Version: v0.7.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: Apache-2.0 Imports: 21 Imported by: 206



Package client implements everything required for interacting with a Notary repository.

package main

import (


func main() {
	rootDir := ".trust"
	if err := os.MkdirAll(rootDir, 0700); err != nil {

	server := ""
	image := ""
	repo, err := NewFileCachedRepository(
		makeHubTransport(server, image),
	if err != nil {

	targets, err := repo.ListTargets()
	if err != nil {

	for _, tgt := range targets {
		fmt.Printf("%s\t%s\n", tgt.Name, hex.EncodeToString(tgt.Hashes["sha256"]))

func makeHubTransport(server, image string) http.RoundTripper {
	base := http.DefaultTransport
	modifiers := []transport.RequestModifier{
			"User-Agent": []string{"my-client"},

	authTransport := transport.NewTransport(base, modifiers...)
	pingClient := &http.Client{
		Transport: authTransport,
		Timeout:   5 * time.Second,
	req, err := http.NewRequest("GET", server+"/v2/", nil)
	if err != nil {

	challengeManager := challenge.NewSimpleManager()
	resp, err := pingClient.Do(req)
	if err != nil {
	defer resp.Body.Close()
	if err := challengeManager.AddResponse(resp); err != nil {
	tokenHandler := auth.NewTokenHandler(base, nil, image, "pull")
	modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, auth.NewBasicHandler(nil)))

	return transport.NewTransport(base, modifiers...)




View Source
const (

	// SignWithAllOldVersions is a sentinel constant for LegacyVersions flag
	SignWithAllOldVersions = -1


This section is empty.


func DeleteTrustData added in v0.5.1

func DeleteTrustData(baseDir string, gun data.GUN, URL string, rt http.RoundTripper, deleteRemote bool) error

DeleteTrustData removes the trust data stored for this repo in the TUF cache on the client side Note that we will not delete any private key material from local storage

func LoadTUFRepo added in v0.7.0

func LoadTUFRepo(options TUFLoadOptions) (*tuf.Repo, *tuf.Repo, error)

LoadTUFRepo bootstraps a trust anchor (root.json) from cache (if provided) before updating all the metadata for the repo from the remote (if provided). It loads a TUF repo from cache, from a remote store, or both.


type ErrInvalidLocalRole added in v0.3.0

type ErrInvalidLocalRole struct {
	Role data.RoleName

ErrInvalidLocalRole is returned when the client wants to manage a key type that is not permitted

func (ErrInvalidLocalRole) Error added in v0.3.0

func (err ErrInvalidLocalRole) Error() string

type ErrInvalidRemoteRole

type ErrInvalidRemoteRole struct {
	Role data.RoleName

ErrInvalidRemoteRole is returned when the server is requested to manage a key type that is not permitted

func (ErrInvalidRemoteRole) Error

func (err ErrInvalidRemoteRole) Error() string

type ErrNoSuchTarget added in v0.5.1

type ErrNoSuchTarget string

ErrNoSuchTarget is returned when no valid trust data is found.

func (ErrNoSuchTarget) Error added in v0.5.1

func (f ErrNoSuchTarget) Error() string

type ErrRepoNotInitialized

type ErrRepoNotInitialized struct{}

ErrRepoNotInitialized is returned when trying to publish an uninitialized notary repository

func (ErrRepoNotInitialized) Error

func (err ErrRepoNotInitialized) Error() string

type ErrRepositoryNotExist

type ErrRepositoryNotExist struct {
	// contains filtered or unexported fields

ErrRepositoryNotExist is returned when an action is taken on a remote repository that doesn't exist

func (ErrRepositoryNotExist) Error

func (err ErrRepositoryNotExist) Error() string

type ReadOnly added in v0.7.0

type ReadOnly interface {
	// ListTargets lists all targets for the current repository. The list of
	// roles should be passed in order from highest to lowest priority.
	// IMPORTANT: if you pass a set of roles such as [ "targets/a", "targets/x"
	// "targets/a/b" ], even though "targets/a/b" is part of the "targets/a" subtree
	// its entries will be strictly shadowed by those in other parts of the "targets/a"
	// subtree and also the "targets/x" subtree, as we will defer parsing it until
	// we explicitly reach it in our iteration of the provided list of roles.
	ListTargets(roles ([]*TargetWithRole, error)

	// GetTargetByName returns a target by the given name. If no roles are passed
	// it uses the targets role and does a search of the entire delegation
	// graph, finding the first entry in a breadth first search of the delegations.
	// If roles are passed, they should be passed in descending priority and
	// the target entry found in the subtree of the highest priority role
	// will be returned.
	// See the IMPORTANT section on ListTargets above. Those roles also apply here.
	GetTargetByName(name string, roles (*TargetWithRole, error)

	// GetAllTargetMetadataByName searches the entire delegation role tree to find
	// the specified target by name for all roles, and returns a list of
	// TargetSignedStructs for each time it finds the specified target.
	// If given an empty string for a target name, it will return back all targets
	// signed into the repository in every role
	GetAllTargetMetadataByName(name string) ([]TargetSignedStruct, error)

	// ListRoles returns a list of RoleWithSignatures objects for this repo
	// This represents the latest metadata for each role in this repo
	ListRoles() ([]RoleWithSignatures, error)

	// GetDelegationRoles returns the keys and roles of the repository's delegations
	// Also converts key IDs to canonical key IDs to keep consistent with signing prompts
	GetDelegationRoles() ([]data.Role, error)

ReadOnly represents the set of options that must be supported over a TUF repo for reading

func NewReadOnly added in v0.7.0

func NewReadOnly(repo *tuf.Repo) ReadOnly

NewReadOnly is the base method that returns a new notary repository for reading. It expects an initialized cache. In case of a nil remote store, a default offline store is used.

type Repository added in v0.6.0

type Repository interface {

	// GetGUN returns the GUN associated with the repository
	GetGUN() data.GUN

	// SetLegacyVersion sets the number of versions back to fetch roots to sign with

	// Initialize creates a new repository by using rootKey as the root Key for the
	// TUF repository. The remote store/server must be reachable (and is asked to
	// generate a timestamp key and possibly other serverManagedRoles), but the
	// created repository result is only stored on local cache, not published to
	// the remote store. To do that, use r.Publish() eventually.
	Initialize(rootKeyIDs []string, serverManagedRoles error

	// InitializeWithCertificate initializes the repository with root keys and their
	// corresponding certificates
	InitializeWithCertificate(rootKeyIDs []string, rootCerts []data.PublicKey, serverManagedRoles error

	// Publish pushes the local changes in signed material to the remote notary-server
	// Conceptually it performs an operation similar to a `git rebase`
	Publish() error

	// AddTarget creates new changelist entries to add a target to the given roles
	// in the repository when the changelist gets applied at publish time.
	// If roles are unspecified, the default role is "targets"
	AddTarget(target *Target, roles error

	// RemoveTarget creates new changelist entries to remove a target from the given
	// roles in the repository when the changelist gets applied at publish time.
	// If roles are unspecified, the default role is "target".
	RemoveTarget(targetName string, roles error

	// GetChangelist returns the list of the repository's unpublished changes
	GetChangelist() (changelist.Changelist, error)

	// AddDelegation creates changelist entries to add provided delegation public keys and paths.
	// This method composes AddDelegationRoleAndKeys and AddDelegationPaths (each creates one changelist if called).
	AddDelegation(name data.RoleName, delegationKeys []data.PublicKey, paths []string) error

	// AddDelegationRoleAndKeys creates a changelist entry to add provided delegation public keys.
	// This method is the simplest way to create a new delegation, because the delegation must have at least
	// one key upon creation to be valid since we will reject the changelist while validating the threshold.
	AddDelegationRoleAndKeys(name data.RoleName, delegationKeys []data.PublicKey) error

	// AddDelegationPaths creates a changelist entry to add provided paths to an existing delegation.
	// This method cannot create a new delegation itself because the role must meet the key threshold upon
	// creation.
	AddDelegationPaths(name data.RoleName, paths []string) error

	// RemoveDelegationKeysAndPaths creates changelist entries to remove provided delegation key IDs and
	// paths. This method composes RemoveDelegationPaths and RemoveDelegationKeys (each creates one
	// changelist entry if called).
	RemoveDelegationKeysAndPaths(name data.RoleName, keyIDs, paths []string) error

	// RemoveDelegationRole creates a changelist to remove all paths and keys from a role, and delete the
	// role in its entirety.
	RemoveDelegationRole(name data.RoleName) error

	// RemoveDelegationPaths creates a changelist entry to remove provided paths from an existing delegation.
	RemoveDelegationPaths(name data.RoleName, paths []string) error

	// RemoveDelegationKeys creates a changelist entry to remove provided keys from an existing delegation.
	// When this changelist is applied, if the specified keys are the only keys left in the role,
	// the role itself will be deleted in its entirety.
	// It can also delete a key from all delegations under a parent using a name
	// with a wildcard at the end.
	RemoveDelegationKeys(name data.RoleName, keyIDs []string) error

	// ClearDelegationPaths creates a changelist entry to remove all paths from an existing delegation.
	ClearDelegationPaths(name data.RoleName) error

	// Witness creates change objects to witness (i.e. re-sign) the given
	// roles on the next publish. One change is created per role
	Witness(roles ([]data.RoleName, error)

	// RotateKey removes all existing keys associated with the role. If no keys are
	// specified in keyList, then this creates and adds one new key or delegates
	// managing the key to the server. If key(s) are specified by keyList, then they are
	// used for signing the role.
	// These changes are staged in a changelist until publish is called.
	RotateKey(role data.RoleName, serverManagesKey bool, keyList []string) error

	// GetCryptoService is the getter for the repository's CryptoService, which is used
	// to sign all updates.
	GetCryptoService() signed.CryptoService

Repository represents the set of options that must be supported over a TUF repo for both reading and writing.

func NewFileCachedRepository added in v0.6.0

func NewFileCachedRepository(baseDir string, gun data.GUN, baseURL string, rt http.RoundTripper,
	retriever notary.PassRetriever, trustPinning trustpinning.TrustPinConfig) (Repository, error)

NewFileCachedRepository is a wrapper for NewRepository that initializes a file cache from the provided repository, local config information and a crypto service. It also retrieves the remote store associated to the base directory under where all the trust files will be stored (This is normally defaults to "~/.notary" or "~/.docker/trust" when enabling Docker content trust) and the specified GUN.

In case of a nil RoundTripper, a default offline store is used instead.

func NewRepository added in v0.6.0

func NewRepository(gun data.GUN, baseURL string, remoteStore store.RemoteStore, cache store.MetadataStore,
	trustPinning trustpinning.TrustPinConfig, cryptoService signed.CryptoService, cl changelist.Changelist) (Repository, error)

NewRepository is the base method that returns a new notary repository. It expects an initialized cache. In case of a nil remote store, a default offline store is used.

type RoleWithSignatures

type RoleWithSignatures struct {
	Signatures []data.Signature

RoleWithSignatures is a Role with its associated signatures

type TUFLoadOptions added in v0.7.0

type TUFLoadOptions struct {
	GUN                    data.GUN
	TrustPinning           trustpinning.TrustPinConfig
	CryptoService          signed.CryptoService
	Cache                  store.MetadataStore
	RemoteStore            store.RemoteStore
	AlwaysCheckInitialized bool

TUFLoadOptions are provided to LoadTUFRepo, which loads a TUF repo from cache, from a remote store, or both

type Target

type Target struct {
	Name   string                    // the name of the target
	Hashes data.Hashes               // the hash of the target
	Length int64                     // the size in bytes of the target
	Custom *canonicaljson.RawMessage // the custom data provided to describe the file at TARGETPATH

Target represents a simplified version of the data TUF operates on, so external applications don't have to depend on TUF data types.

func NewTarget

func NewTarget(targetName, targetPath string, targetCustom *canonicaljson.RawMessage) (*Target, error)

NewTarget is a helper method that returns a Target

type TargetSignedStruct added in v0.4.0

type TargetSignedStruct struct {
	Role       data.DelegationRole
	Target     Target
	Signatures []data.Signature

TargetSignedStruct is a struct that contains a Target, the role it was found in, and the list of signatures for that role

type TargetWithRole

type TargetWithRole struct {
	Role data.RoleName

TargetWithRole represents a Target that exists in a particular role - this is produced by ListTargets and GetTargetByName


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL