tuf

package

v1.3.4 Latest Latest Go to latest Published: Dec 27, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/venafi-iw/cosign

Documentation ¶

Index ¶

Constants
Variables
func CosignCachedRoot() string
func CosignCachedTargets() string
func DefaultExpires(role string) time.Time
func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, ...) (client.RemoteStore, error)
func GetEmbeddedRoot() ([]byte, error)
func GetTarget(ctx context.Context, name string, out client.Destination) error
func Init(ctx context.Context, altRootBytes []byte, remote client.RemoteStore) error
func RootClient(ctx context.Context, remote client.RemoteStore, altRoot []byte) (*client.Client, error)
type ByteDestination
- func (b *ByteDestination) Delete() error
type FulcioKeyVal
- func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)
type GcsRemoteOptions
type Key
- func FulcioVerificationKey(email string, issuer string) *Key
- func (k *Key) ContainsID(id string) bool
- func (k *Key) ID() string
type Role
- func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool
type Root
- func NewRoot() *Root
- func (r *Root) AddKey(key *Key) bool
- func (r *Root) Marshal() (*Signed, error)
- func (r *Root) ValidKey(key *Key, role string) (string, error)
type Signature
type Signed
- func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error
- func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

Constants ¶

View Source

const (
	TufRootEnv        = "TUF_ROOT"
	SigstoreNoCache   = "SIGSTORE_NO_CACHE"
	DefaultRemoteRoot = "sigstore-tuf-root"
)

TODO(asraa): Configure an environment variable so users can set their own remote outside of an explicit `cosign init` (e.g. when no cache is enabled).

View Source

const (
	KeyTypeFulcio   = "sigstore-oidc"
	KeySchemeFulcio = "https://fulcio.sigstore.dev"
)

Variables ¶

View Source

var (
	KeyAlgorithms = []string{"sha256", "sha512"}
)

Functions ¶

func CosignCachedRoot ¶

func CosignCachedRoot() string

func CosignCachedTargets ¶

func CosignCachedTargets() string

func DefaultExpires ¶

func DefaultExpires(role string) time.Time

func GcsRemoteStore ¶

func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, client *storage.Client) (client.RemoteStore, error)

A remote store for TUF metadata on GCS.

func GetEmbeddedRoot ¶

func GetEmbeddedRoot() ([]byte, error)

func GetTarget ¶

func GetTarget(ctx context.Context, name string, out client.Destination) error

func Init ¶

func Init(ctx context.Context, altRootBytes []byte, remote client.RemoteStore) error

Instantiates the global TUF client. Uses the embedded (by default trusted) root in cosign unless a custom root is provided. This will always perform a remote call to update.

func RootClient ¶

func RootClient(ctx context.Context, remote client.RemoteStore, altRoot []byte) (*client.Client, error)

Gets the global TUF client if the directory exists. This will not make a remote call unless fetch is true.

Types ¶

type ByteDestination ¶

type ByteDestination struct {
	*bytes.Buffer
}

func (*ByteDestination) Delete ¶

func (b *ByteDestination) Delete() error

type FulcioKeyVal ¶

type FulcioKeyVal struct {
	Identity string `json:"identity"`
	Issuer   string `json:"issuer,omitempty"`
}

func GetFulcioKeyVal ¶

func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)

type GcsRemoteOptions ¶

type GcsRemoteOptions struct {
	MetadataPath string
	TargetsPath  string
}

type Key ¶

type Key struct {
	Type       string          `json:"keytype"`
	Scheme     string          `json:"scheme"`
	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
	Value      json.RawMessage `json:"keyval"`
	// contains filtered or unexported fields
}

func FulcioVerificationKey ¶

func FulcioVerificationKey(email string, issuer string) *Key

func (*Key) ContainsID ¶

func (k *Key) ContainsID(id string) bool

func (*Key) ID ¶

func (k *Key) ID() string

type Role ¶

type Role struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

func (*Role) AddKeysWithThreshold ¶

func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool

type Root ¶

type Root struct {
	Type        string           `json:"_type"`
	SpecVersion string           `json:"spec_version"`
	Version     int              `json:"version"`
	Expires     time.Time        `json:"expires"`
	Keys        map[string]*Key  `json:"keys"`
	Roles       map[string]*Role `json:"roles"`
	Namespace   string           `json:"namespace"`

	ConsistentSnapshot bool `json:"consistent_snapshot"`
}

func NewRoot ¶

func NewRoot() *Root

func (*Root) AddKey ¶

func (r *Root) AddKey(key *Key) bool

func (*Root) Marshal ¶

func (r *Root) Marshal() (*Signed, error)

func (*Root) ValidKey ¶

func (r *Root) ValidKey(key *Key, role string) (string, error)

type Signature ¶

type Signature struct {
	KeyID     string `json:"keyid"`
	Signature string `json:"sig"`
	Cert      string `json:"cert,omitempty"`
}

type Signed ¶

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

func (*Signed) AddOrUpdateSignature ¶

func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error

func (*Signed) JSONMarshal ¶

func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL