Affected by GO-2022-0416 and 5 other vulnerabilities

GO-2022-0416: Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman

GO-2022-1151: Buildah (as part of Podman) vulnerable to Link Following in github.com/containers/podman

GO-2023-1942: Podman Symlink Vulnerability in github.com/containers/libpod

GO-2023-1962: Podman Elevated Container Privileges in github.com/containers/podman

GO-2024-3042: Podman vulnerable to memory-based denial of service in github.com/containers/podman

GO-2024-3169: Improper Input Validation in Buildah and Podman in github.com/containers/buildah

The highest tagged major version is v5.

trust

package

v4.0.2 Latest Latest Go to latest Published: Mar 2, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containers/podman

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateTmpFile(dir, pattern string, content []byte) (string, error)
func DefaultPolicyPath(sys *types.SystemContext) string
func GetGPGIdFromKeyData(key string) []string
func GetGPGIdFromKeyPath(path string) []string
func RegistriesDirPath(sys *types.SystemContext) string
type Policy
type PolicyContent
- func GetPolicy(policyPath string) (PolicyContent, error)
type RegistryConfiguration
- func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error)
type RegistryNamespace
- func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *RegistryNamespace
type RepoContent
type RepoMap
type ShowOutput
type TransportsContent

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateTmpFile ¶

func CreateTmpFile(dir, pattern string, content []byte) (string, error)

CreateTmpFile creates a temp file under dir and writes the content into it

func DefaultPolicyPath ¶

func DefaultPolicyPath(sys *types.SystemContext) string

DefaultPolicyPath returns a path to the default policy of the system.

func GetGPGIdFromKeyData ¶

func GetGPGIdFromKeyData(key string) []string

GetGPGIdFromKeyData return user keyring from keydata

func GetGPGIdFromKeyPath ¶

func GetGPGIdFromKeyPath(path string) []string

GetGPGIdFromKeyPath return user keyring from key path

func RegistriesDirPath ¶

func RegistriesDirPath(sys *types.SystemContext) string

RegistriesDirPath returns a path to registries.d

Types ¶

type Policy ¶

type Policy struct {
	Name           string   `json:"name"`
	RepoName       string   `json:"repo_name,omitempty"`
	Keys           []string `json:"keys,omitempty"`
	SignatureStore string   `json:"sigstore"`
	Transport      string   `json:"transport"`
	Type           string   `json:"type"`
	GPGId          string   `json:"gpg_id,omitempty"`
}

Policy describes a basic trust policy configuration

type PolicyContent ¶

type PolicyContent struct {
	Default    []RepoContent     `json:"default"`
	Transports TransportsContent `json:"transports"`
}

PolicyContent struct for policy.json file

func GetPolicy ¶

func GetPolicy(policyPath string) (PolicyContent, error)

GetPolicy parse policy.json into PolicyContent struct

type RegistryConfiguration ¶

type RegistryConfiguration struct {
	DefaultDocker *RegistryNamespace `json:"default-docker"`
	// The key is a namespace, using fully-expanded Docker reference format or parent namespaces (per dockerReference.PolicyConfiguration*),
	Docker map[string]RegistryNamespace `json:"docker"`
}

RegistryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all. NOTE: Keep this in sync with docs/registries.d.md!

func LoadAndMergeConfig ¶

func LoadAndMergeConfig(dirPath string) (*RegistryConfiguration, error)

LoadAndMergeConfig loads configuration files in dirPath

type RegistryNamespace ¶

type RegistryNamespace struct {
	SigStore        string `json:"sigstore"`         // For reading, and if SigStoreStaging is not present, for writing.
	SigStoreStaging string `json:"sigstore-staging"` // For writing only.
}

RegistryNamespace defines lookaside locations for a single namespace.

func HaveMatchRegistry ¶

func HaveMatchRegistry(key string, registryConfigs *RegistryConfiguration) *RegistryNamespace

HaveMatchRegistry checks if trust settings for the registry have been configured in yaml file

type RepoContent ¶

type RepoContent struct {
	Type           string          `json:"type"`
	KeyType        string          `json:"keyType,omitempty"`
	KeyPath        string          `json:"keyPath,omitempty"`
	KeyData        string          `json:"keyData,omitempty"`
	SignedIdentity json.RawMessage `json:"signedIdentity,omitempty"`
}

RepoContent struct used under each repo

type RepoMap ¶

type RepoMap map[string][]RepoContent

RepoMap map repo name to policycontent for each repo

type ShowOutput ¶

type ShowOutput struct {
	Repo      string
	Trusttype string
	GPGid     string
	Sigstore  string
}

ShowOutput keep the fields for image trust show command

type TransportsContent ¶

type TransportsContent map[string]RepoMap

TransportsContent struct for content under "transports"

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL