package tuf

sigstore-go – github.com/sigstore/sigstore-go/pkg/tuf Index | Files

import "github.com/sigstore/sigstore-go/pkg/tuf"

Index ¶

Constants
func DefaultRoot() []byte
func StagingRoot() []byte
func URLToPath(url string) string
type Client

func DefaultClient() (*Client, error)
func New(opts *Options) (*Client, error)
func (c *Client) GetTarget(target string) ([]byte, error)
func (c *Client) Refresh() error

type Config

func LoadConfig(p string) (*Config, error)
func (c *Config) Persist(p string) error

type Options

func DefaultOptions() *Options
func (o *Options) WithCachePath(path string) *Options
func (o *Options) WithCacheValidity(days int) *Options
func (o *Options) WithDisableConsistentSnapshot() *Options
func (o *Options) WithDisableLocalCache() *Options
func (o *Options) WithFetcher(f fetcher.Fetcher) *Options
func (o *Options) WithForceCache() *Options
func (o *Options) WithRepositoryBaseURL(url string) *Options
func (o *Options) WithRoot(root []byte) *Options

Constants ¶

const (
	DefaultMirror = "https://tuf-repo-cdn.sigstore.dev"
	StagingMirror = "https://tuf-repo-cdn.sigstage.dev"

	// The following caching values can be used for the CacheValidity option
	NoCache  = 0
	MaxCache = math.MaxInt
)

Functions ¶

func DefaultRoot ¶

func DefaultRoot() []byte

DefaultRoot returns the root.json for the public good instance

func StagingRoot ¶

func StagingRoot() []byte

StagingRoot returns the root.json for the staging instance

func URLToPath ¶

func URLToPath(url string) string

URLToPath converts a URL to a filename-compatible string

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is a Sigstore TUF client

func DefaultClient ¶

func DefaultClient() (*Client, error)

DefaultClient returns a Sigstore TUF client for the public good instance

func New ¶

func New(opts *Options) (*Client, error)

New returns a new client with custom options

func (*Client) GetTarget ¶

func (c *Client) GetTarget(target string) ([]byte, error)

GetTarget returns a target file from the TUF repository

func (*Client) Refresh ¶

func (c *Client) Refresh() error

Refresh forces a refresh of the underlying TUF client. As the tuf client updater does not support multiple refreshes during its life-time, this will replace the TUF client updater with a new one.

type Config ¶

type Config struct {
	LastTimestamp time.Time `json:"lastTimestamp"`
}

func LoadConfig ¶

func LoadConfig(p string) (*Config, error)

func (*Config) Persist ¶

func (c *Config) Persist(p string) error

type Options ¶

type Options struct {
	// CacheValidity period in days (default 0). The client will persist a
	// timestamp with the cache after refresh. Note that the client will
	// always refresh the cache if the metadata is expired or if the client is
	// unable to find a persisted timestamp, so this is not an optimal control
	// for air-gapped environments. Use const MaxCache to update the cache when
	// the metadata is expired, though the first initialization will still
	// refresh the cache.
	CacheValidity int
	// ForceCache controls if the cache should be used without update
	// as long as the metadata is valid. Use ForceCache over CacheValidity
	// if you want to always use the cache up until its expiration. Note that
	// the client will refresh the cache once the metadata has expired, so this
	// is not an optimal control for air-gapped environments. Clients instead
	// should provide a trust root file directly to the client to bypass TUF.
	ForceCache bool
	// Root is the TUF trust anchor
	Root []byte
	// CachePath is the location on disk for TUF cache
	// (default $HOME/.sigstore/tuf)
	CachePath string
	// RepositoryBaseURL is the TUF repository location URL
	// (default https://tuf-repo-cdn.sigstore.dev)
	RepositoryBaseURL string
	// DisableLocalCache mode allows a client to work on a read-only
	// files system if this is set, cache path is ignored.
	DisableLocalCache bool
	// DisableConsistentSnapshot
	DisableConsistentSnapshot bool
	// Fetcher is the metadata fetcher
	Fetcher fetcher.Fetcher
}

Options represent the various options for a Sigstore TUF Client

func DefaultOptions ¶

func DefaultOptions() *Options

DefaultOptions returns an options struct for the public good instance

func (*Options) WithCachePath ¶

func (o *Options) WithCachePath(path string) *Options

WithCachePath sets the location on disk for TUF cache

func (*Options) WithCacheValidity ¶

func (o *Options) WithCacheValidity(days int) *Options

WithCacheValidity sets the cache validity period in days

func (*Options) WithDisableConsistentSnapshot ¶

func (o *Options) WithDisableConsistentSnapshot() *Options

WithDisableConsistentSnapshot sets the client to disable consistent snapshot

func (*Options) WithDisableLocalCache ¶

func (o *Options) WithDisableLocalCache() *Options

WithDisableLocalCache sets the client to work on a read-only file system

func (*Options) WithFetcher ¶

func (o *Options) WithFetcher(f fetcher.Fetcher) *Options

WithFetcher sets the metadata fetcher

func (*Options) WithForceCache ¶

func (o *Options) WithForceCache() *Options

WithForceCache forces the client to use the cache without updating

func (*Options) WithRepositoryBaseURL ¶

func (o *Options) WithRepositoryBaseURL(url string) *Options

WithRepositoryBaseURL sets the TUF repository location URL

func (*Options) WithRoot ¶

func (o *Options) WithRoot(root []byte) *Options

WithRoot sets the TUF trust anchor

Source Files ¶

client.go config.go options.go

Version: v1.1.1 (latest)
Published: Aug 5, 2025
Platform: linux/amd64
Imports: 12 packages
Last checked: 8 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples