Documentation
¶
Index ¶
- Constants
- Variables
- func Initialize(ctx context.Context, mirror string, root []byte) error
- func NewSigstoreTufRepo(t *testing.T, root TestSigstoreRoot) (tuf.LocalStore, *tuf.Repo)
- type FulcioKeyVal
- type Key
- type MetadataStatus
- type Role
- type Root
- type RootStatus
- type Signature
- type Signed
- type StatusKind
- type TUF
- type TargetFile
- type TestSigstoreRoot
- type UsageKind
Constants ¶
View Source
const ( // DefaultRemoteRoot is the default remote TUF root location. DefaultRemoteRoot = "https://sigstore-tuf-root.storage.googleapis.com" // TufRootEnv is the name of the environment variable that locates an alternate local TUF root location. TufRootEnv = "TUF_ROOT" // SigstoreNoCache is the name of the environment variable that, if set, configures this code to only store root data in memory. SigstoreNoCache = "SIGSTORE_NO_CACHE" )
View Source
const ( KeyTypeFulcio = "sigstore-oidc" KeySchemeFulcio = "https://fulcio.sigstore.dev" )
Variables ¶
View Source
var KeyAlgorithms = []string{"sha256", "sha512"}
Functions ¶
func NewSigstoreTufRepo ¶
func NewSigstoreTufRepo(t *testing.T, root TestSigstoreRoot) (tuf.LocalStore, *tuf.Repo)
This creates a new sigstore TUF repo whose signers can be used to create dynamic signed Rekor entries.
Types ¶
type FulcioKeyVal ¶
type FulcioKeyVal struct {
Identity string `json:"identity"`
Issuer string `json:"issuer,omitempty"`
}
func GetFulcioKeyVal ¶
func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)
type Key ¶
type Key struct {
Type string `json:"keytype"`
Scheme string `json:"scheme"`
Algorithms []string `json:"keyid_hash_algorithms,omitempty"`
Value json.RawMessage `json:"keyval"`
// contains filtered or unexported fields
}
func FulcioVerificationKey ¶
func (*Key) ContainsID ¶
type MetadataStatus ¶
type Root ¶
type Root struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int `json:"version"`
Expires time.Time `json:"expires"`
Keys map[string]*Key `json:"keys"`
Roles map[string]*Role `json:"roles"`
Namespace string `json:"namespace"`
ConsistentSnapshot bool `json:"consistent_snapshot"`
}
type RootStatus ¶
type RootStatus struct {
Local string `json:"local"`
Remote string `json:"remote"`
Metadata map[string]MetadataStatus `json:"metadata"`
Targets []string `json:"targets"`
}
JSON output representing the configured root status
func GetRootStatus ¶
func GetRootStatus(ctx context.Context) (*RootStatus, error)
GetRootStatus gets the current root status for info logging
type Signed ¶
type Signed struct {
Signed json.RawMessage `json:"signed"`
Signatures []Signature `json:"signatures"`
}
func (*Signed) AddOrUpdateSignature ¶
type StatusKind ¶
type StatusKind int
const ( UnknownStatus StatusKind = iota Active Expired )
func (StatusKind) MarshalText ¶
func (s StatusKind) MarshalText() ([]byte, error)
func (StatusKind) String ¶
func (s StatusKind) String() string
func (*StatusKind) UnmarshalText ¶
func (s *StatusKind) UnmarshalText(text []byte) error
type TUF ¶
func (*TUF) GetTargetsByMeta ¶
func (t *TUF) GetTargetsByMeta(usage UsageKind, fallbacks []string) ([]TargetFile, error)
Get target files by a custom usage metadata tag. If there are no files found, use the fallback target names to fetch the targets by name.
type TargetFile ¶
type TargetFile struct {
Target []byte
Status StatusKind
}
type TestSigstoreRoot ¶
type TestSigstoreRoot struct {
Rekor signature.Verifier
FulcioCertificate *x509.Certificate
}
type UsageKind ¶
type UsageKind int
func (UsageKind) MarshalText ¶
func (*UsageKind) UnmarshalText ¶
Source Files
Click to show internal directories.
Click to hide internal directories.