tuf

package
v0.0.0-...-e9cdb6e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultRemoteRoot is the default remote TUF root location.
	DefaultRemoteRoot = "https://tuf-repo-cdn.sigstore.dev"

	// TufRootEnv is the name of the environment variable that locates an alternate local TUF root location.
	TufRootEnv = "TUF_ROOT"

	// SigstoreNoCache is the name of the environment variable that, if set, configures this code to only store root data in memory.
	SigstoreNoCache = "SIGSTORE_NO_CACHE"
)

Variables

This section is empty.

Functions

func Initialize

func Initialize(_ context.Context, mirror string, root []byte) error

func NewSigstoreTufRepo

func NewSigstoreTufRepo(t *testing.T, root TestSigstoreRoot) (tuf.LocalStore, *tuf.Repo)

This creates a new sigstore TUF repo whose signers can be used to create dynamic signed Rekor entries.

Types

type MetadataStatus

type MetadataStatus struct {
	Version    int    `json:"version"`
	Size       int    `json:"len"`
	Expiration string `json:"expiration"`
	Error      string `json:"error"`
}

type RootStatus

type RootStatus struct {
	Local    string                    `json:"local"`
	Remote   string                    `json:"remote"`
	Metadata map[string]MetadataStatus `json:"metadata"`
	Targets  []string                  `json:"targets"`
}

JSON output representing the configured root status

func GetRootStatus

func GetRootStatus(ctx context.Context) (*RootStatus, error)

GetRootStatus gets the current root status for info logging

type StatusKind

type StatusKind int
const (
	UnknownStatus StatusKind = iota
	Active
	Expired
)

func (StatusKind) MarshalText

func (s StatusKind) MarshalText() ([]byte, error)

func (StatusKind) String

func (s StatusKind) String() string

func (*StatusKind) UnmarshalText

func (s *StatusKind) UnmarshalText(text []byte) error

type TUF

type TUF struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewFromEnv

func NewFromEnv(_ context.Context) (*TUF, error)

TODO: Remove ctx arg.

func (*TUF) GetTarget

func (t *TUF) GetTarget(name string) ([]byte, error)

func (*TUF) GetTargetsByMeta

func (t *TUF) GetTargetsByMeta(usage UsageKind, fallbacks []string) ([]TargetFile, error)

Get target files by a custom usage metadata tag. If there are no files found, use the fallback target names to fetch the targets by name.

func (*TUF) Mirror

func (t *TUF) Mirror() string

Mirror returns the mirror configured; note if the object was configured with a legacy reference to the GCS HTTP endpoint for sigstore's public good trust root, this will return DefaultRemoteRoot which is a CDN fronting that DefaultRemoteGCSBucket

type TargetFile

type TargetFile struct {
	Target []byte
	Status StatusKind
}

type TestSigstoreRoot

type TestSigstoreRoot struct {
	Rekor             signature.Verifier
	FulcioCertificate *x509.Certificate
}

type UsageKind

type UsageKind int
const (
	UnknownUsage UsageKind = iota
	Fulcio
	Rekor
	CTFE
	TSA
)

func (UsageKind) MarshalText

func (u UsageKind) MarshalText() ([]byte, error)

func (UsageKind) String

func (u UsageKind) String() string

func (*UsageKind) UnmarshalText

func (u *UsageKind) UnmarshalText(text []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL