container

package
v0.0.66 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package container provides the tools to verify a container artifact using sigstore

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrProvenanceNotFoundOrIncomplete is returned when there's no provenance info (missing .sig or attestation) or
	// has incomplete data
	ErrProvenanceNotFoundOrIncomplete = errors.New("provenance not found or incomplete")

	// MaxAttestationsBytesLimit is the maximum number of bytes we're willing to read from the attestation endpoint
	// We'll limit this to 10mb for now
	MaxAttestationsBytesLimit int64 = 10 * 1024 * 1024
)

Functions

func BuildImageRef

func BuildImageRef(registry, owner, artifact, checksum string) string

BuildImageRef returns the OCI image reference

func Verify

func Verify(
	ctx context.Context,
	sev *verify.SignedEntityVerifier,
	owner, artifact, checksumref string,
	authOpts ...AuthMethod,
) ([]verifyif.Result, error)

Verify verifies a container artifact using sigstore isSigned is true only if we were able to find a signature/attestation and it had everything needed to construct the sigstore bundle. isVerified is true only if we were able to verify the constructed bundle against the configured sigstore instance.

Types

type Attestation

type Attestation struct {
	Bundle json.RawMessage `json:"bundle"`
}

Attestation is the attestation from the GitHub attestation endpoint

type AttestationReply

type AttestationReply struct {
	Attestations []Attestation `json:"attestations"`
}

AttestationReply is the reply from the GitHub attestation endpoint

type AuthMethod

type AuthMethod func(auth *containerAuth)

AuthMethod is an option for containerAuth

func WithAuthenticator

func WithAuthenticator(auth authn.Authenticator) AuthMethod

WithAuthenticator sets the authenticator as an authentication option we want to use during verification

func WithGitHubClient

func WithGitHubClient(ghClient provifv1.GitHub) AuthMethod

WithGitHubClient sets the GitHub client as an authentication option we want to use during verification

func WithRegistry

func WithRegistry(registry string) AuthMethod

WithRegistry sets the registry as an authentication option we want to use during verification

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL