build

package
v0.0.0-...-7c08e93 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package build contains the internal components used to implement the verifier.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ReleaseImplicitMetadata 

type ReleaseImplicitMetadata struct {
	OSV1      note.Verifier
	OSV2      note.Verifier
	AppV      note.Verifier
	BootV     note.Verifier
	RecoveryV note.Verifier
	AllV      note.Verifiers
	Envs      []string
	Cleanup   func()
}

ReleaseImplicitMetadata stores all of the information needed to reproduce and verify releases. This is all of the data that is not passed in-band with the release (i.e. is not in the Makefile or code). In order to be maximally useful this exposes its state as env variables, which is how they are consumed. Some of these point at files, which need to be cleaned up after usage. This cleanup must be done by the owner of this object via the cleanup function.

func NewReleaseImplicitMetadata 

func NewReleaseImplicitMetadata(logV, osV1, osV2, appV, bootV, recoveryV string) (*ReleaseImplicitMetadata, error)

type ReproducibleBuildVerifier 

type ReproducibleBuildVerifier struct {
	// contains filtered or unexported fields
}

ReproducibleBuildVerifier checks out the source code referenced by a manifest and determines whether it can reproduce the final build artifacts.

func NewReproducibleBuildVerifier 

func NewReproducibleBuildVerifier(cleanup bool, tamago Tamago, metadata *ReleaseImplicitMetadata) (*ReproducibleBuildVerifier, error)

NewReproducibleBuildVerifier returns a ReproducibleBuildVerifier that will delete any temporary git repositories after use if cleanup is true, or leave them around for further investigation if false.

func (*ReproducibleBuildVerifier) Verify 

func (v *ReproducibleBuildVerifier) Verify(ctx context.Context, i uint64, manifest []byte) (bool, error)

Verify checks everything that can be checked about a manifest in isolation:

  1. That it is a valid note signed by the correct release signer
  2. That this note contains a valid manifest file
  3. That the binary committed to in the manifest file can be reproducibly built

Returns true if the build was successfully reproduced, false otherwise, or an error if the build process itself failed.

type Tamago 

type Tamago struct {
	// contains filtered or unexported fields
}

func NewTamago 

func NewTamago(dir string) (Tamago, error)

func (Tamago) Envs 

func (t Tamago) Envs(v semver.Version) []string

Envs returns the KEY=value environment assigmnents required to be set for this version of tamago to run.

func (Tamago) Switch 

func (t Tamago) Switch(v semver.Version) error

Switch ensures that the named version of Tamago is installed, or fails with an error.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.