cosign

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CosignVerifier 

type CosignVerifier struct {
	// contains filtered or unexported fields
}

CosignVerifier is a struct which is responsible for executing verification logic.

func (*CosignVerifier) Verify 

func (v *CosignVerifier) Verify(ctx context.Context, ref name.Reference) (soci.VerificationResult, error)

Verify verifies the authenticity of the given ref OCI image. Both cosign v2 signatures and cosign v3 bundles are supported by attempting to discover bundles before verification. Bundles can be located either via the OCI 1.1 referrer API or an OCI 1.0 referrer tag. It returns a boolean indicating if the verification was successful. It returns an error if the verification fails, nil otherwise.

type CosignVerifierFactory added in v1.8.0 

type CosignVerifierFactory struct {
	// contains filtered or unexported fields
}

CosignVerifierFactory is a factory for creating Verifiers with shared state. A mutex is used to ensure a TUF trustedRoot is initialized and shared for all NewCosignVerifier's. In the event that a trustedRoot can't be initialized, the factory rate-limits creation based on an internal retryInterval. Only the v3/bundle compatible trustedRoot is shared by the factory. Keys for v2 retain the behavior from previous versions of Flux.

func NewCosignVerifierFactory added in v1.8.0 

func NewCosignVerifierFactory() *CosignVerifierFactory

NewCosignVerifierFactory initializes a new CosignVerifierFactory. TrustedRoot creation attempts are rate-limited to every minute.

func (*CosignVerifierFactory) NewCosignVerifier added in v1.8.0 

func (f *CosignVerifierFactory) NewCosignVerifier(ctx context.Context, opts ...Options) (*CosignVerifier, error)

NewCosignVerifier initializes a new CosignVerifier using the factory's shared state.

type Options 

type Options func(opts *options)

Options is a function that configures the options applied to a Verifier.

func WithIdentities 

func WithIdentities(identities []cosign.Identity) Options

WithIdentities specifies the identity matchers that have to be met for the signature to be deemed valid.

func WithPublicKey 

func WithPublicKey(publicKey []byte) Options

WithPublicKey sets the public key.

func WithRemoteOptions 

func WithRemoteOptions(opts ...remote.Option) Options

WithRemoteOptions is a functional option for overriding the default remote options used by the verifier.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.