Affected by GO-2024-2718 and 1 other vulnerabilities

GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign

GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

The highest tagged major version is v2.

tuf

package

v1.5.1 Latest Latest Go to latest Published: Jan 30, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func DefaultExpires(role string) time.Time
func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, ...) (client.RemoteStore, error)
func Initialize(ctx context.Context, mirror string, root []byte) error
type FulcioKeyVal
- func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)
type GcsRemoteOptions
type Key
- func FulcioVerificationKey(email string, issuer string) *Key
- func (k *Key) ContainsID(id string) bool
- func (k *Key) ID() string
type Role
- func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool
type Root
- func NewRoot() *Root
- func (r *Root) AddKey(key *Key) bool
- func (r *Root) Marshal() (*Signed, error)
- func (r *Root) ValidKey(key *Key, role string) (string, error)
type Signature
type Signed
- func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error
- func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)
type TUF
- func NewFromEnv(ctx context.Context) (*TUF, error)
- func (t *TUF) Close() error
- func (t *TUF) GetTarget(name string) ([]byte, error)
- func (t *TUF) GetTimestamp() ([]byte, error)
type Timestamp
- func GetTimestamp(ctx context.Context) (*Timestamp, error)

Constants ¶

View Source

const (
	DefaultRemoteRoot = "sigstore-tuf-root"
	TufRootEnv        = "TUF_ROOT"
	SigstoreNoCache   = "SIGSTORE_NO_CACHE"
)

View Source

const (
	KeyTypeFulcio   = "sigstore-oidc"
	KeySchemeFulcio = "https://fulcio.sigstore.dev"
)

Variables ¶

View Source

var (
	KeyAlgorithms = []string{"sha256", "sha512"}
)

Functions ¶

func DefaultExpires ¶ added in v1.3.0

func DefaultExpires(role string) time.Time

func GcsRemoteStore ¶

func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, client *storage.Client) (client.RemoteStore, error)

A remote store for TUF metadata on GCS.

func Initialize ¶ added in v1.5.0

func Initialize(ctx context.Context, mirror string, root []byte) error

Types ¶

type FulcioKeyVal ¶ added in v1.3.0

type FulcioKeyVal struct {
	Identity string `json:"identity"`
	Issuer   string `json:"issuer,omitempty"`
}

func GetFulcioKeyVal ¶ added in v1.3.1

func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)

type GcsRemoteOptions ¶

type GcsRemoteOptions struct {
	MetadataPath string
	TargetsPath  string
}

type Key ¶ added in v1.3.0

type Key struct {
	Type       string          `json:"keytype"`
	Scheme     string          `json:"scheme"`
	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
	Value      json.RawMessage `json:"keyval"`
	// contains filtered or unexported fields
}

func FulcioVerificationKey ¶ added in v1.3.0

func FulcioVerificationKey(email string, issuer string) *Key

func (*Key) ContainsID ¶ added in v1.3.0

func (k *Key) ContainsID(id string) bool

func (*Key) ID ¶ added in v1.3.0

func (k *Key) ID() string

type Role ¶ added in v1.3.0

type Role struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

func (*Role) AddKeysWithThreshold ¶ added in v1.3.0

func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool

type Root ¶ added in v1.3.0

type Root struct {
	Type        string           `json:"_type"`
	SpecVersion string           `json:"spec_version"`
	Version     int              `json:"version"`
	Expires     time.Time        `json:"expires"`
	Keys        map[string]*Key  `json:"keys"`
	Roles       map[string]*Role `json:"roles"`
	Namespace   string           `json:"namespace"`

	ConsistentSnapshot bool `json:"consistent_snapshot"`
}

func NewRoot ¶ added in v1.3.0

func NewRoot() *Root

func (*Root) AddKey ¶ added in v1.3.0

func (r *Root) AddKey(key *Key) bool

func (*Root) Marshal ¶ added in v1.3.0

func (r *Root) Marshal() (*Signed, error)

func (*Root) ValidKey ¶ added in v1.3.0

func (r *Root) ValidKey(key *Key, role string) (string, error)

type Signature ¶ added in v1.3.0

type Signature struct {
	KeyID     string `json:"keyid"`
	Signature string `json:"sig"`
	Cert      string `json:"cert,omitempty"`
}

type Signed ¶ added in v1.3.0

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

func (*Signed) AddOrUpdateSignature ¶ added in v1.3.0

func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error

func (*Signed) JSONMarshal ¶ added in v1.3.0

func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

type TUF ¶ added in v1.5.0

type TUF struct {
	// contains filtered or unexported fields
}

func NewFromEnv ¶ added in v1.5.0

func NewFromEnv(ctx context.Context) (*TUF, error)

func (*TUF) Close ¶ added in v1.5.0

func (t *TUF) Close() error

Close closes the local TUF store. Should only be called once per client.

func (*TUF) GetTarget ¶ added in v1.5.0

func (t *TUF) GetTarget(name string) ([]byte, error)

func (*TUF) GetTimestamp ¶ added in v1.5.0

func (t *TUF) GetTimestamp() ([]byte, error)

type Timestamp ¶ added in v1.5.0

type Timestamp struct {
	Signatures []data.Signature `json:"signatures"`
	Signed     data.Timestamp   `json:"signed"`
}

func GetTimestamp ¶ added in v1.5.0

func GetTimestamp(ctx context.Context) (*Timestamp, error)

GetTimestamp fetches the TUF timestamp metadata to be bundled with the OCI signature.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL