README
¶
This is still a work in progress but will shortly be a fully compliant Go implementation of The Update Framework (TUF).
This implementation was originally forked from flynn/go-tuf, however in attempting to add delegations I found I was making such significant changes that I could not maintain backwards compatibility without the code becoming overly convoluted.
This implementation retains the same 3 Clause BSD license present on the original flynn implementation.
TODOs:
- Add Targets to existing repo
- Sign metadata files
- Refactor TufRepo to take care of signing
and verification - Ensure consistent capitalization in naming (TUF___ vs Tuf___)
- Make caching of metadata files smarter
-
Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaultsNotary should be the official CLI - Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files
- Comprehensive test cases
- Delete files no longer in use
- Fix up errors. Some have to be instantiated, others don't, the inconsistency is annoying.
- Bump version numbers in meta files (could probably be done better)
Documentation
¶
Overview ¶
tuf defines the core TUF logic around manipulating a repo.
Index ¶
- type ErrLocalRootExpired
- type ErrMetaExpired
- type ErrNotLoaded
- type ErrSigVerifyFail
- type TufRepo
- func (tr *TufRepo) AddBaseKeys(role string, keys ...data.Key) error
- func (tr *TufRepo) AddTargets(role string, targets data.Files) (data.Files, error)
- func (tr TufRepo) FindTarget(path string) *data.FileMeta
- func (tr *TufRepo) InitRepo(consistent bool) error
- func (tr *TufRepo) RemoveBaseKeys(role string, keyIDs ...string) error
- func (tr *TufRepo) RemoveTargets(role string, targets ...string) error
- func (tr *TufRepo) SetRoot(s *data.Signed) error
- func (tr *TufRepo) SetSnapshot(s *data.Signed) error
- func (tr *TufRepo) SetTargets(role string, s *data.Signed) error
- func (tr *TufRepo) SetTimestamp(s *data.Signed) error
- func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error)
- func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error)
- func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error)
- func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error)
- func (tr TufRepo) TargetDelegations(role, path, pathHex string) []*data.Role
- func (tr TufRepo) TargetMeta(role, path string) *data.FileMeta
- func (tr *TufRepo) UpdateDelegations(role *data.Role, keys []data.Key, before string) error
- func (tr *TufRepo) UpdateSnapshot(role string, s *data.Signed) error
- func (tr *TufRepo) UpdateTimestamp(s *data.Signed) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrLocalRootExpired ¶
type ErrLocalRootExpired struct{}
func (ErrLocalRootExpired) Error ¶
func (e ErrLocalRootExpired) Error() string
type ErrMetaExpired ¶
type ErrMetaExpired struct{}
func (ErrMetaExpired) Error ¶
func (e ErrMetaExpired) Error() string
type ErrNotLoaded ¶
type ErrNotLoaded struct {
// contains filtered or unexported fields
}
func (*ErrNotLoaded) Error ¶
func (err *ErrNotLoaded) Error() string
type ErrSigVerifyFail ¶
type ErrSigVerifyFail struct{}
func (ErrSigVerifyFail) Error ¶
func (e ErrSigVerifyFail) Error() string
type TufRepo ¶
type TufRepo struct {
Root *data.SignedRoot
Targets map[string]*data.SignedTargets
Snapshot *data.SignedSnapshot
Timestamp *data.SignedTimestamp
// contains filtered or unexported fields
}
TufRepo is an in memory representation of the TUF Repo. It operates at the data.Signed level, accepting and producing data.Signed objects. Users of a TufRepo are responsible for fetching raw JSON and using the Set* functions to populate the TufRepo instance.
func NewTufRepo ¶
NewTufRepo initializes a TufRepo instance with a keysDB and a signer. If the TufRepo will only be used for reading, the signer should be nil.
func (*TufRepo) AddBaseKeys ¶
AddBaseKeys is used to add keys to the role in root.json
func (*TufRepo) AddTargets ¶
AddTargets will attempt to add the given targets specifically to the directed role. If the user does not have the signing keys for the role the function will return an error and the full slice of targets.
func (TufRepo) FindTarget ¶
FindTarget attempts to find the target represented by the given path by starting at the top targets file and traversing appropriate delegations until the first entry is found or it runs out of locations to search. N.B. Multiple entries may exist in different delegated roles
for the same target. Only the first one encountered is returned.
func (*TufRepo) InitRepo ¶
InitRepo creates the base files for a repo. It inspects data.ValidRoles and data.ValidTypes to determine what the role names and filename should be. It also relies on the keysDB having already been populated with the keys and roles.
func (*TufRepo) RemoveBaseKeys ¶
RemoveKeys is used to remove keys from the roles in root.json
func (*TufRepo) RemoveTargets ¶
func (*TufRepo) SetRoot ¶
SetRoot parses the Signed object into a SignedRoot object, sets the keys and roles in the KeyDB, and sets the TufRepo.Root field to the SignedRoot object.
func (*TufRepo) SetSnapshot ¶
SetSnapshot parses the Signed object into a SignedSnapshots object and sets the TufRepo.Snapshot field.
func (*TufRepo) SetTargets ¶
SetTargets parses the Signed object into a SignedTargets object, reads the delegated roles and keys into the KeyDB, and sets the SignedTargets object agaist the role in the TufRepo.Targets map.
func (*TufRepo) SetTimestamp ¶
SetTimestamp parses the Signed object into a SignedTimestamp object and sets the TufRepo.Timestamp field.
func (*TufRepo) SignSnapshot ¶
func (*TufRepo) SignTargets ¶
func (*TufRepo) SignTimestamp ¶
func (TufRepo) TargetDelegations ¶
TargetDelegations returns a slice of Roles that are valid publishers for the target path provided.
func (TufRepo) TargetMeta ¶
TargetMeta returns the FileMeta entry for the given path in the targets file associated with the given role. This may be nil if the target isn't found in the targets file.
func (*TufRepo) UpdateDelegations ¶
UpdateDelegations updates the appropriate delegations, either adding a new delegation or updating an existing one. If keys are provided, the IDs will be added to the role (if they do not exist there already), and the keys will be added to the targets file. The "before" argument specifies another role which this new role will be added in front of (i.e. higher priority) in the delegation list. An empty before string indicates to add the role to the end of the delegation list. A new, empty, targets file will be created for the new role.
func (*TufRepo) UpdateSnapshot ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/code.google.com/p/gosqlite/sqlite3
Package sqlite3 provides access to the SQLite library, version 3.
|
Package sqlite3 provides access to the SQLite library, version 3. |
|
_workspace/src/github.com/agl/ed25519
Package ed25519 implements the Ed25519 signature algorithm.
|
Package ed25519 implements the Ed25519 signature algorithm. |
|
_workspace/src/github.com/agl/ed25519/edwards25519
Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519.
|
Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519. |
|
_workspace/src/github.com/codegangsta/cli
Package cli provides a minimal framework for creating and organizing command line Go applications.
|
Package cli provides a minimal framework for creating and organizing command line Go applications. |
|
_workspace/src/github.com/dustin/go-humanize
Package humanize converts boring ugly numbers to human-friendly strings and back.
|
Package humanize converts boring ugly numbers to human-friendly strings and back. |
|
_workspace/src/github.com/flynn/go-docopt
Package docopt parses command-line arguments based on a help message.
|
Package docopt parses command-line arguments based on a help message. |
|
_workspace/src/github.com/miekg/pkcs11
Package pkcs11 is a wrapper around the PKCS#11 cryptographic library.
|
Package pkcs11 is a wrapper around the PKCS#11 cryptographic library. |
|
_workspace/src/golang.org/x/crypto/nacl/secretbox
Package secretbox encrypts and authenticates small messages.
|
Package secretbox encrypts and authenticates small messages. |
|
_workspace/src/golang.org/x/crypto/pbkdf2
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0.
|
Package pbkdf2 implements the key derivation function PBKDF2 as defined in RFC 2898 / PKCS #5 v2.0. |
|
_workspace/src/golang.org/x/crypto/poly1305
Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf.
|
Package poly1305 implements Poly1305 one-time message authentication code as specified in http://cr.yp.to/mac/poly1305-20050329.pdf. |
|
_workspace/src/golang.org/x/crypto/salsa20/salsa
Package salsa provides low-level access to functions in the Salsa family.
|
Package salsa provides low-level access to functions in the Salsa family. |
|
_workspace/src/golang.org/x/crypto/scrypt
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf).
|
Package scrypt implements the scrypt key derivation function as defined in Colin Percival's paper "Stronger Key Derivation via Sequential Memory-Hard Functions" (http://www.tarsnap.com/scrypt/scrypt.pdf). |
|
_workspace/src/gopkg.in/check.v1
Package check is a rich testing extension for Go's testing package.
|
Package check is a rich testing extension for Go's testing package. |
|
cmd
|
|
|
Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.
|
Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase. |