signv2

package

v1.9.0-beta.7 Latest Latest Go to latest Published: Feb 14, 2025 License: Apache-2.0 Imports: 46 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cnrancher/hangar

Documentation ¶

Index ¶

Constants
Variables
func InitGlobalSignerVerifier(ctx context.Context, key string, ko *options.KeyOpts) error
type ImageResult
type OutputFormat
type Platform
type Report
- func NewReport() *Report
- func (r *Report) Append(result *Result)
- func (r *Report) WriteCSV(f io.Writer) error
type Result
- func NewResult(ref string, images []*ImageResult) *Result
- func (r *Result) Append(image *ImageResult)
- func (r *Result) Pass() bool
type Signer
- func NewSigner(o *SignerOption, image string) *Signer
- func (s *Signer) ClientOpts(ctx context.Context) []ociremote.Option
- func (s *Signer) GetRegistryClientOpts(ctx context.Context) []remote.Option
- func (s *Signer) NameOptions() []name.Option
- func (s *Signer) Sign(ctx context.Context) error
type SignerOption
type SignerVerifier
type Validator
- func NewValidator(o *ValidatorOption, image string) *Validator
- func (v *Validator) Result() *ImageResult
- func (v *Validator) Validate(ctx context.Context) error
type ValidatorOption

Constants ¶

View Source

const (
	FormatJSON string = "json"
	FormatYAML string = "yaml"
	FormatCSV  string = "csv"
)

Variables ¶

View Source

var AvailableFormats = []string{
	FormatJSON,
	FormatYAML,
	FormatCSV,
}

Functions ¶

func InitGlobalSignerVerifier ¶

func InitGlobalSignerVerifier(
	ctx context.Context,
	key string,
	ko *options.KeyOpts,
) error

Types ¶

type ImageResult ¶

type ImageResult struct {
	Digest    digest.Digest `json:"digest" yaml:"digest"`
	MediaType string        `json:"mediaType" yaml:"mediaType"`
	Platform  Platform      `json:"platform" yaml:"platform"`

	TLogVerified             bool   `json:"tlogVerified" yaml:"tlogVerified"`
	CertificateSubject       string `json:"certificateSubject,omitempty" yaml:"certificateSubject,omitempty"`
	CertificateIssuer        string `json:"certificateIssuer,omitempty" yaml:"certificateIssuer,omitempty"`
	GithubWorkflowTrigger    string `json:"githubWorkflowTrigger,omitempty" yaml:"githubWorkflowTrigger,omitempty"`
	GithubWorkflowSha        string `json:"githubWorkflowSha,omitempty" yaml:"githubWorkflowSha,omitempty"`
	GithubWorkflowName       string `json:"githubWorkflowName,omitempty" yaml:"githubWorkflowName,omitempty"`
	GithubWorkflowRepository string `json:"githubWorkflowRepository,omitempty" yaml:"githubWorkflowRepository,omitempty"`
	GithubWorkflowRef        string `json:"githubWorkflowRef,omitempty" yaml:"githubWorkflowRef,omitempty"`
	Payload                  string `json:"payload" yaml:"payload"`
}

type OutputFormat ¶

type OutputFormat string

type Platform ¶

type Platform struct {
	Arch       string   `json:"arch,omitempty" yaml:"arch,omitempty"`
	OS         string   `json:"os,omitempty" yaml:"os,omitempty"`
	OSVersion  string   `json:"osVersion,omitempty" yaml:"osVersion,omitempty"`
	OSFeatures []string `json:"osFeatures,omitempty" yaml:"osFeatures,omitempty"`
	Variant    string   `json:"variant,omitempty" yaml:"variant,omitempty"`
}

type Report ¶

type Report struct {
	Time    time.Time `json:"time,omitempty" yaml:"time,omitempty"`
	Results []*Result `json:"results,omitempty" yaml:"result,omitempty"`
}

func NewReport ¶

func NewReport() *Report

func (*Report) Append ¶

func (r *Report) Append(result *Result)

func (*Report) WriteCSV ¶

func (r *Report) WriteCSV(f io.Writer) error

type Result ¶

type Result struct {
	Reference string         `json:"reference,omitempty" yaml:"reference,omitempty"`
	Images    []*ImageResult `json:"images,omitempty" yaml:"images,omitempty"`
}

func NewResult ¶

func NewResult(ref string, images []*ImageResult) *Result

func (*Result) Append ¶

func (r *Result) Append(image *ImageResult)

func (*Result) Pass ¶

func (r *Result) Pass() bool

Pass detects if the image signature verifation passed

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

func NewSigner ¶

func NewSigner(o *SignerOption, image string) *Signer

func (*Signer) ClientOpts ¶

func (s *Signer) ClientOpts(ctx context.Context) []ociremote.Option

func (*Signer) GetRegistryClientOpts ¶

func (s *Signer) GetRegistryClientOpts(ctx context.Context) []remote.Option

func (*Signer) NameOptions ¶

func (s *Signer) NameOptions() []name.Option

func (*Signer) Sign ¶

func (s *Signer) Sign(ctx context.Context) error

Sign method is based on the `SignCmd` method of the cosign cli. Reference: https://github.com/sigstore/cosign/blob/v2.4.2/cmd/cosign/cli/sign/sign.go#L133

type SignerOption ¶

type SignerOption struct {
	Key                     string
	Recursive               bool
	TlogUpload              bool
	RecordCreationTimestamp bool
	RekorURL                string
	FulcioURL               string
	OIDCIssuer              string
	OIDCClientID            string
	OIDCProvider            string

	InsecureSkipTLSVerify bool
	SkipConfotmation      bool
	AuthConfig            authn.AuthConfig
}

type SignerVerifier ¶

type SignerVerifier struct {
	Cert  []byte
	Chain []byte
	signature.SignerVerifier
	// contains filtered or unexported fields
}

type Validator ¶

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator ¶

func NewValidator(o *ValidatorOption, image string) *Validator

func (*Validator) Result ¶

func (v *Validator) Result() *ImageResult

func (*Validator) Validate ¶

func (v *Validator) Validate(ctx context.Context) error

type ValidatorOption ¶

type ValidatorOption struct {
	Digest    digest.Digest
	Platform  Platform
	MediaType string

	verify.VerifyCommand
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
cosign
fulcio
payload
rekor

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL