tuf

package
v0.1.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Examples

Constants

View Source 
const ThisModulePath = "github.com/docker/attest"
View Source 
const (
	TufFileNameAnnotation = "tuf.io/filename"
)

Variables

View Source 
var (
	DockerTufRootProd    = embed.RootProd
	DockerTufRootStaging = embed.RootStaging
	DockerTufRootDev     = embed.RootDev
	DockerTufRootDefault = embed.RootDefault
)
View Source 
var TufRoles = []TufRole{metadata.ROOT, metadata.SNAPSHOT, metadata.TARGETS, metadata.TIMESTAMP}

Functions

func GetEmbeddedTufRoot added in v0.1.7 

func GetEmbeddedTufRoot(root string) (*embed.EmbeddedRoot, error)

GetEmbeddedTufRoot returns the embedded TUF root based on the given root name

func NewMockTufClient 

func NewMockTufClient(srcPath string, dstPath string) *mockTufClient

func NewMockVersionChecker added in v0.1.4 

func NewMockVersionChecker() *mockVersionChecker

func NewVersionChecker added in v0.1.4 

func NewVersionChecker() *versionChecker

Types

type ImageCache 

type ImageCache struct {
	// contains filtered or unexported fields
}

func NewImageCache 

func NewImageCache() *ImageCache

func (*ImageCache) Get 

func (c *ImageCache) Get(imgRef string) ([]byte, bool)

Get image from cache

func (*ImageCache) Put 

func (c *ImageCache) Put(imgRef string, img []byte)

Add image to cache

type InvalidVersionError added in v0.1.4 

type InvalidVersionError struct {
	AttestVersion     string
	VersionConstraint string
	Errors            []error
}

func (*InvalidVersionError) Error added in v0.1.4 

func (e *InvalidVersionError) Error() string

type Layer 

type Layer struct {
	Annotations map[string]string `json:"annotations"`
	Digest      string            `json:"digest"`
}

type Layers 

type Layers struct {
	Layers    []Layer `json:"layers"`
	Manifests []Layer `json:"manifests"`
	MediaType string  `json:"mediaType"`
}

type RegistryFetcher 

type RegistryFetcher struct {
	// contains filtered or unexported fields
}

RegistryFetcher implements Fetcher

func NewRegistryFetcher 

func NewRegistryFetcher(metadataRepo, metadataTag, targetsRepo string) *RegistryFetcher

func (*RegistryFetcher) DownloadFile 

func (d *RegistryFetcher) DownloadFile(urlPath string, maxLength int64, timeout time.Duration) ([]byte, error)

DownloadFile downloads a file from an OCI registry, errors out if it failed, its length is larger than maxLength or the timeout is reached.

type TUFClient 

type TUFClient interface {
	DownloadTarget(target, filePath string) (actualFilePath string, data []byte, err error)
}

type TufClient 

type TufClient struct {
	// contains filtered or unexported fields
}

func NewTufClient 

func NewTufClient(initialRoot []byte, tufPath, metadataSource, targetsSource string, versionChecker VersionChecker) (*TufClient, error)

NewTufClient creates a new TUF client

Example (Registry) 
package main

import (
	"os"
	"path/filepath"

	"github.com/docker/attest/internal/embed"
	"github.com/docker/attest/pkg/tuf"
	"github.com/theupdateframework/go-tuf/v2/metadata"
)

func main() {
	// create a tuf client
	home, err := os.UserHomeDir()
	if err != nil {
		panic(err)
	}
	tufOutputPath := filepath.Join(home, ".docker", "tuf")

	// using oci tuf metadata and targets
	metadataURI := "registry-1.docker.io/docker/tuf-metadata:latest"
	targetsURI := "registry-1.docker.io/docker/tuf-targets"

	registryClient, err := tuf.NewTufClient(embed.RootStaging.Data, tufOutputPath, metadataURI, targetsURI, tuf.NewMockVersionChecker())
	if err != nil {
		panic(err)
	}

	// get trusted tuf metadata
	trustedMetadata := registryClient.GetMetadata()
	if err != nil {
		panic(err)
	}

	// top-level target files
	targets := trustedMetadata.Targets[metadata.TARGETS].Signed.Targets

	for _, t := range targets {
		// download target files
		_, _, err := registryClient.DownloadTarget(t.Path, filepath.Join(tufOutputPath, "download"))
		if err != nil {
			panic(err)
		}
	}
}

func (*TufClient) DownloadTarget 

func (t *TufClient) DownloadTarget(target string, filePath string) (actualFilePath string, data []byte, err error)

DownloadTarget downloads the target file using Updater. The Updater gets the target information, verifies if the target is already cached, and if it is not cached, downloads the target file.

func (*TufClient) GetMetadata 

func (t *TufClient) GetMetadata() trustedmetadata.TrustedMetadata

func (*TufClient) GetPriorRoots 

func (t *TufClient) GetPriorRoots(metadataURL string) (map[string][]byte, error)

func (*TufClient) LoadDelegatedTargets 

func (t *TufClient) LoadDelegatedTargets(roleName, parentName string) (*metadata.Metadata[metadata.TargetsType], error)

Derived from updater.loadTargets() in theupdateframework/go-tuf

func (*TufClient) MaxRootLength 

func (t *TufClient) MaxRootLength() int64

func (*TufClient) SetRemoteTargetsURL 

func (t *TufClient) SetRemoteTargetsURL(url string)

type TufRole 

type TufRole string

type TufSource 

type TufSource string
const (
	HttpSource TufSource = "http"
	OciSource  TufSource = "oci"
)

type VersionChecker added in v0.1.4 

type VersionChecker interface {
	// CheckVersion checks if the current version of this library meets the constraints from the TUF repo
	CheckVersion(tufClient TUFClient) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.