mirror

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 22, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Examples

Constants

View Source 
const (
	DefaultMetadataURL = "https://docker.github.io/tuf-staging/metadata"
	DefaultTargetsURL  = "https://docker.github.io/tuf-staging/targets"
)

Variables

View Source 
var TufRoles = []TufRole{metadata.ROOT, metadata.SNAPSHOT, metadata.TARGETS, metadata.TIMESTAMP}

Functions

func PushToRegistry 

func PushToRegistry(image any, imageName string) error

func SaveAsOCILayout 

func SaveAsOCILayout(image any, path string) error

Types

type DelegatedTargetMetadata 

type DelegatedTargetMetadata struct {
	Name    string
	Version string
	Data    []byte
}

type MirrorImage 

type MirrorImage struct {
	Image *v1.Image
	Tag   string
}

type MirrorIndex 

type MirrorIndex struct {
	Index *v1.ImageIndex
	Tag   string
}

type TufMetadata 

type TufMetadata struct {
	Root      map[string][]byte
	Snapshot  map[string][]byte
	Targets   map[string][]byte
	Timestamp []byte
}

type TufMirror 

type TufMirror struct {
	TufClient *tuf.TufClient
	// contains filtered or unexported fields
}

func NewTufMirror 

func NewTufMirror(root []byte, tufPath, metadataURL, targetsURL string, versionChecker tuf.VersionChecker) (*TufMirror, error)
Example 
package main

import (
	"fmt"
	"os"
	"path/filepath"
	"strings"

	"github.com/docker/attest/internal/embed"
	"github.com/docker/attest/pkg/mirror"
	"github.com/docker/attest/pkg/tuf"
	v1 "github.com/google/go-containerregistry/pkg/v1"
)

type TufMirrorOutput struct {
	metadata          *v1.Image
	delegatedMetadata []*mirror.MirrorImage
	targets           []*mirror.MirrorImage
	delegatedTargets  []*mirror.MirrorIndex
}

func main() {
	home, err := os.UserHomeDir()
	if err != nil {
		panic(err)
	}
	tufOutputPath := filepath.Join(home, ".docker", "tuf")

	// configure TUF mirror
	metadataURI := "https://docker.github.io/tuf-staging/metadata"
	targetsURI := "https://docker.github.io/tuf-staging/targets"
	m, err := mirror.NewTufMirror(embed.StagingRoot, tufOutputPath, metadataURI, targetsURI, tuf.NewMockVersionChecker())
	if err != nil {
		panic(err)
	}

	// create metadata manifest
	metadataManifest, err := m.GetMetadataManifest(metadataURI)
	if err != nil {
		panic(err)
	}
	// create delegated targets metadata manifests
	delegatedMetadata, err := m.GetDelegatedMetadataMirrors()
	if err != nil {
		panic(err)
	}

	// create targets manifest
	targets, err := m.GetTufTargetMirrors()
	if err != nil {
		panic(err)
	}
	// create delegated targets manifests
	delegatedTargets, err := m.GetDelegatedTargetMirrors()
	if err != nil {
		panic(err)
	}

	mirrorOutput := &TufMirrorOutput{
		metadata:          metadataManifest,
		delegatedMetadata: delegatedMetadata,
		targets:           targets,
		delegatedTargets:  delegatedTargets,
	}

	// push metadata and targets to registry (optional)
	err = mirrorToRegistry(mirrorOutput)
	if err != nil {
		panic(err)
	}

	// save metadata and targets to local directory (optional)
	mirrorOutputPath := filepath.Join(home, ".docker", "tuf", "mirror")
	err = mirrorToLocal(mirrorOutput, mirrorOutputPath)
	if err != nil {
		panic(err)
	}
}

func mirrorToRegistry(o *TufMirrorOutput) error {
	// push metadata to registry
	metadataRepo := "registry-1.docker.io/docker/tuf-metadata:latest"
	err := mirror.PushToRegistry(o.metadata, metadataRepo)
	if err != nil {
		return err
	}
	// push delegated metadata to registry
	for _, metadata := range o.delegatedMetadata {
		repo, _, ok := strings.Cut(metadataRepo, ":")
		if !ok {
			return fmt.Errorf("failed to get repo without tag: %s", metadataRepo)
		}
		imageName := fmt.Sprintf("%s:%s", repo, metadata.Tag)
		err = mirror.PushToRegistry(metadata.Image, imageName)
		if err != nil {
			return err
		}
	}

	// push top-level targets to registry
	targetsRepo := "registry-1.docker.io/docker/tuf-targets"
	for _, target := range o.targets {
		imageName := fmt.Sprintf("%s:%s", targetsRepo, target.Tag)
		err = mirror.PushToRegistry(target.Image, imageName)
		if err != nil {
			return err
		}
	}
	// push delegated targets to registry
	for _, target := range o.delegatedTargets {
		imageName := fmt.Sprintf("%s:%s", targetsRepo, target.Tag)
		err = mirror.PushToRegistry(target.Index, imageName)
		if err != nil {
			return err
		}
	}
	return nil
}

func mirrorToLocal(o *TufMirrorOutput, outputPath string) error {
	// output metadata to local directory
	err := mirror.SaveAsOCILayout(o.metadata, outputPath)
	if err != nil {
		return err
	}
	// output delegated metadata to local directory
	for _, metadata := range o.delegatedMetadata {
		path := filepath.Join(outputPath, metadata.Tag)
		err = mirror.SaveAsOCILayout(metadata.Image, path)
		if err != nil {
			return err
		}
	}

	// output top-level targets to local directory
	for _, target := range o.targets {
		path := filepath.Join(outputPath, target.Tag)
		err = mirror.SaveAsOCILayout(target.Image, path)
		if err != nil {
			return err
		}
	}
	// output delegated targets to local directory
	for _, target := range o.delegatedTargets {
		path := filepath.Join(outputPath, target.Tag)
		err = mirror.SaveAsOCILayout(target.Index, path)
		if err != nil {
			return err
		}
	}
	return nil
}

func (*TufMirror) GetDelegatedMetadataMirrors 

func (m *TufMirror) GetDelegatedMetadataMirrors() ([]*MirrorImage, error)

GetDelegatedMetadataMirrors returns a list of mirrors (image/tag pairs) for each delegated targets role metadata

func (*TufMirror) GetDelegatedTargetMirrors 

func (m *TufMirror) GetDelegatedTargetMirrors() ([]*MirrorIndex, error)

GetDelegatedTargetMirrors returns a list of delegated target files as MirrorIndexes (image index with tag) each image in the index contains a delegated target file

func (*TufMirror) GetMetadataManifest 

func (m *TufMirror) GetMetadataManifest(metadataURL string) (*v1.Image, error)

GetMetadataManifest returns an image with TUF root metadata as layers

func (*TufMirror) GetTufTargetMirrors 

func (m *TufMirror) GetTufTargetMirrors() ([]*MirrorImage, error)

GetTufTargetMirrors returns a list of top-level target files as MirrorImages (image with tag)

type TufRole 

type TufRole string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.