tuf

package

v1.3.4 Latest Latest Go to latest Published: Dec 27, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/venafi-iw/cosign

Documentation ¶

Index ¶

Constants
Variables
func CosignCachedRoot() string
func CosignCachedTargets() string
func DefaultExpires(role string) time.Time
func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, ...) (client.RemoteStore, error)
func GetEmbeddedRoot() ([]byte, error)
func GetTarget(ctx context.Context, name string, out client.Destination) error
func Init(ctx context.Context, altRootBytes []byte, remote client.RemoteStore) error
func RootClient(ctx context.Context, remote client.RemoteStore, altRoot []byte) (*client.Client, error)
type ByteDestination
- func (b *ByteDestination) Delete() error
type FulcioKeyVal
- func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)
type GcsRemoteOptions
type Key
- func FulcioVerificationKey(email string, issuer string) *Key
- func (k *Key) ContainsID(id string) bool
- func (k *Key) ID() string
type Role
- func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool
type Root
- func NewRoot() *Root
- func (r *Root) AddKey(key *Key) bool
- func (r *Root) Marshal() (*Signed, error)
- func (r *Root) ValidKey(key *Key, role string) (string, error)
type Signature
type Signed
- func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error
- func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

Constants ¶

View Source

const (
	TufRootEnv        = "TUF_ROOT"
	SigstoreNoCache   = "SIGSTORE_NO_CACHE"
	DefaultRemoteRoot = "sigstore-tuf-root"
)

TODO(asraa): Configure an environment variable so users can set their own remote outside of an explicit `cosign init` (e.g. when no cache is enabled).

View Source

const (
	KeyTypeFulcio   = "sigstore-oidc"
	KeySchemeFulcio = "https://fulcio.sigstore.dev"
)

Variables ¶

View Source

var (
	KeyAlgorithms = []string{"sha256", "sha512"}
)

Functions ¶

func CosignCachedRoot ¶

func CosignCachedRoot() string

func CosignCachedTargets ¶

func CosignCachedTargets() string

func DefaultExpires ¶

func DefaultExpires(role string) time.Time

func GcsRemoteStore ¶

func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, client *storage.Client) (client.RemoteStore, error)

A remote store for TUF metadata on GCS.

func GetEmbeddedRoot ¶

func GetEmbeddedRoot() ([]byte, error)

func GetTarget ¶

func GetTarget(ctx context.Context, name string, out client.Destination) error

func Init ¶

func Init(ctx context.Context, altRootBytes []byte, remote client.RemoteStore) error

Instantiates the global TUF client. Uses the embedded (by default trusted) root in cosign unless a custom root is provided. This will always perform a remote call to update.

func RootClient ¶

func RootClient(ctx context.Context, remote client.RemoteStore, altRoot []byte) (*client.Client, error)

Gets the global TUF client if the directory exists. This will not make a remote call unless fetch is true.

Types ¶

type ByteDestination ¶

type ByteDestination struct {
	*bytes.Buffer
}

func (*ByteDestination) Delete ¶

func (b *ByteDestination) Delete() error

type FulcioKeyVal ¶

type FulcioKeyVal struct {
	Identity string `json:"identity"`
	Issuer   string `json:"issuer,omitempty"`
}

func GetFulcioKeyVal ¶

func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)

type GcsRemoteOptions ¶

type GcsRemoteOptions struct {
	MetadataPath string
	TargetsPath  string
}

type Key ¶

type Key struct {
	Type       string          `json:"keytype"`
	Scheme     string          `json:"scheme"`
	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
	Value      json.RawMessage `json:"keyval"`
	// contains filtered or unexported fields
}

func FulcioVerificationKey ¶

func FulcioVerificationKey(email string, issuer string) *Key

func (*Key) ContainsID ¶

func (k *Key) ContainsID(id string) bool

func (*Key) ID ¶

func (k *Key) ID() string

type Role ¶

type Role struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

func (*Role) AddKeysWithThreshold ¶

func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool

type Root ¶

type Root struct {
	Type        string           `json:"_type"`
	SpecVersion string           `json:"spec_version"`
	Version     int              `json:"version"`
	Expires     time.Time        `json:"expires"`
	Keys        map[string]*Key  `json:"keys"`
	Roles       map[string]*Role `json:"roles"`
	Namespace   string           `json:"namespace"`

	ConsistentSnapshot bool `json:"consistent_snapshot"`
}

func NewRoot ¶

func NewRoot() *Root

func (*Root) AddKey ¶

func (r *Root) AddKey(key *Key) bool

func (*Root) Marshal ¶

func (r *Root) Marshal() (*Signed, error)

func (*Root) ValidKey ¶

func (r *Root) ValidKey(key *Key, role string) (string, error)

type Signature ¶

type Signature struct {
	KeyID     string `json:"keyid"`
	Signature string `json:"sig"`
	Cert      string `json:"cert,omitempty"`
}

type Signed ¶

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

func (*Signed) AddOrUpdateSignature ¶

func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error

func (*Signed) JSONMarshal ¶

func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL