Documentation ¶
Index ¶
Constants ¶
const ( // MaxDownloadSize is the maximum size we'll download for metadata if no limit is given MaxDownloadSize int64 = 100 << 20 // MaxTimestampSize is the maximum size of timestamp metadata - 1MiB. MaxTimestampSize int64 = 1 << 20 // MinRSABitSize is the minimum bit size for RSA keys allowed in notary MinRSABitSize = 2048 // MinThreshold requires a minimum of one threshold for roles; currently we do not support a higher threshold MinThreshold = 1 // SHA256HexSize is how big a SHA256 hex is in number of characters SHA256HexSize = 64 // SHA512HexSize is how big a SHA512 hex is in number of characters SHA512HexSize = 128 // SHA256 is the name of SHA256 hash algorithm SHA256 = "sha256" // SHA512 is the name of SHA512 hash algorithm SHA512 = "sha512" // TrustedCertsDir is the directory, under the notary repo base directory, where trusted certs are stored TrustedCertsDir = "trusted_certificates" // PrivDir is the directory, under the notary repo base directory, where private keys are stored PrivDir = "private" // RootKeysSubdir is the subdirectory under PrivDir where root private keys are stored // DEPRECATED: The only reason we need this constant is compatibility with older versions RootKeysSubdir = "root_keys" // NonRootKeysSubdir is the subdirectory under PrivDir where non-root private keys are stored // DEPRECATED: The only reason we need this constant is compatibility with older versions NonRootKeysSubdir = "tuf_keys" // KeyExtension is the file extension to use for private key files KeyExtension = "key" // Day is a duration of one day Day = 24 * time.Hour Year = 365 * Day // NotaryRootExpiry is the duration representing the expiry time of the Root role NotaryRootExpiry = 10 * Year NotaryTargetsExpiry = 3 * Year NotarySnapshotExpiry = 3 * Year NotaryTimestampExpiry = 14 * Day ConsistentMetadataCacheMaxAge = 30 * Day CurrentMetadataCacheMaxAge = 5 * time.Minute // CacheMaxAgeLimit is the generally recommended maximum age for Cache-Control headers // (one year, in seconds, since one year is forever in terms of internet // content) CacheMaxAgeLimit = 1 * Year MySQLBackend = "mysql" MemoryBackend = "memory" PostgresBackend = "postgres" SQLiteBackend = "sqlite3" RethinkDBBackend = "rethinkdb" FileBackend = "file" DefaultImportRole = "delegation" // HealthCheckKeyManagement and HealthCheckSigner are the grpc service name // for "KeyManagement" and "Signer" respectively which used for health check. // The "Overall" indicates the querying for overall status of the server. HealthCheckKeyManagement = "grpc.health.v1.Health.KeyManagement" HealthCheckSigner = "grpc.health.v1.Health.Signer" HealthCheckOverall = "grpc.health.v1.Health.Overall" // PrivExecPerms indicates the file permissions for directory // and PrivNoExecPerms for file. PrivExecPerms = 0700 PrivNoExecPerms = 0600 // DefaultPageSize is the default number of records to return from the changefeed DefaultPageSize = 100 )
application wide constants
const FIPSEnvVar = "GOFIPS"
FIPSEnvVar is the name of the environment variable that is being used to switch between FIPS and non-FIPS mode
Variables ¶
var NotarySupportedBackends = []string{ MemoryBackend, MySQLBackend, SQLiteBackend, RethinkDBBackend, PostgresBackend, }
NotarySupportedBackends contains the backends we would like to support at present
NotarySupportedSignals contains the signals we would like to capture: - SIGUSR1, indicates a increment of the log level. - SIGUSR2, indicates a decrement of the log level.
Functions ¶
func FIPSEnabled ¶ added in v0.5.1
func FIPSEnabled() bool
FIPSEnabled returns true if environment variable `GOFIPS` has been set to enable FIPS mode
Types ¶
type CtxKey ¶ added in v0.4.3
type CtxKey int
CtxKey is a wrapper type for use in context.WithValue() to satisfy golint https://github.com/golang/go/issues/17293 https://github.com/golang/lint/pull/245
type PassRetriever ¶ added in v0.4.0
type PassRetriever func(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error)
PassRetriever is a callback function that should retrieve a passphrase for a given named key. If it should be treated as new passphrase (e.g. with confirmation), createNew will be true. Attempts is passed in so that implementers decide how many chances to give to a human, for example.
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
Package passphrase is a utility function for managing passphrase for TUF and Notary keys.
|
Package passphrase is a utility function for managing passphrase for TUF and Notary keys. |
Package proto is a generated protocol buffer package.
|
Package proto is a generated protocol buffer package. |
remoteks
Package remoteks is a generated protocol buffer package.
|
Package remoteks is a generated protocol buffer package. |
Package tuf defines the core TUF logic around manipulating a repo.
|
Package tuf defines the core TUF logic around manipulating a repo. |
utils
Package utils contains tuf related utility functions however this file is hard forked from https://github.com/youmark/pkcs8 package.
|
Package utils contains tuf related utility functions however this file is hard forked from https://github.com/youmark/pkcs8 package. |