oci

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2022 License: Apache-2.0 Imports: 7 Imported by: 23

Documentation

Overview

Package oci holds functions and types intended to align and compose with github.com/google/go-containerregistry.

Index

Constants

View Source
const (
	DockerMediaTypesEnv = "COSIGN_DOCKER_MEDIA_TYPES"
)

Variables

This section is empty.

Functions

func DockerMediaTypes

func DockerMediaTypes() bool

Types

type File

type File interface {
	SignedImage

	// FileMediaType retrieves the media type of the File
	FileMediaType() (types.MediaType, error)

	// Payload fetches the opaque data that is being signed.
	// This will always return data when there is no error.
	Payload() ([]byte, error)
}

File is a degenerate form of SignedImage that stores a single file as a v1.Layer

type Signature

type Signature interface {
	v1.Layer

	// Annotations returns the annotations associated with this layer.
	Annotations() (map[string]string, error)

	// Payload fetches the opaque data that is being signed.
	// This will always return data when there is no error.
	Payload() ([]byte, error)

	// Base64Signature fetches the base64 encoded signature
	// of the payload.  This will always return data when
	// there is no error.
	Base64Signature() (string, error)

	// Cert fetches the optional public key from the key pair that
	// was used to sign the payload.
	Cert() (*x509.Certificate, error)

	// Chain fetches the optional "full certificate chain" rooted
	// at a Fulcio CA, the leaf of which was used to sign the
	// payload.
	Chain() ([]*x509.Certificate, error)

	// Bundle fetches the optional metadata that records the ephemeral
	// Fulcio key in the transparency log.
	Bundle() (*bundle.RekorBundle, error)

	// Timestamp fetches the optional TUF timestamp metadata that
	// records when the signature was generated. This can be used
	// to find the TUF targets used to generate the signature.
	Timestamp() (*tuf.Timestamp, error)
}

Signature holds a single image signature.

type Signatures

type Signatures interface {
	v1.Image // The low-level representation of the signatures

	// Get retrieves the list of signatures stored.
	Get() ([]Signature, error)
}

Signatures represents a set of signatures that are associated with a particular v1.Image.

type SignedEntity

type SignedEntity interface {
	// Signatures returns the set of signatures currently associated with this
	// entity, or the empty equivalent if none are found.
	Signatures() (Signatures, error)

	// Attestations returns the set of attestations currently associated with this
	// entity, or the empty equivalent if none are found.
	// Attestations are just like a Signature, but they do not contain
	// Base64Signature because it's baked into the payload.
	Attestations() (Signatures, error)

	// Attachment returns a named entity associated with this entity, or error if not found.
	Attachment(name string) (File, error)
}

type SignedImage

type SignedImage interface {
	v1.Image
	SignedEntity
}

SignedImage represents an OCI Image, complemented with accessors for retrieving signed metadata associated with that image.

type SignedImageIndex

type SignedImageIndex interface {
	v1.ImageIndex
	SignedEntity

	// SignedImage is the same as Image, but provides accessors for the nested
	// image's signed metadata.
	SignedImage(v1.Hash) (SignedImage, error)

	// SignedImageIndex is the same as ImageIndex, but provides accessors for
	// the nested image index's signed metadata.
	SignedImageIndex(v1.Hash) (SignedImageIndex, error)
}

SignedIndex represents an OCI ImageIndex, complemented with accessors for retrieving signed metadata associated with that ImageIndex.

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL