Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation for file signing verification. #68

Merged
merged 28 commits into from
Jul 4, 2022
Merged

Implementation for file signing verification. #68

Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
b99154a
WIP Implementation for file signing verification.
matglas May 23, 2022
739a169
Adjust VerifyFileInternal return values.
matglas May 23, 2022
cb826e8
Function documentation added.
matglas May 23, 2022
8a3d1af
Wrap PayloadBytes to allow mocking.
matglas May 23, 2022
f245a46
Wrap error for context.
matglas May 24, 2022
f7dd958
Wrap for FindTLogEntriesByPayload and NewRekorClient.
matglas May 24, 2022
53a4d1e
Ran go mod tidy.
matglas May 31, 2022
c8a75b0
Fixed some linting and original tests.
matglas May 31, 2022
56e8e05
Fixed some changed arguments after rebase.
matglas Jun 13, 2022
96c13b7
Refactor SignedObject, adjust tests.
matglas Jun 13, 2022
d9edd8e
Adjust var based on gocritic.
matglas Jun 13, 2022
3001af8
Adding set of tests
matglas Jun 13, 2022
65d353d
Fix comments.
matglas Jun 13, 2022
a5624a1
Update go.mod
matglas Jun 14, 2022
641d36b
Run go mod tidy.
matglas Jun 14, 2022
45ea61b
Ran go fmt.
matglas Jun 14, 2022
38f82fa
Fixing whitespace formatting.
matglas Jun 14, 2022
3a6d674
Adjust methods to work with identityToken.
matglas Jun 24, 2022
36b8d53
Go mod tidy.
matglas Jun 24, 2022
664f4a3
Restore comment on SignedObject.
matglas Jun 24, 2022
92781ae
Adjusting verify key options for file verify to use public key.
matglas Jun 28, 2022
f5913de
Making path a clear dummy patch.
matglas Jun 29, 2022
470a746
Replace FileSha256 with utils function.
matglas Jun 29, 2022
46fc9a2
Hide the use of ko in IsFileSigned arguments.
matglas Jun 29, 2022
5aca9ff
Swap sha256 and IsFileSigned inside VerifyFile.
matglas Jun 29, 2022
d6d1549
Adding SignedFile struct doc.
matglas Jun 29, 2022
9c68ccb
Fix verify file test.
matglas Jun 29, 2022
1f44d54
Fix incorrect type cast.
matglas Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 24 additions & 26 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ require (
github.com/magefile/mage v1.13.0
github.com/maxbrunsfeld/counterfeiter/v6 v6.5.0
github.com/sigstore/cosign v1.9.1-0.20220614200746-190e679f4cf8
github.com/sigstore/rekor v0.8.0
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.4
golang.org/x/oauth2 v0.0.0-20220524215830-622c5d57e401
Expand All @@ -19,7 +20,7 @@ require (
)

require (
bitbucket.org/creachadair/shell v0.0.6 // indirect
bitbucket.org/creachadair/shell v0.0.7 // indirect
cloud.google.com/go/compute v1.6.1 // indirect
cuelang.org/go v0.4.3 // indirect
github.com/Azure/azure-sdk-for-go v65.0.0+incompatible // indirect
Expand All @@ -36,8 +37,6 @@ require (
github.com/PaesslerAG/gval v1.0.0 // indirect
github.com/PaesslerAG/jsonpath v0.1.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/andybalholm/brotli v1.0.3 // indirect
Expand Down Expand Up @@ -88,7 +87,7 @@ require (
github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
github.com/form3tech-oss/jwt-go v3.2.5+incompatible // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/fullstorydev/grpcurl v1.8.2 // indirect
github.com/fullstorydev/grpcurl v1.8.6 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-git/gcfg v1.5.0 // indirect
Expand All @@ -97,17 +96,17 @@ require (
github.com/go-openapi/analysis v0.21.2 // indirect
github.com/go-openapi/errors v0.20.2 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/loads v0.21.1 // indirect
github.com/go-openapi/runtime v0.24.1 // indirect
github.com/go-openapi/spec v0.20.4 // indirect
github.com/go-openapi/spec v0.20.6 // indirect
github.com/go-openapi/strfmt v0.21.2 // indirect
github.com/go-openapi/swag v0.21.1 // indirect
github.com/go-openapi/validate v0.21.0 // indirect
github.com/go-openapi/validate v0.22.0 // indirect
github.com/go-piv/piv-go v1.9.0 // indirect
github.com/go-playground/locales v0.14.0 // indirect
github.com/go-playground/universal-translator v0.18.0 // indirect
github.com/go-playground/validator/v10 v10.10.0 // indirect
github.com/go-playground/validator/v10 v10.11.0 // indirect
github.com/go-stack/stack v1.8.1 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
Expand All @@ -123,7 +122,7 @@ require (
github.com/google/go-github/v42 v42.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/trillian v1.4.0 // indirect
github.com/google/trillian v1.4.1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect
Expand All @@ -137,10 +136,10 @@ require (
github.com/in-toto/in-toto-golang v0.3.4-0.20211211042327-af1f9fb822bf // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20210703085342-c1f07ee84431 // indirect
github.com/jhump/protoreflect v1.9.0 // indirect
github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
github.com/jhump/protoreflect v1.10.3 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/jonboulle/clockwork v0.3.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
Expand Down Expand Up @@ -172,9 +171,9 @@ require (
github.com/pierrec/lz4/v4 v4.1.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_golang v1.12.1 // indirect
github.com/prometheus/client_golang v1.12.2 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/common v0.34.0 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/protocolbuffers/txtpbfmt v0.0.0-20201118171849-f6a6b3f636fc // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
Expand All @@ -186,7 +185,6 @@ require (
github.com/sergi/go-diff v1.2.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/sigstore/fulcio v0.1.2-0.20220114150912-86a2036f9bc7 // indirect
github.com/sigstore/rekor v0.4.1-0.20220114213500-23f583409af3 // indirect
github.com/sigstore/sigstore v1.2.1-0.20220614141825-9c0e2e247545 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/soheilhy/cmux v0.1.5 // indirect
Expand All @@ -206,7 +204,7 @@ require (
github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802 // indirect
github.com/transparency-dev/merkle v0.0.1 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/urfave/cli v1.22.5 // indirect
github.com/urfave/cli v1.22.7 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xanzy/go-gitlab v0.68.0 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
Expand All @@ -221,16 +219,16 @@ require (
go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect
go.etcd.io/etcd/client/v2 v2.305.4 // indirect
go.etcd.io/etcd/client/v3 v3.5.4 // indirect
go.etcd.io/etcd/etcdctl/v3 v3.5.0 // indirect
go.etcd.io/etcd/etcdutl/v3 v3.5.0 // indirect
go.etcd.io/etcd/pkg/v3 v3.5.0 // indirect
go.etcd.io/etcd/raft/v3 v3.5.0 // indirect
go.etcd.io/etcd/server/v3 v3.5.0 // indirect
go.etcd.io/etcd/tests/v3 v3.5.0 // indirect
go.etcd.io/etcd/v3 v3.5.0 // indirect
go.etcd.io/etcd/etcdctl/v3 v3.5.4 // indirect
go.etcd.io/etcd/etcdutl/v3 v3.5.4 // indirect
go.etcd.io/etcd/pkg/v3 v3.5.4 // indirect
go.etcd.io/etcd/raft/v3 v3.5.4 // indirect
go.etcd.io/etcd/server/v3 v3.5.4 // indirect
go.etcd.io/etcd/tests/v3 v3.5.4 // indirect
go.etcd.io/etcd/v3 v3.5.4 // indirect
go.mongodb.org/mongo-driver v1.8.3 // indirect
go.opencensus.io v0.23.0 // indirect
go.opentelemetry.io/contrib v1.3.0 // indirect
go.opentelemetry.io/contrib v1.6.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0 // indirect
go.opentelemetry.io/otel v0.20.0 // indirect
go.opentelemetry.io/otel/exporters/otlp v0.20.0 // indirect
Expand All @@ -241,7 +239,7 @@ require (
go.opentelemetry.io/otel/trace v0.20.0 // indirect
go.opentelemetry.io/proto/otlp v0.12.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.7.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
Expand All @@ -260,7 +258,7 @@ require (
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.66.4 // indirect
gopkg.in/ini.v1 v1.66.6 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
Expand Down
Loading