Affected by 
Documentation
¶
Overview ¶
Package oci holds functions and types intended to align and compose with github.com/google/go-containerregistry.
Index ¶
Constants ¶
View Source
const ( // Deprecated: use `pkg/cosign/env/VariableDockerMediaTypes` instead. DockerMediaTypesEnv = env.VariableDockerMediaTypes )
Variables ¶
This section is empty.
Functions ¶
func DockerMediaTypes ¶
func DockerMediaTypes() bool
Types ¶
type File ¶
type File interface {
SignedImage
// FileMediaType retrieves the media type of the File
FileMediaType() (types.MediaType, error)
// Payload fetches the opaque data that is being signed.
// This will always return data when there is no error.
Payload() ([]byte, error)
}
File is a degenerate form of SignedImage that stores a single file as a v1.Layer
type Signature ¶
type Signature interface {
v1.Layer
// Annotations returns the annotations associated with this layer.
Annotations() (map[string]string, error)
// Payload fetches the opaque data that is being signed.
// This will always return data when there is no error.
Payload() ([]byte, error)
// Signature fetches the raw signature
// of the payload. This will always return data when
// there is no error.
Signature() ([]byte, error)
// Base64Signature fetches the base64 encoded signature
// of the payload. This will always return data when
// there is no error.
Base64Signature() (string, error)
// Cert fetches the optional public key from the key pair that
// was used to sign the payload.
Cert() (*x509.Certificate, error)
// Chain fetches the optional "full certificate chain" rooted
// at a Fulcio CA, the leaf of which was used to sign the
// payload.
Chain() ([]*x509.Certificate, error)
// Bundle fetches the optional metadata that records the ephemeral
// Fulcio key in the transparency log.
Bundle() (*bundle.RekorBundle, error)
// RFC3161Timestamp() fetches the optional metadata that records a
// RFC3161 signed timestamp.
RFC3161Timestamp() (*bundle.RFC3161Timestamp, error)
}
Signature holds a single image signature.
type Signatures ¶
type Signatures interface {
v1.Image // The low-level representation of the signatures
// Get retrieves the list of signatures stored.
Get() ([]Signature, error)
}
Signatures represents a set of signatures that are associated with a particular v1.Image.
type SignedEntity ¶
type SignedEntity interface {
// Digest returns the sha256 of this image's manifest.
Digest() (v1.Hash, error)
// Signatures returns the set of signatures currently associated with this
// entity, or the empty equivalent if none are found.
Signatures() (Signatures, error)
// Attestations returns the set of attestations currently associated with this
// entity, or the empty equivalent if none are found.
// Attestations are just like a Signature, but they do not contain
// Base64Signature because it's baked into the payload.
Attestations() (Signatures, error)
// Attachment returns a named entity associated with this entity, or error if not found.
Attachment(name string) (File, error)
}
type SignedImage ¶
type SignedImage interface {
v1.Image
SignedEntity
}
SignedImage represents an OCI Image, complemented with accessors for retrieving signed metadata associated with that image.
type SignedImageIndex ¶
type SignedImageIndex interface {
v1.ImageIndex
SignedEntity
// SignedImage is the same as Image, but provides accessors for the nested
// image's signed metadata.
SignedImage(v1.Hash) (SignedImage, error)
// SignedImageIndex is the same as ImageIndex, but provides accessors for
// the nested image index's signed metadata.
SignedImageIndex(v1.Hash) (SignedImageIndex, error)
}
SignedIndex represents an OCI ImageIndex, complemented with accessors for retrieving signed metadata associated with that ImageIndex.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.