Documentation
¶
Overview ¶
Package signing provides cosign-based signing and verification for Zarf packages.
Index ¶
Constants ¶
const CosignDefaultTimeout = 3 * time.Minute
CosignDefaultTimeout is the default timeout for cosign sign and verify operations.
Variables ¶
This section is empty.
Functions ¶
func CosignSignBlobWithOptions ¶
func CosignSignBlobWithOptions(ctx context.Context, blobPath string, opts SignBlobOptions) ([]byte, error)
CosignSignBlobWithOptions signs a blob via cosign's SignBlobCmd. Mirrors cmd/cosign/cli/signblob.go (v3.0.6) SignBlob().RunE.
func CosignVerifyBlobWithOptions ¶
func CosignVerifyBlobWithOptions(ctx context.Context, blobPath string, opts VerifyBlobOptions) error
CosignVerifyBlobWithOptions verifies a blob via cosign's VerifyBlobCmd. Mirrors cmd/cosign/cli/verify.go (v3.0.6) VerifyBlob().RunE.
Types ¶
type BundleInfo ¶
type BundleInfo struct {
Method SigningMethod
Identity string // cert SAN — empty for key-based signatures
Issuer string // OIDC issuer — empty for key-based signatures
HasTSATimestamps bool // true if the bundle contains signed timestamps
}
BundleInfo contains parsed metadata from a Sigstore bundle file.
func ReadBundleInfo ¶
func ReadBundleInfo(bundlePath string) (BundleInfo, error)
ReadBundleInfo parses a Sigstore bundle file and returns its signing metadata.
type SignBlobOptions ¶
type SignBlobOptions struct {
Key string
Base64Output bool
OutputSignature string
BundlePath string
NewBundleFormat bool
SkipConfirmation bool
TlogUpload bool
TSAServerURL string
// UseSigningConfig is set to false by DefaultSignBlobOptions to override
// cosign's default of true, which conflicts with TlogUpload=false in airgap.
UseSigningConfig bool
SecurityKey options.SecurityKeyOptions
Fulcio options.FulcioOptions
Rekor options.RekorOptions
OIDC options.OIDCOptions
Verbose bool
Timeout time.Duration
Password string
PassFunc cosign.PassFunc
Overwrite bool
// Keyless gates zarf-specific sign-side guards on top of cosign's behavior.
// When true, --signing-key is no longer required and ShouldSign returns true
// even without explicit Key/IDToken/Sk material — cosign resolves identity
// via Fulcio/OIDC at sign time.
Keyless bool
// Deprecated: use Key. Removed in v1.0.
KeyRef string
}
SignBlobOptions holds signing configuration for zarf blob operations.
func DefaultSignBlobOptions ¶
func DefaultSignBlobOptions() SignBlobOptions
DefaultSignBlobOptions returns SignBlobOptions seeded with zarf defaults. Divergences from cosign defaults (air-gap):
- TlogUpload=false (cosign default true)
- UseSigningConfig=false (cosign default true) — required because cosign rejects UseSigningConfig=true combined with TlogUpload=false.
func (SignBlobOptions) CheckOverwrite ¶
func (opts SignBlobOptions) CheckOverwrite(ctx context.Context) error
CheckOverwrite errors if any output file exists and Overwrite is false.
func (SignBlobOptions) ShouldSign ¶
func (opts SignBlobOptions) ShouldSign() bool
ShouldSign returns true if any signing key material is configured. KeyRef is included for backward compatibility; it's synced to Key in CosignSignBlobWithOptions.
type SigningMethod ¶
type SigningMethod string
SigningMethod identifies how a Sigstore bundle was signed.
const ( // SigningMethodKeyless indicates a Fulcio-issued certificate bundle (OIDC/keyless). SigningMethodKeyless SigningMethod = "keyless" // SigningMethodKey indicates a public-key bundle. SigningMethodKey SigningMethod = "key" )
type VerifyBlobOptions ¶
type VerifyBlobOptions struct {
Key string
Signature string
BundlePath string
SecurityKey options.SecurityKeyOptions
CertVerify options.CertVerifyOptions
Rekor options.RekorOptions
CommonVerifyOptions options.CommonVerifyOptions
SignatureDigest options.SignatureDigestOptions
TempDir string
Timeout time.Duration
// Deprecated: use Key. Removed in v1.0.
KeyRef string
// Deprecated: use Signature. Removed in v1.0.
SigRef string
}
VerifyBlobOptions holds verification configuration for zarf blob operations.
func DefaultVerifyBlobOptions ¶
func DefaultVerifyBlobOptions() VerifyBlobOptions
DefaultVerifyBlobOptions returns VerifyBlobOptions seeded with zarf defaults. Divergences: IgnoreTlog and IgnoreSCT default to true (cosign default false) for airgap.
Source Files