Repo) RemoveBaseKeys ¶

func (tr *Repo) RemoveBaseKeys(role string, keyIDs ...string) error

RemoveBaseKeys is used to remove keys from the roles in root.json

func (*Repo) RemoveTargets ¶

func (tr *Repo) RemoveTargets(role string, targets ...string) error

RemoveTargets removes the given target (paths) from the given target role (delegation)

func (*Repo) ReplaceBaseKeys ¶

func (tr *Repo) ReplaceBaseKeys(role string, keys ...data.PublicKey) error

ReplaceBaseKeys is used to replace all keys for the given role with the new keys

func (*Repo) SetRoot ¶

func (tr *Repo) SetRoot(s *data.SignedRoot) error

SetRoot parses the Signed object into a SignedRoot object, sets the keys and roles in the KeyDB, and sets the Repo.Root field to the SignedRoot object.

func (*Repo) SetSnapshot ¶

func (tr *Repo) SetSnapshot(s *data.SignedSnapshot) error

SetSnapshot parses the Signed object into a SignedSnapshots object and sets the Repo.Snapshot field.

func (*Repo) SetTargets ¶

func (tr *Repo) SetTargets(role string, s *data.SignedTargets) error

SetTargets parses the Signed object into a SignedTargets object, reads the delegated roles and keys into the KeyDB, and sets the SignedTargets object agaist the role in the Repo.Targets map.

func (*Repo) SetTimestamp ¶

func (tr *Repo) SetTimestamp(s *data.SignedTimestamp) error

SetTimestamp parses the Signed object into a SignedTimestamp object and sets the Repo.Timestamp field.

func (*Repo) SignRoot ¶

func (tr *Repo) SignRoot(expires time.Time, cryptoService signed.CryptoService) (*data.Signed, error)

SignRoot signs the root

func (*Repo) SignSnapshot ¶

func (tr *Repo) SignSnapshot(expires time.Time, cryptoService signed.CryptoService) (*data.Signed, error)

SignSnapshot updates the snapshot based on the current targets and root then signs it

func (*Repo) SignTargets ¶

func (tr *Repo) SignTargets(role string, expires time.Time, cryptoService signed.CryptoService) (*data.Signed, error)

SignTargets signs the targets file for the given top level or delegated targets role

func (*Repo) SignTimestamp ¶

func (tr *Repo) SignTimestamp(expires time.Time, cryptoService signed.CryptoService) (*data.Signed, error)

SignTimestamp updates the timestamp based on the current snapshot then signs it

func (Repo) TargetDelegations ¶

func (tr Repo) TargetDelegations(role, path, pathHex string) []*data.Role

TargetDelegations returns a slice of Roles that are valid publishers for the target path provided.

func (Repo) TargetMeta ¶

func (tr Repo) TargetMeta(role, path string) *data.FileMeta

TargetMeta returns the FileMeta entry for the given path in the targets file associated with the given role. This may be nil if the target isn't found in the targets file.

func (*Repo) UpdateDelegations ¶

func (tr *Repo) UpdateDelegations(role *data.Role, keys []data.Key, before string) error

UpdateDelegations updates the appropriate delegations, either adding a new delegation or updating an existing one. If keys are provided, the IDs will be added to the role (if they do not exist there already), and the keys will be added to the targets file. The "before" argument specifies another role which this new role will be added in front of (i.e. higher priority) in the delegation list. An empty before string indicates to add the role to the end of the delegation list. A new, empty, targets file will be created for the new role.

func (*Repo) UpdateSnapshot ¶

func (tr *Repo) UpdateSnapshot(role string, s *data.Signed) error

UpdateSnapshot updates the FileMeta for the given role based on the Signed object

func (*Repo) UpdateTimestamp ¶

func (tr *Repo) UpdateTimestamp(s *data.Signed) error

UpdateTimestamp updates the snapshot meta in the timestamp based on the Signed object

Source Files ¶

View all Source files

tuf.go

Directories ¶

Path	Synopsis
Godeps
_workspace/src/github.com/Sirupsen/logrus
_workspace/src/github.com/Sirupsen/logrus/examples/basic
_workspace/src/github.com/Sirupsen/logrus/examples/hook
_workspace/src/github.com/Sirupsen/logrus/formatters/logstash
_workspace/src/github.com/Sirupsen/logrus/hooks/airbrake
_workspace/src/github.com/Sirupsen/logrus/hooks/bugsnag
_workspace/src/github.com/Sirupsen/logrus/hooks/papertrail
_workspace/src/github.com/Sirupsen/logrus/hooks/sentry
_workspace/src/github.com/Sirupsen/logrus/hooks/syslog
_workspace/src/github.com/agl/ed25519 Package ed25519 implements the Ed25519 signature algorithm.	Package ed25519 implements the Ed25519 signature algorithm.
_workspace/src/github.com/agl/ed25519/edwards25519 Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.	Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.
_workspace/src/github.com/agl/ed25519/extra25519
_workspace/src/github.com/docker/docker/pkg/term
_workspace/src/github.com/docker/docker/pkg/term/winconsole
_workspace/src/github.com/docker/notary/pkg/passphrase Package passphrase is a utility function for managing passphrase for TUF and Notary keys.	Package passphrase is a utility function for managing passphrase for TUF and Notary keys.
_workspace/src/github.com/docker/notary/trustmanager
_workspace/src/github.com/google/gofuzz Package fuzz is a library for populating go objects with random values.	Package fuzz is a library for populating go objects with random values.
_workspace/src/github.com/jfrazelle/go/canonical/json Package json implements encoding and decoding of JSON objects as defined in RFC 4627.	Package json implements encoding and decoding of JSON objects as defined in RFC 4627.
_workspace/src/github.com/mattn/go-sqlite3 Package sqlite3 provides interface to SQLite3 databases.	Package sqlite3 provides interface to SQLite3 databases.
_workspace/src/github.com/mattn/go-sqlite3/sqlite3_test
_workspace/src/github.com/stretchr/testify/assert Package assert provides a set of comprehensive testing tools for use with the normal Go testing system.	Package assert provides a set of comprehensive testing tools for use with the normal Go testing system.
_workspace/src/golang.org/x/crypto/nacl/secretbox Package secretbox encrypts and authenticates small messages.	Package secretbox encrypts and authenticates small messages.
_workspace/src/golang.org/x/crypto/pbkdf2 Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.	Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
_workspace/src/golang.org/x/crypto/poly1305 Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf.	Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf.
_workspace/src/golang.org/x/crypto/salsa20/salsa Package salsa provides low-level access to functions in the Salsa family.	Package salsa provides low-level access to functions in the Salsa family.
_workspace/src/golang.org/x/crypto/scrypt Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf).	Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf).
client
data
encrypted Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.	Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.
errors
keys
signed
store
testutils
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL