git

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package git provides higher level funcs for signing and verifying Git commits. Functions here generally tie together low level signature writing and Sigstore components together into useful abstractions for working with Git objects.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LegacySHASign added in v0.7.0

func LegacySHASign(ctx context.Context, rekor rekor.Writer, ident *fulcio.Identity, data []byte, opts signature.SignOptions) (*signature.SignResponse, error)

LegacySHASign is the old-style signing that signs the commit content, but uploads a signed SHA to Rekor. Verification for this style of signing relies on the Rekor Search API to match the signed SHA + commit content certs, and cannot be done offline. This may be removed in the future.

func Sign

func Sign(ctx context.Context, rekor rekor.Writer, ident *fulcio.Identity, data []byte, opts signature.SignOptions) (*signature.SignResponse, error)

Sign signs the commit, uploading a HashedRekord of the commit content to Rekor and embedding the Rekor log entry in the signature. This is suitable for offline verification.

Types

type SignFunc added in v0.7.0

type SignFunc func(ctx context.Context, rekor rekor.Writer, ident *fulcio.Identity, data []byte, opts signature.SignOptions) (*signature.SignResponse, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL