manifest

package
v2.0.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 28, 2015 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Verify

func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error)

Verify verifies the signature of the signed manifest returning the public keys used during signing.

func VerifyChains

func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error)

VerifyChains verifies the signature of the signed manifest against the certificate pool returning the list of verified chains. Signatures without an x509 chain are not checked.

Types

type FSLayer

type FSLayer struct {
	// BlobSum is the tarsum of the referenced filesystem image layer
	BlobSum digest.Digest `json:"blobSum"`
}

FSLayer is a container struct for BlobSums defined in an image manifest

type History

type History struct {
	// V1Compatibility is the raw v1 compatibility information
	V1Compatibility string `json:"v1Compatibility"`
}

History stores unstructured v1 compatibility information

type Manifest

type Manifest struct {
	Versioned

	// Name is the name of the image's repository
	Name string `json:"name"`

	// Tag is the tag of the image specified by this manifest
	Tag string `json:"tag"`

	// Architecture is the host architecture on which this image is intended to
	// run
	Architecture string `json:"architecture"`

	// FSLayers is a list of filesystem layer blobSums contained in this image
	FSLayers []FSLayer `json:"fsLayers"`

	// History is a list of unstructured historical data for v1 compatibility
	History []History `json:"history"`
}

Manifest provides the base accessible fields for working with V2 image format in the registry.

type SignedManifest

type SignedManifest struct {
	Manifest

	// Raw is the byte representation of the ImageManifest, used for signature
	// verification. The value of Raw must be used directly during
	// serialization, or the signature check will fail. The manifest byte
	// representation cannot change or it will have to be re-signed.
	Raw []byte `json:"-"`
}

SignedManifest provides an envelope for a signed image manifest, including the format sensitive raw bytes. It contains fields to

func Sign

Sign signs the manifest with the provided private key, returning a SignedManifest. This typically won't be used within the registry, except for testing.

func SignWithChain

func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error)

SignWithChain signs the manifest with the given private key and x509 chain. The public key of the first element in the chain must be the public key corresponding with the sign key.

func (*SignedManifest) MarshalJSON

func (sm *SignedManifest) MarshalJSON() ([]byte, error)

MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner contents. Applications requiring a marshaled signed manifest should simply use Raw directly, since the the content produced by json.Marshal will be compacted and will fail signature checks.

func (*SignedManifest) UnmarshalJSON

func (sm *SignedManifest) UnmarshalJSON(b []byte) error

UnmarshalJSON populates a new ImageManifest struct from JSON data.

type Versioned

type Versioned struct {
	// SchemaVersion is the image manifest schema that this image follows
	SchemaVersion int `json:"schemaVersion"`
}

Versioned provides a struct with just the manifest schemaVersion. Incoming content with unknown schema version can be decoded against this struct to check the version.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL