ocm

package module
v0.18.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: Apache-2.0 Imports: 1 Imported by: 1

README

Open Component Model

OpenSSF Best Practices REUSE status OCM Integration Tests Go Report Card

The Open Component Model (OCM) is an open standard to describe software bills of delivery (SBOD). OCM is a technology-agnostic and machine-readable format focused on the software artifacts that must be delivered for software products.

Check out the the main OCM project web page to find out what OCM offers you for implementing a secure software supply chain. It is your central entry point to all kind of OCM related docs and guides, the OCM specification and all project github repositories. It also offers a Getting Started to quickly make your hands dirty with OCM, its toolset and concepts 😃

OCM Specifications

OCM describes delivery artifacts that can be accessed from many types of component repositories. It defines a set of semantic, formatting, and other types of specifications that can be found in the ocm-spec repository. Start learning about the core concepts of OCM elements here.

OCM Library

This project provides a Go library containing an API for interacting with the Open Component Model (OCM) elements and mechanisms.

The library currently supports the following repository mappings:

  • OCI: Use the repository prefix path of an OCI repository to implement an OCM repository.
  • CTF (Common Transport Format): Use a file-based binding to represent any set of component versions as filesystem content (directory, tar, tgz).
  • Component Archive: Compose the content of a component version on the filesystem.

For the usage of the library to access OCM repositories, handle configuration and credentials see the examples section.

Additionally, OCM provides a generic solution for how to:

  • Sign component versions in any supported OCM repository implementation.
  • Verify signatures based on public keys or verified certificates.
  • Transport component versions, per reference or as values to any of the repository implementations.

OCM CLI

The ocm CLI may also be used to interact with OCM mechanisms. It makes it easy to create component versions and embed them in build processes.

The code for the CLI can be found in package cmds/ocm.

The OCI and OCM support can be found in packages api/oci and api/ocm.

Installation

Install the latest release with

Bash

To install with bash for macOS or Linux execute the following command:

curl -s https://ocm.software/install.sh | sudo bash
Homebrew

Install using Homebrew

# Homebrew (macOS and Linux)
brew install open-component-model/tap/ocm
NixOS

Install using Nix (with Flakes)

# Nix (macOS, Linux, and Windows)
# ad-hoc cmd execution
nix run github:open-component-model/ocm -- --help
nix run github:open-component-model/ocm#helminstaller -- --help

# install development version
nix profile install github:open-component-model/ocm
# or release <version>
nix profile install github:open-component-model/ocm/<version>

#check installation
nix profile list | grep ocm

# optionally, open a new shell and verify that cmd completion works
ocm --help
AUR

Install from AUR (Arch Linux User Repository)

package-url: aur.archlinux.org/packages/ocm-cli

# if not using a helper util
git clone https://aur.archlinux.org/ocm-cli.git
cd ocm-cli
makepkg -i

AUR Documentation

Container

Usage via Docker / Podman

docker run -t ghcr.io/open-component-model/ocm:latest --help
podman run -t ghcr.io/open-component-model/ocm:latest --help
Build and run it yourself
podman build -t ocm .
podman run --rm -t ocm --loglevel debug --help

or interactively:

podman run --rm -it ocm /bin/sh

You can pass in the following arguments to override the predefined defaults:

  • GO_VERSION: The golang version to be used for compiling.
  • ALPINE_VERSION: The alpine version to be used as the base image.
  • GO_PROXY: Your go proxy to be used for fetching dependencies.

Please check hub.docker.com for possible version combinations.

podman build -t ocm --build-arg GO_VERSION=1.23 --build-arg ALPINE_VERSION=3.20 --build-arg GO_PROXY=https://proxy.golang.org .
Chocolatey
choco install ocm-cli

see: chocolatey community package: ocm-cli

Winget
winget install ocm-cli

see: microsoft/winget-packages: Open-Component-Model

Examples

An example of how to use the ocm CLI in a Makefile can be found in examples/make.

More comprehensive examples can be taken from the components contained in this repository. Here a complete component build including a multi-arch image is done and finally packaged into a CTF archive which can be transported into an OCI repository. See the readme files for details.

GPG Public Key

The authenticity of released packages that have been uploaded to public repositories can be verified using our GPG public key. You can find the current key in the file OCM-RELEASES-PUBLIC-CURRENT.gpg on our website. You can find the old keys in the website github repository here.

Contributing

Code contributions, feature requests, bug reports, and help requests are very welcome. Please refer to the Contributing Guide in the Community repository for more information on how to contribute to OCM.

OCM follows the CNCF Code of Conduct.

Release Process

The release process is automated through a github action workflow. Please refer to the Release Process Documentation for more information.

Licensing

Copyright 2024 SAP SE or an SAP affiliate company and Open Component Model contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Version string

Functions

This section is empty.

Types

This section is empty.

Directories

Path Synopsis
api
cli
credentials
Package credentials handles the access to credentials for consumers of credential sets.
Package credentials handles the access to credentials for consumers of credential sets.
credentials/builtin
Package builtin now contains special builtin credential detections, only.
Package builtin now contains special builtin credential detections, only.
oci
oci/ociutils/helm/ignore
Package ignore provides tools for writing ignore files (a la .gitignore).
Package ignore provides tools for writing ignore files (a la .gitignore).
ocm
ocm/compdesc/normalizations/jsonv1
Package jsonv1 provides a normalization which uses schema specific normalizations.
Package jsonv1 provides a normalization which uses schema specific normalizations.
ocm/compdesc/normalizations/jsonv2
Package jsonv2 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format.
Package jsonv2 provides a normalization which is completely based on the abstract (internal) version of the component descriptor and is therefore agnostic of the final serialization format.
ocm/compdesc/versions/ocm.software/v3alpha1/jsonscheme
Package jsonscheme generated by go-bindata.// sources: ../../../../../../../resources/component-descriptor-ocm-v3-schema.yaml
Package jsonscheme generated by go-bindata.// sources: ../../../../../../../resources/component-descriptor-ocm-v3-schema.yaml
ocm/compdesc/versions/v2/jsonscheme
Package jsonscheme generated by go-bindata.// sources: ../../../../../../resources/component-descriptor-v2-schema.yaml
Package jsonscheme generated by go-bindata.// sources: ../../../../../../resources/component-descriptor-v2-schema.yaml
ocm/cpi/repocpi
Package repocpi contains the implementation support for repository backends.
Package repocpi contains the implementation support for repository backends.
ocm/elements
Package elements contains builders for elements of a component version, aka resources, sources and references.
Package elements contains builders for elements of a component version, aka resources, sources and references.
ocm/elements/artifactaccess
Package artifactaccess hosts packages for ResourceAccess and SourceAccess builders used to add resources and sources referring to content in other repositories using access specification to a component version.
Package artifactaccess hosts packages for ResourceAccess and SourceAccess builders used to add resources and sources referring to content in other repositories using access specification to a component version.
ocm/elements/artifactblob
Package artifactblob hosts packages for ResourceAccess and SourceAccess builders used to add resources and sources as local blobs to a component version.
Package artifactblob hosts packages for ResourceAccess and SourceAccess builders used to add resources and sources as local blobs to a component version.
ocm/elements/artifactblob/externalblob
Package ociartifact provides a way to provide ResourceAccess and SourceAccess objects based on external access specification intended to be added as local access.
Package ociartifact provides a way to provide ResourceAccess and SourceAccess objects based on external access specification intended to be added as local access.
ocm/extensions/accessmethods/options
Package options defines standard options and option types usable to provide CLI options used to dynamically orchestrate arbitrary access specifications.
Package options defines standard options and option types usable to provide CLI options used to dynamically orchestrate arbitrary access specifications.
ocm/extensions/accessmethods/plugin
Package plugin is an adapter implementation that provides a generic handling of all AccessMethods provided by plugins.
Package plugin is an adapter implementation that provides a generic handling of all AccessMethods provided by plugins.
ocm/extensions/blobhandler
Package blobhandler contains blobhandlers for handling local blobs for dedicated repository types.
Package blobhandler contains blobhandlers for handling local blobs for dedicated repository types.
ocm/extensions/blobhandler/handlers/oci
Package oci contains sub packages for blob handler implementations for dedicated implementations of the oci go binding interface.
Package oci contains sub packages for blob handler implementations for dedicated implementations of the oci go binding interface.
ocm/extensions/blobhandler/handlers/ocm
Package ocm contains sub packages for blob handler implementations for dedicated implementations of the default ocm go binding interface.
Package ocm contains sub packages for blob handler implementations for dedicated implementations of the default ocm go binding interface.
ocm/extensions/download
Package download provides an API for resource download handlers.
Package download provides an API for resource download handlers.
ocm/extensions/labels/routingslip/types/plugin
Package plugin is an adapter implementation that provides a generic handling of all ValueSets provided by plugins.
Package plugin is an adapter implementation that provides a generic handling of all ValueSets provided by plugins.
ocm/extensions/pubsub
Package pubsub contains the handling required to connect OCM repositories to publish/subscribe infrastructures.
Package pubsub contains the handling required to connect OCM repositories to publish/subscribe infrastructures.
ocm/extensions/repositories/virtual/example
Package example contains a simple implementation providing a virtual OCM repository based on some opinionated filesystem structure.
Package example contains a simple implementation providing a virtual OCM repository based on some opinionated filesystem structure.
ocm/plugin
Package plugin maps a Go plugin interface to a technical command line interface.
Package plugin maps a Go plugin interface to a technical command line interface.
ocm/plugin/cache
Package cache implements the plugin cache that contains all loaded plugins.
Package cache implements the plugin cache that contains all loaded plugins.
ocm/plugin/descriptor
Package descriptor declares several structs that describe the information that formally describes the capabilities provided by each plugin.
Package descriptor declares several structs that describe the information that formally describes the capabilities provided by each plugin.
ocm/plugin/ppi
Package ppi provides the plugin programming interface.
Package ppi provides the plugin programming interface.
ocm/plugin/ppi/config
The config package can be used if the plugin should provide the ocm configuration from the calling OCM library.
The config package can be used if the plugin should provide the ocm configuration from the calling OCM library.
ocm/plugin/ppi/logging
The logging package can be used if the plugin should handle the ocm logging configuration from the calling OCM library.
The logging package can be used if the plugin should handle the ocm logging configuration from the calling OCM library.
ocm/tools/transfer/transferhandler
Package transferhandler provides the API for transfer handlers used during the transfer process of an OCM component.
Package transferhandler provides the API for transfer handlers used during the transfer process of an OCM component.
ocm/valuemergehandler/hpi
Package hpi contains the Handler Programming Interface for value merge handlers
Package hpi contains the Handler Programming Interface for value merge handlers
utils/blobaccess
Package blobaccess provides various flavors of BlobAccess implementations.
Package blobaccess provides various flavors of BlobAccess implementations.
utils/blobaccess/blobaccess
Package blobaccess provides the basic set of types and supporting functions for using BlobAccess implementations.
Package blobaccess provides the basic set of types and supporting functions for using BlobAccess implementations.
utils/cobrautils/flagsets/flagsetscheme
Package flagsetscheme provides a runtime.TypeScheme with support for command line option sets for the described object types.
Package flagsetscheme provides a runtime.TypeScheme with support for command line option sets for the described object types.
utils/cobrautils/logopts
Package logopts is used for CLI options used to control the logging, globally or for a dedicated context.
Package logopts is used for CLI options used to control the logging, globally or for a dedicated context.
utils/refmgmt
Package refmgmt provides a simple wrapper, which can be used to map a closable object type into an interface supporting reference counting and supporting a Dup() method.
Package refmgmt provides a simple wrapper, which can be used to map a closable object type into an interface supporting reference counting and supporting a Dup() method.
utils/refmgmt/finalized
Package finalized provided a view management for a backend object, which is based on Go Garbage Collection and runtime finalizers.
Package finalized provided a view management for a backend object, which is based on Go Garbage Collection and runtime finalizers.
utils/refmgmt/resource
Package resource provides support to implement closeable backing resources featuring multiple separately closeable references.
Package resource provides support to implement closeable backing resources featuring multiple separately closeable references.
utils/registrations
Package registrations provides a hierarchical namespace for denoting any kind of handlers to be registered on some target.
Package registrations provides a hierarchical namespace for denoting any kind of handlers to be registered on some target.
cmds
ocm
examples
lib
hack

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL