README
¶
tuf
This package implements TUF clients for http and oci data sources.
Documentation
¶
Index ¶
- Constants
- Variables
- func GetEmbeddedRoot(root string) (*embed.EmbeddedRoot, error)
- type Client
- func (t *Client) DownloadTarget(target string, filePath string) (file *TargetFile, err error)
- func (t *Client) GetMetadata() trustedmetadata.TrustedMetadata
- func (t *Client) GetPriorRoots(metadataURL string) (map[string][]byte, error)
- func (t *Client) LoadDelegatedTargets(roleName, parentName string) (*metadata.Metadata[metadata.TargetsType], error)
- func (t *Client) MaxRootLength() int64
- func (t *Client) SetRemoteTargetsURL(url string)
- type DefaultVersionChecker
- type Downloader
- type ImageCache
- type InvalidVersionError
- type Layer
- type Layers
- type MockTufClient
- type MockVersionChecker
- type RegistryFetcher
- type Role
- type Source
- type TargetFile
- type VersionChecker
Examples ¶
Constants ¶
View Source
const ( HTTPSource Source = "http" OCISource Source = "oci" LatestTag string = "latest" )
View Source
const (
TUFFileNameAnnotation = "tuf.io/filename"
)
View Source
const ThisModulePath = "github.com/docker/attest"
Variables ¶
View Source
var ( DockerTUFRootProd = embed.RootProd DockerTUFRootStaging = embed.RootStaging DockerTUFRootDev = embed.RootDev DockerTUFRootDefault = embed.RootDefault )
Functions ¶
func GetEmbeddedRoot ¶ added in v0.2.0
func GetEmbeddedRoot(root string) (*embed.EmbeddedRoot, error)
GetEmbeddedRoot returns the embedded TUF root based on the given root name.
Types ¶
type Client ¶ added in v0.2.0
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶ added in v0.2.0
func NewClient(initialRoot []byte, tufPath, metadataSource, targetsSource string, versionChecker VersionChecker) (*Client, error)
NewClient creates a new TUF client.
Example (Registry) ¶
package main
import (
"os"
"path/filepath"
"github.com/docker/attest/internal/embed"
"github.com/docker/attest/pkg/tuf"
"github.com/theupdateframework/go-tuf/v2/metadata"
)
func main() {
// create a tuf client
home, err := os.UserHomeDir()
if err != nil {
panic(err)
}
tufOutputPath := filepath.Join(home, ".docker", "tuf")
// using oci tuf metadata and targets
metadataURI := "registry-1.docker.io/docker/tuf-metadata:latest"
targetsURI := "registry-1.docker.io/docker/tuf-targets"
registryClient, err := tuf.NewClient(embed.RootStaging.Data, tufOutputPath, metadataURI, targetsURI, tuf.NewMockVersionChecker())
if err != nil {
panic(err)
}
// get trusted tuf metadata
trustedMetadata := registryClient.GetMetadata()
// top-level target files
targets := trustedMetadata.Targets[metadata.TARGETS].Signed.Targets
for _, t := range targets {
// download target files
_, err := registryClient.DownloadTarget(t.Path, filepath.Join(tufOutputPath, "download"))
if err != nil {
panic(err)
}
}
}
func (*Client) DownloadTarget ¶ added in v0.2.0
func (t *Client) DownloadTarget(target string, filePath string) (file *TargetFile, err error)
DownloadTarget downloads the target file using Updater. The Updater gets the target information, verifies if the target is already cached, and if it is not cached, downloads the target file.
func (*Client) GetMetadata ¶ added in v0.2.0
func (t *Client) GetMetadata() trustedmetadata.TrustedMetadata
func (*Client) GetPriorRoots ¶ added in v0.2.0
func (*Client) LoadDelegatedTargets ¶ added in v0.2.0
func (t *Client) LoadDelegatedTargets(roleName, parentName string) (*metadata.Metadata[metadata.TargetsType], error)
Derived from updater.loadTargets() in theupdateframework/go-tuf.
func (*Client) MaxRootLength ¶ added in v0.2.0
func (*Client) SetRemoteTargetsURL ¶ added in v0.2.0
type DefaultVersionChecker ¶ added in v0.2.0
type DefaultVersionChecker struct{}
func NewDefaultVersionChecker ¶ added in v0.2.0
func NewDefaultVersionChecker() *DefaultVersionChecker
func (*DefaultVersionChecker) CheckVersion ¶ added in v0.2.0
func (vc *DefaultVersionChecker) CheckVersion(client Downloader) error
type Downloader ¶ added in v0.2.0
type Downloader interface {
DownloadTarget(target, filePath string) (file *TargetFile, err error)
}
type ImageCache ¶
type ImageCache struct {
// contains filtered or unexported fields
}
func NewImageCache ¶
func NewImageCache() *ImageCache
type InvalidVersionError ¶ added in v0.1.4
func (*InvalidVersionError) Error ¶ added in v0.1.4
func (e *InvalidVersionError) Error() string
type MockTufClient ¶ added in v0.2.0
type MockTufClient struct {
// contains filtered or unexported fields
}
func NewMockTufClient ¶
func NewMockTufClient(srcPath string, dstPath string) *MockTufClient
func (*MockTufClient) DownloadTarget ¶ added in v0.2.0
func (dc *MockTufClient) DownloadTarget(target string, filePath string) (file *TargetFile, err error)
type MockVersionChecker ¶ added in v0.2.0
type MockVersionChecker struct {
// contains filtered or unexported fields
}
func NewMockVersionChecker ¶ added in v0.1.4
func NewMockVersionChecker() *MockVersionChecker
func (*MockVersionChecker) CheckVersion ¶ added in v0.2.0
func (vc *MockVersionChecker) CheckVersion(_ Downloader) error
type RegistryFetcher ¶
type RegistryFetcher struct {
// contains filtered or unexported fields
}
RegistryFetcher implements Fetcher.
func NewRegistryFetcher ¶
func NewRegistryFetcher(metadataRepo, metadataTag, targetsRepo string) *RegistryFetcher
func (*RegistryFetcher) DownloadFile ¶
func (d *RegistryFetcher) DownloadFile(urlPath string, maxLength int64, timeout time.Duration) ([]byte, error)
DownloadFile downloads a file from an OCI registry, errors out if it failed, its length is larger than maxLength or the timeout is reached.
type TargetFile ¶ added in v0.3.1
type VersionChecker ¶ added in v0.1.4
type VersionChecker interface {
// CheckVersion checks if the current version of this library meets the constraints from the TUF repo
CheckVersion(tufClient Downloader) error
}
Source Files
Click to show internal directories.
Click to hide internal directories.