Documentation ¶
Index ¶
- Variables
- type ErrFileNotFound
- type ErrInsufficientSignatures
- type ErrInvalidExpires
- type ErrInvalidRole
- type ErrKeyNotFound
- type ErrMissingMetadata
- type ErrNoDelegatedTarget
- type ErrNoKeys
- type ErrNotEnoughKeys
- type ErrPassphraseRequired
- type LocalStore
- type PassphraseChanger
- type Repo
- func (r *Repo) AddDelegatedRole(delegator string, delegatedRole data.DelegatedRole, keys []*data.PublicKey) error
- func (r *Repo) AddDelegatedRoleWithExpires(delegator string, delegatedRole data.DelegatedRole, keys []*data.PublicKey, ...) error
- func (r *Repo) AddDelegatedRolesForPathHashBins(delegator string, bins *targets.HashBins, keys []*data.PublicKey, ...) error
- func (r *Repo) AddDelegatedRolesForPathHashBinsWithExpires(delegator string, bins *targets.HashBins, keys []*data.PublicKey, ...) error
- func (r *Repo) AddOrUpdateSignature(roleFilename string, signature data.Signature) error
- func (r *Repo) AddPrivateKey(role string, signer keys.Signer) error
- func (r *Repo) AddPrivateKeyWithExpires(keyRole string, signer keys.Signer, expires time.Time) error
- func (r *Repo) AddTarget(path string, custom json.RawMessage) error
- func (r *Repo) AddTargetToPreferredRole(path string, custom json.RawMessage, preferredRole string) error
- func (r *Repo) AddTargetWithExpires(path string, custom json.RawMessage, expires time.Time) error
- func (r *Repo) AddTargetWithExpiresToPreferredRole(path string, custom json.RawMessage, expires time.Time, preferredRole string) error
- func (r *Repo) AddTargets(paths []string, custom json.RawMessage) error
- func (r *Repo) AddTargetsToPreferredRole(paths []string, custom json.RawMessage, preferredRole string) error
- func (r *Repo) AddTargetsWithDigest(digest string, digestAlg string, length int64, path string, ...) error
- func (r *Repo) AddTargetsWithExpires(paths []string, custom json.RawMessage, expires time.Time) error
- func (r *Repo) AddTargetsWithExpiresToPreferredRole(paths []string, custom json.RawMessage, expires time.Time, ...) error
- func (r *Repo) AddVerificationKey(keyRole string, pk *data.PublicKey) error
- func (r *Repo) AddVerificationKeyWithExpiration(keyRole string, pk *data.PublicKey, expires time.Time) error
- func (r *Repo) ChangePassphrase(keyRole string) error
- func (r *Repo) CheckRoleUnexpired(role string, validAt time.Time) error
- func (r *Repo) Clean() error
- func (r *Repo) Commit() error
- func (r *Repo) GenKey(role string) ([]string, error)
- func (r *Repo) GenKeyWithExpires(keyRole string, expires time.Time) (keyids []string, err error)
- func (r *Repo) GenKeyWithSchemeAndExpires(role string, expires time.Time, keyScheme data.KeyScheme) ([]string, error)
- func (r *Repo) GetMeta() (map[string]json.RawMessage, error)
- func (r *Repo) GetThreshold(keyRole string) (int, error)
- func (r *Repo) Init(consistentSnapshot bool) error
- func (r *Repo) Payload(roleFilename string) ([]byte, error)
- func (r *Repo) RemoveTarget(path string) error
- func (r *Repo) RemoveTargetWithExpires(path string, expires time.Time) error
- func (r *Repo) RemoveTargets(paths []string) error
- func (r *Repo) RemoveTargetsWithExpires(paths []string, expires time.Time) error
- func (r *Repo) ResetTargetsDelegations(delegator string) error
- func (r *Repo) ResetTargetsDelegationsWithExpires(delegator string, expires time.Time) error
- func (r *Repo) RevokeKey(role, id string) error
- func (r *Repo) RevokeKeyWithExpires(keyRole, id string, expires time.Time) error
- func (r *Repo) RootKeys() ([]*data.PublicKey, error)
- func (r *Repo) RootVersion() (int64, error)
- func (r *Repo) SetSnapshotVersion(v int64) error
- func (r *Repo) SetTargetsVersion(v int64) error
- func (r *Repo) SetThreshold(keyRole string, t int) error
- func (r *Repo) SetTimestampVersion(v int64) error
- func (r *Repo) Sign(roleFilename string) error
- func (r *Repo) SignPayload(role string, payload *data.Signed) (int, error)
- func (r *Repo) SignedMeta(roleFilename string) (*data.Signed, error)
- func (r *Repo) Snapshot() error
- func (r *Repo) SnapshotVersion() (int64, error)
- func (r *Repo) SnapshotWithExpires(expires time.Time) error
- func (r *Repo) Targets() (data.TargetFiles, error)
- func (r *Repo) TargetsVersion() (int64, error)
- func (r *Repo) Timestamp() error
- func (r *Repo) TimestampVersion() (int64, error)
- func (r *Repo) TimestampWithExpires(expires time.Time) error
- type RepoOpts
- type StoreOpts
- type TargetsWalkFunc
Constants ¶
This section is empty.
Variables ¶
Functions ¶
This section is empty.
Types ¶
type ErrFileNotFound ¶
type ErrFileNotFound struct {
Path string
}
func (ErrFileNotFound) Error ¶
func (e ErrFileNotFound) Error() string
type ErrInsufficientSignatures ¶
func (ErrInsufficientSignatures) Error ¶
func (e ErrInsufficientSignatures) Error() string
type ErrInvalidExpires ¶
func (ErrInvalidExpires) Error ¶
func (e ErrInvalidExpires) Error() string
type ErrInvalidRole ¶
func (ErrInvalidRole) Error ¶
func (e ErrInvalidRole) Error() string
type ErrKeyNotFound ¶
func (ErrKeyNotFound) Error ¶
func (e ErrKeyNotFound) Error() string
type ErrMissingMetadata ¶
type ErrMissingMetadata struct {
Name string
}
func (ErrMissingMetadata) Error ¶
func (e ErrMissingMetadata) Error() string
type ErrNoDelegatedTarget ¶ added in v0.3.0
type ErrNoDelegatedTarget struct {
Path string
}
func (ErrNoDelegatedTarget) Error ¶ added in v0.3.0
func (e ErrNoDelegatedTarget) Error() string
type ErrNotEnoughKeys ¶
func (ErrNotEnoughKeys) Error ¶
func (e ErrNotEnoughKeys) Error() string
type ErrPassphraseRequired ¶
type ErrPassphraseRequired struct {
Role string
}
func (ErrPassphraseRequired) Error ¶
func (e ErrPassphraseRequired) Error() string
type LocalStore ¶
type LocalStore interface { // GetMeta returns a map from metadata file names (e.g. root.json) to their raw JSON payload or an error. GetMeta() (map[string]json.RawMessage, error) // SetMeta is used to update a metadata file name with a JSON payload. SetMeta(name string, meta json.RawMessage) error // WalkStagedTargets calls targetsFn for each staged target file in paths. // If paths is empty, all staged target files will be walked. WalkStagedTargets(paths []string, targetsFn TargetsWalkFunc) error // FileIsStaged determines if a metadata file is currently staged, to avoid incrementing // version numbers repeatedly while staged. FileIsStaged(filename string) bool // Commit is used to publish staged files to the repository // // This will also reset the staged meta to signal incrementing version numbers. // TUF 1.0 requires that the root metadata version numbers in the repository does not // gaps. To avoid this, we will only increment the number once until we commit. Commit(bool, map[string]int64, map[string]data.Hashes) error // GetSigners return a list of signers for a role. // This may include revoked keys, so the signers should not // be used without filtering. GetSigners(role string) ([]keys.Signer, error) // SaveSigner adds a signer to a role. SaveSigner(role string, signer keys.Signer) error // SignersForRole return a list of signing keys for a role. SignersForKeyIDs(keyIDs []string) []keys.Signer // Clean is used to remove all staged manifests. Clean() error }
func FileSystemStore ¶
func FileSystemStore(dir string, p util.PassphraseFunc) LocalStore
func FileSystemStoreWithOpts ¶ added in v0.5.1
func FileSystemStoreWithOpts(dir string, opts ...StoreOpts) LocalStore
func MemoryStore ¶
func MemoryStore(meta map[string]json.RawMessage, files map[string][]byte) LocalStore
type PassphraseChanger ¶
type Repo ¶
type Repo struct {
// contains filtered or unexported fields
}
func NewRepoIndent ¶
func NewRepoWithOpts ¶ added in v0.5.1
func NewRepoWithOpts(local LocalStore, opts ...RepoOpts) (*Repo, error)
func (*Repo) AddDelegatedRole ¶ added in v0.3.0
func (r *Repo) AddDelegatedRole(delegator string, delegatedRole data.DelegatedRole, keys []*data.PublicKey) error
AddDelegatedRole is equivalent to AddDelegatedRoleWithExpires, but with a default expiration time.
func (*Repo) AddDelegatedRoleWithExpires ¶ added in v0.3.0
func (r *Repo) AddDelegatedRoleWithExpires(delegator string, delegatedRole data.DelegatedRole, keys []*data.PublicKey, expires time.Time) error
AddDelegatedRoleWithExpires adds a delegation from the delegator to the role specified in the role argument. Key IDs referenced in role.KeyIDs should have corresponding Key entries in the keys argument. New metadata is written with the given expiration time.
func (*Repo) AddDelegatedRolesForPathHashBins ¶ added in v0.3.0
func (r *Repo) AddDelegatedRolesForPathHashBins(delegator string, bins *targets.HashBins, keys []*data.PublicKey, threshold int) error
AddDelegatedRolesForPathHashBins is equivalent to AddDelegatedRolesForPathHashBinsWithExpires, but with a default expiration time.
func (*Repo) AddDelegatedRolesForPathHashBinsWithExpires ¶ added in v0.3.0
func (r *Repo) AddDelegatedRolesForPathHashBinsWithExpires(delegator string, bins *targets.HashBins, keys []*data.PublicKey, threshold int, expires time.Time) error
AddDelegatedRolesForPathHashBinsWithExpires adds delegations to the delegator role for the given hash bins configuration. New metadata is written with the given expiration time.
func (*Repo) AddOrUpdateSignature ¶
AddOrUpdateSignature allows users to add or update a signature generated with an external tool. The name must be a valid metadata file name, like root.json.
func (*Repo) AddPrivateKeyWithExpires ¶
func (*Repo) AddTargetToPreferredRole ¶ added in v0.3.0
func (*Repo) AddTargetWithExpires ¶
func (*Repo) AddTargetWithExpiresToPreferredRole ¶ added in v0.3.0
func (*Repo) AddTargets ¶
func (r *Repo) AddTargets(paths []string, custom json.RawMessage) error
func (*Repo) AddTargetsToPreferredRole ¶ added in v0.3.0
func (*Repo) AddTargetsWithDigest ¶
func (*Repo) AddTargetsWithExpires ¶
func (*Repo) AddTargetsWithExpiresToPreferredRole ¶ added in v0.3.0
func (r *Repo) AddTargetsWithExpiresToPreferredRole(paths []string, custom json.RawMessage, expires time.Time, preferredRole string) error
AddTargetsWithExpiresToPreferredRole signs the staged targets at `paths`.
If preferredRole is not the empty string, the target is added to the given role's manifest if delegations allow it. If delegations do not allow the preferredRole to sign the given path, an error is returned.
func (*Repo) AddVerificationKey ¶
func (*Repo) AddVerificationKeyWithExpiration ¶
func (*Repo) ChangePassphrase ¶
func (*Repo) CheckRoleUnexpired ¶ added in v0.3.2
func (*Repo) GenKeyWithExpires ¶
func (*Repo) GenKeyWithSchemeAndExpires ¶ added in v0.5.0
func (*Repo) GetMeta ¶ added in v0.3.2
func (r *Repo) GetMeta() (map[string]json.RawMessage, error)
GetMeta returns the underlying meta file map from the store.
func (*Repo) RemoveTarget ¶
func (*Repo) RemoveTargetWithExpires ¶
func (*Repo) RemoveTargets ¶
func (*Repo) RemoveTargetsWithExpires ¶
If paths is empty, all targets will be removed.
func (*Repo) ResetTargetsDelegations ¶ added in v0.3.0
ResetTargetsDelegation is equivalent to ResetTargetsDelegationsWithExpires with a default expiry time.
func (*Repo) ResetTargetsDelegationsWithExpires ¶ added in v0.3.0
ResetTargetsDelegationsWithExpires removes all targets delegations from the given delegator role. New metadata is written with the given expiration time.
func (*Repo) RevokeKeyWithExpires ¶
func (*Repo) RootVersion ¶
func (*Repo) SetSnapshotVersion ¶
func (*Repo) SetTargetsVersion ¶
func (*Repo) SetTimestampVersion ¶
func (*Repo) SignPayload ¶ added in v0.3.1
SignPayload signs the given payload using the key(s) associated with role.
It returns the total number of keys used for signing, 0 (along with ErrNoKeys) if no keys were found, or -1 (along with an error) in error cases.
func (*Repo) SignedMeta ¶
Used to retrieve the signable portion of the metadata when using an external signing tool.
func (*Repo) SnapshotVersion ¶
func (*Repo) TargetsVersion ¶
func (*Repo) TimestampVersion ¶
type RepoOpts ¶ added in v0.5.1
type RepoOpts func(r *Repo)
func WithHashAlgorithms ¶ added in v0.5.1
func WithLogger ¶ added in v0.5.1
func WithPrefix ¶ added in v0.5.1
type StoreOpts ¶ added in v0.5.1
type StoreOpts struct { Logger *log.Logger PassFunc util.PassphraseFunc }
type TargetsWalkFunc ¶
TargetsWalkFunc is a function of a target path name and a target payload used to execute some function on each staged target file. For example, it may normalize path names and generate target file metadata with additional custom metadata.
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase.
|
Package encrypted provides a simple, secure system for encrypting data symmetrically with a passphrase. |
internal
|
|
fsutil
Package fsutil defiens a set of internal utility functions used to interact with the file system.
|
Package fsutil defiens a set of internal utility functions used to interact with the file system. |
pkg
|
|