Documentation ¶
Overview ¶
Package oci holds functions and types intended to align and compose with github.com/google/go-containerregistry.
Index ¶
Constants ¶
const (
DockerMediaTypesEnv = "COSIGN_DOCKER_MEDIA_TYPES"
)
Variables ¶
This section is empty.
Functions ¶
func DockerMediaTypes ¶
func DockerMediaTypes() bool
Types ¶
type Bundle ¶
type Bundle struct { SignedEntryTimestamp []byte Payload BundlePayload }
Bundle holds metadata about recording a Signature's ephemeral key to a Rekor transparency log.
type BundlePayload ¶
type File ¶
type File interface { SignedImage // FileMediaType retrieves the media type of the File FileMediaType() (types.MediaType, error) // Payload fetches the opaque data that is being signed. // This will always return data when there is no error. Payload() ([]byte, error) }
File is a degenerate form of SignedImage that stores a single file as a v1.Layer
type Signature ¶
type Signature interface { v1.Layer // Annotations returns the annotations associated with this layer. Annotations() (map[string]string, error) // Payload fetches the opaque data that is being signed. // This will always return data when there is no error. Payload() ([]byte, error) // Base64Signature fetches the base64 encoded signature // of the payload. This will always return data when // there is no error. Base64Signature() (string, error) // Cert fetches the optional public key from the key pair that // was used to sign the payload. Cert() (*x509.Certificate, error) // Chain fetches the optional "full certificate chain" rooted // at a Fulcio CA, the leaf of which was used to sign the // payload. Chain() ([]*x509.Certificate, error) // Bundle fetches the optional metadata that records the ephemeral // Fulcio key in the transparency log. Bundle() (*Bundle, error) }
Signature holds a single image signature.
type Signatures ¶
type Signatures interface { v1.Image // The low-level representation of the signatures // Get retrieves the list of signatures stored. Get() ([]Signature, error) }
Signatures represents a set of signatures that are associated with a particular v1.Image.
type SignedEntity ¶
type SignedEntity interface { // Signatures returns the set of signatures currently associated with this // entity, or the empty equivalent if none are found. Signatures() (Signatures, error) // Attestations returns the set of attestations currently associated with this // entity, or the empty equivalent if none are found. // Attestations are just like a Signature, but they do not contain // Base64Signature because it's baked into the payload. Attestations() (Signatures, error) // Attachment returns a named entity associated with this entity, or error if not found. Attachment(name string) (File, error) }
type SignedImage ¶
type SignedImage interface { v1.Image SignedEntity }
SignedImage represents an OCI Image, complemented with accessors for retrieving signed metadata associated with that image.
type SignedImageIndex ¶
type SignedImageIndex interface { v1.ImageIndex SignedEntity // SignedImage is the same as Image, but provides accessors for the nested // image's signed metadata. SignedImage(v1.Hash) (SignedImage, error) // SignedImageIndex is the same as ImageIndex, but provides accessors for // the nested image index's signed metadata. SignedImageIndex(v1.Hash) (SignedImageIndex, error) }
SignedIndex represents an OCI ImageIndex, complemented with accessors for retrieving signed metadata associated with that ImageIndex.