mirror

package

v0.1.10 Latest Latest Go to latest Published: Jul 24, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/docker/attest

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func PushImageToRegistry(image v1.Image, imageName string) error
func PushIndexToRegistry(index v1.ImageIndex, imageName string) error
func SaveImage(output *oci.ImageSpec, image v1.Image, imageName string) error
func SaveImageAsOCILayout(image v1.Image, path string) error
func SaveIndex(outputs []*oci.ImageSpec, index v1.ImageIndex, indexName string) error
func SaveIndexAsOCILayout(image v1.ImageIndex, path string) error
func SaveReferrers(manifest *attestation.AttestationManifest, outputs []*oci.ImageSpec) error
type DelegatedTargetMetadata
type MirrorImage
type MirrorIndex
type TufMetadata
type TufMirror
- func NewTufMirror(root []byte, tufPath, metadataURL, targetsURL string, ...) (*TufMirror, error)
type TufRole

Examples ¶

NewTufMirror

Constants ¶

View Source

const (
	DefaultMetadataURL = "https://docker.github.io/tuf/metadata"
	DefaultTargetsURL  = "https://docker.github.io/tuf/targets"
)

Variables ¶

View Source

var TufRoles = []TufRole{metadata.ROOT, metadata.SNAPSHOT, metadata.TARGETS, metadata.TIMESTAMP}

Functions ¶

func PushImageToRegistry ¶ added in v0.1.5

func PushImageToRegistry(image v1.Image, imageName string) error

func PushIndexToRegistry ¶ added in v0.1.5

func PushIndexToRegistry(index v1.ImageIndex, imageName string) error

func SaveImage ¶ added in v0.1.8

func SaveImage(output *oci.ImageSpec, image v1.Image, imageName string) error

func SaveImageAsOCILayout ¶ added in v0.1.5

func SaveImageAsOCILayout(image v1.Image, path string) error

func SaveIndex ¶ added in v0.1.8

func SaveIndex(outputs []*oci.ImageSpec, index v1.ImageIndex, indexName string) error

func SaveIndexAsOCILayout ¶ added in v0.1.5

func SaveIndexAsOCILayout(image v1.ImageIndex, path string) error

func SaveReferrers ¶ added in v0.1.8

func SaveReferrers(manifest *attestation.AttestationManifest, outputs []*oci.ImageSpec) error

Types ¶

type DelegatedTargetMetadata ¶

type DelegatedTargetMetadata struct {
	Name    string
	Version string
	Data    []byte
}

type MirrorImage ¶

type MirrorImage struct {
	Image v1.Image
	Tag   string
}

type MirrorIndex ¶

type MirrorIndex struct {
	Index v1.ImageIndex
	Tag   string
}

type TufMetadata ¶

type TufMetadata struct {
	Root      map[string][]byte
	Snapshot  map[string][]byte
	Targets   map[string][]byte
	Timestamp []byte
}

type TufMirror ¶

type TufMirror struct {
	TufClient *tuf.TufClient
	// contains filtered or unexported fields
}

func NewTufMirror ¶

func NewTufMirror(root []byte, tufPath, metadataURL, targetsURL string, versionChecker tuf.VersionChecker) (*TufMirror, error)

Example ¶

package main

import (
	"fmt"
	"os"
	"path/filepath"
	"strings"

	"github.com/docker/attest/internal/embed"
	"github.com/docker/attest/pkg/mirror"
	"github.com/docker/attest/pkg/tuf"
	v1 "github.com/google/go-containerregistry/pkg/v1"
)

type TufMirrorOutput struct {
	metadata          v1.Image
	delegatedMetadata []*mirror.MirrorImage
	targets           []*mirror.MirrorImage
	delegatedTargets  []*mirror.MirrorIndex
}

func main() {
	home, err := os.UserHomeDir()
	if err != nil {
		panic(err)
	}
	tufOutputPath := filepath.Join(home, ".docker", "tuf")

	// configure TUF mirror
	metadataURI := "https://docker.github.io/tuf-staging/metadata"
	targetsURI := "https://docker.github.io/tuf-staging/targets"
	m, err := mirror.NewTufMirror(embed.RootStaging.Data, tufOutputPath, metadataURI, targetsURI, tuf.NewMockVersionChecker())
	if err != nil {
		panic(err)
	}

	// create metadata manifest
	metadataManifest, err := m.GetMetadataManifest(metadataURI)
	if err != nil {
		panic(err)
	}
	// create delegated targets metadata manifests
	delegatedMetadata, err := m.GetDelegatedMetadataMirrors()
	if err != nil {
		panic(err)
	}

	// create targets manifest
	targets, err := m.GetTufTargetMirrors()
	if err != nil {
		panic(err)
	}
	// create delegated targets manifests
	delegatedTargets, err := m.GetDelegatedTargetMirrors()
	if err != nil {
		panic(err)
	}

	mirrorOutput := &TufMirrorOutput{
		metadata:          metadataManifest,
		delegatedMetadata: delegatedMetadata,
		targets:           targets,
		delegatedTargets:  delegatedTargets,
	}

	// push metadata and targets to registry (optional)
	err = mirrorToRegistry(mirrorOutput)
	if err != nil {
		panic(err)
	}

	// save metadata and targets to local directory (optional)
	mirrorOutputPath := filepath.Join(home, ".docker", "tuf", "mirror")
	err = mirrorToLocal(mirrorOutput, mirrorOutputPath)
	if err != nil {
		panic(err)
	}
}

func mirrorToRegistry(o *TufMirrorOutput) error {
	// push metadata to registry
	metadataRepo := "registry-1.docker.io/docker/tuf-metadata:latest"
	err := mirror.PushImageToRegistry(o.metadata, metadataRepo)
	if err != nil {
		return err
	}
	// push delegated metadata to registry
	for _, metadata := range o.delegatedMetadata {
		repo, _, ok := strings.Cut(metadataRepo, ":")
		if !ok {
			return fmt.Errorf("failed to get repo without tag: %s", metadataRepo)
		}
		imageName := fmt.Sprintf("%s:%s", repo, metadata.Tag)
		err = mirror.PushImageToRegistry(metadata.Image, imageName)
		if err != nil {
			return err
		}
	}

	// push top-level targets to registry
	targetsRepo := "registry-1.docker.io/docker/tuf-targets"
	for _, target := range o.targets {
		imageName := fmt.Sprintf("%s:%s", targetsRepo, target.Tag)
		err = mirror.PushImageToRegistry(target.Image, imageName)
		if err != nil {
			return err
		}
	}
	// push delegated targets to registry
	for _, target := range o.delegatedTargets {
		imageName := fmt.Sprintf("%s:%s", targetsRepo, target.Tag)
		err = mirror.PushIndexToRegistry(target.Index, imageName)
		if err != nil {
			return err
		}
	}
	return nil
}

func mirrorToLocal(o *TufMirrorOutput, outputPath string) error {
	// output metadata to local directory
	err := mirror.SaveImageAsOCILayout(o.metadata, outputPath)
	if err != nil {
		return err
	}
	// output delegated metadata to local directory
	for _, metadata := range o.delegatedMetadata {
		path := filepath.Join(outputPath, metadata.Tag)
		err = mirror.SaveImageAsOCILayout(metadata.Image, path)
		if err != nil {
			return err
		}
	}

	// output top-level targets to local directory
	for _, target := range o.targets {
		path := filepath.Join(outputPath, target.Tag)
		err = mirror.SaveImageAsOCILayout(target.Image, path)
		if err != nil {
			return err
		}
	}
	// output delegated targets to local directory
	for _, target := range o.delegatedTargets {
		path := filepath.Join(outputPath, target.Tag)
		err = mirror.SaveIndexAsOCILayout(target.Index, path)
		if err != nil {
			return err
		}
	}
	return nil
}

Output:

func (*TufMirror) GetDelegatedMetadataMirrors ¶

func (m *TufMirror) GetDelegatedMetadataMirrors() ([]*MirrorImage, error)

GetDelegatedMetadataMirrors returns a list of mirrors (image/tag pairs) for each delegated targets role metadata

func (*TufMirror) GetDelegatedTargetMirrors ¶

func (m *TufMirror) GetDelegatedTargetMirrors() ([]*MirrorIndex, error)

GetDelegatedTargetMirrors returns a list of delegated target files as MirrorIndexes (image index with tag) each image in the index contains a delegated target file

func (*TufMirror) GetMetadataManifest ¶

func (m *TufMirror) GetMetadataManifest(metadataURL string) (v1.Image, error)

GetMetadataManifest returns an image with TUF root metadata as layers

func (*TufMirror) GetTufTargetMirrors ¶

func (m *TufMirror) GetTufTargetMirrors() ([]*MirrorImage, error)

GetTufTargetMirrors returns a list of top-level target files as MirrorImages (image with tag)

type TufRole ¶

type TufRole string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL