signers

package
v7.5.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2023 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplyBinPatch

func ApplyBinPatch(src *os.File, dest string, result io.Reader) error

func MergeFlags

func MergeFlags(cmd *cobra.Command)

Add this module's flags to a command FlagSet

func Register

func Register(s *Signer)

Types

type CertType

type CertType uint
const (
	CertTypeX509 CertType = 1 << iota
	CertTypePgp
)

type FlagValues

type FlagValues struct {
	Defs   *pflag.FlagSet
	Values map[string]string
}

func (*FlagValues) GetBool

func (values *FlagValues) GetBool(name string) bool

GetBool returns the flag's value as a bool

func (*FlagValues) GetString

func (values *FlagValues) GetString(name string) string

GetString returns the flag's value as a string

func (*FlagValues) ToQuery

func (values *FlagValues) ToQuery(q url.Values) error

ToQuery appends query parameters to a URL for each option in the flag set

type SignOpts

type SignOpts struct {
	Path  string
	Hash  crypto.Hash
	Time  time.Time
	Flags *FlagValues
	Audit *audit.Info
	// contains filtered or unexported fields
}

func (SignOpts) Context

func (o SignOpts) Context() context.Context

Context returns the context attached to the signature operation.

The returned context is always non-nil; it defaults to the background context.

func (SignOpts) SetBinPatch

func (o SignOpts) SetBinPatch(p *binpatch.PatchSet) ([]byte, error)

Convenience method to return a binary patch

func (SignOpts) SetPkcs7

func (o SignOpts) SetPkcs7(ts *pkcs9.TimestampedSignature) ([]byte, error)

Convenience method to return a PKCS#7 blob

func (SignOpts) WithContext

func (o SignOpts) WithContext(ctx context.Context) SignOpts

WithContext attaches a context to the signature operation, and can be used to cancel long-running operations.

type Signature

type Signature struct {
	Package       string
	SigInfo       string
	CreationTime  time.Time
	Hash          crypto.Hash
	Signer        string
	SignerPgp     *openpgp.Entity
	X509Signature *pkcs9.TimestampedSignature
}

func (*Signature) SignerName

func (s *Signature) SignerName() string

type Signer

type Signer struct {
	Name       string
	Aliases    []string
	Magic      magic.FileType
	CertTypes  CertType
	AllowStdin bool
	// Return true if the given filename is associated with this signer
	TestPath func(string) bool
	// Format audit attributes for logfile
	FormatLog func(*audit.Info) *zerolog.Event
	// Verify a file, returning the set of signatures found. Performs integrity
	// checks but does not build X509 chains.
	Verify func(*os.File, VerifyOpts) ([]*Signature, error)
	// VerifyStream is like Verify but doesn't need to seek.
	VerifyStream func(io.Reader, VerifyOpts) ([]*Signature, error)
	// Transform a file into a stream to upload
	Transform func(*os.File, SignOpts) (Transformer, error)
	// Sign a input stream (possibly transformed) and return a mode-specific result blob
	Sign func(io.Reader, *certloader.Certificate, SignOpts) ([]byte, error)
	// Final step to run on the client after the file is patched
	Fixup func(*os.File) error
	// contains filtered or unexported fields
}

func ByFile

func ByFile(name, sigtype string) (*Signer, error)

Return the named signer module if given, otherwise identify the file at the given path by contents or extension

func ByFileName

func ByFileName(name string) *Signer

Return the signer associated with the given filename extension

func ByMagic

func ByMagic(m magic.FileType) *Signer

Return the signer module responsible for the given file magic

func ByName

func ByName(name string) *Signer

Return the signer module with the given name or alias

func (*Signer) Flags

func (s *Signer) Flags() *pflag.FlagSet

Create a FlagSet for flags associated with this module. These will be added to "sign" and "remote sign", and transferred to a remote server via the URL query parameters.

func (*Signer) FlagsFromCmdline

func (s *Signer) FlagsFromCmdline(fs *pflag.FlagSet) (*FlagValues, error)

FlagsFromCmdline creates a FlagValues from the (merged) command-line options of a command

func (*Signer) FlagsFromQuery

func (s *Signer) FlagsFromQuery(q url.Values) (*FlagValues, error)

FlagsFromQuery creates a FlagValues from URL query parameters

func (*Signer) GetTransform

func (s *Signer) GetTransform(f *os.File, opts SignOpts) (Transformer, error)

Return the transform for the given module if it has one, otherwise return the default transform.

func (*Signer) IsSigned

func (s *Signer) IsSigned(f *os.File) (bool, error)

IsSigned checks if a file contains a signature

type Transformer

type Transformer interface {
	// Return a stream that will be uploaded to a remote server. This may be
	// called multiple times in case of failover.
	GetReader() (stream io.Reader, err error)
	// Apply a HTTP response to the named destination file
	Apply(dest, mimetype string, result io.Reader) error
}

func DefaultTransform

func DefaultTransform(f *os.File) Transformer

type VerifyOpts

type VerifyOpts struct {
	FileName    string
	TrustedX509 []*x509.Certificate
	TrustedPgp  openpgp.EntityList
	TrustedPool *x509.CertPool
	NoDigests   bool
	NoChain     bool
	Content     string
	Compression magic.CompressionType
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL