Last active
July 8, 2024 08:51
-
-
Save asraa/947f1a38afd03af57c7b71d893c36af0 to your computer and use it in GitHub Desktop.
setup-tuf.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "encoding/json" | |
| "flag" | |
| "fmt" | |
| "io" | |
| "os" | |
| "path/filepath" | |
| "strings" | |
| "github.com/theupdateframework/go-tuf" | |
| ) | |
| /* | |
| This script creates a TUF repository and adds targets from a specified target | |
| directory. The target directory should contain all the targets necessary for | |
| the TUF root, in names fulcio_v1.crt.pem, fulcio_intermediate_v1.crt.pem, | |
| ctfe.pub, rekor.pub. If there is no intermediate fulcio, simply do not add | |
| the target in the target directory. | |
| Usage: | |
| $ go run byo-tuf.go --targets targets --dir test | |
| Repository initialized | |
| Created target file at test/staged/targets/fulcio_v1.crt.pem | |
| Created target file at test/staged/targets/fulcio_intermediate_v1.crt.pem | |
| Created target file at test/staged/targets/ctfe.pub | |
| Created target file at test/staged/targets/rekor.pub | |
| Added/staged targets: | |
| * fulcio_v1.crt.pem | |
| * fulcio_intermediate_v1.crt.pem | |
| * ctfe.pub | |
| * rekor.pub | |
| Staged snapshot.json metadata with expiration date: 2022-01-17 16:09:22 +0000 UTC | |
| Staged timestamp.json metadata with expiration date: 2022-01-11 16:09:22 +0000 UTC | |
| Committed successfully | |
| */ | |
| var targets = []string{ | |
| "fulcio_v1.crt.pem", | |
| "fulcio_intermediate_v1.crt.pem", | |
| "ctfe.pub", | |
| "rekor.pub", | |
| } | |
| type customMetadata struct { | |
| Usage string `json:"usage"` | |
| Status string `json:"status"` | |
| } | |
| type sigstoreCustomMetadata struct { | |
| Sigstore customMetadata `json:"sigstore"` | |
| } | |
| func main() { | |
| // Get flag for targets directory. | |
| var targetDir = flag.String("targets", "", "directory containing targets") | |
| // Get flag for repository directory | |
| var dir = flag.String("dir", "", "directory to write repository") | |
| flag.Parse() | |
| if *dir == "" || *targetDir == "" { | |
| panic(flag.ErrHelp) | |
| } | |
| // Initialize a filesystem store in the temp directory. | |
| store := tuf.FileSystemStore(*dir, nil) | |
| r, err := tuf.NewRepoIndent(store, "", " ") | |
| if err != nil { | |
| panic(err) | |
| } | |
| // Initialize a TUF repository. | |
| err = r.Init(false) | |
| if err != nil { | |
| panic(err) | |
| } | |
| // Generate target, snapshot, and timestamp roles and keys. | |
| roles := []string{ | |
| "root", "snapshot", "timestamp", "targets", | |
| } | |
| for _, role := range roles { | |
| _, err = r.GenKey(role) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } | |
| // Copy the targets to the targets folder of the staged repository. | |
| for _, target := range targets { | |
| from, err := os.Open(filepath.Join(*targetDir, target)) | |
| if err != nil { | |
| // Skip non-existent targets, e.g. ctfe.pub | |
| continue | |
| } | |
| defer from.Close() | |
| base := filepath.Base(target) | |
| to, err := os.OpenFile(filepath.Join(*dir, "staged/targets", base), os.O_RDWR|os.O_CREATE, 0666) | |
| if err != nil { | |
| panic(err) | |
| } | |
| defer to.Close() | |
| if _, err := io.Copy(to, from); err != nil { | |
| panic(err) | |
| } | |
| fmt.Fprintln(os.Stderr, "Created target file at ", to.Name()) | |
| usage := "" | |
| if strings.Contains(target, "fulcio") { | |
| usage = "Fulcio" | |
| } else if strings.Contains(target, "ctfe") { | |
| usage = "CTFE" | |
| } else if strings.Contains(target, "rekor") { | |
| usage = "Rekor" | |
| } else { | |
| panic("Unknown target, can't set usage") | |
| } | |
| scmActive, err := json.Marshal(&sigstoreCustomMetadata{Sigstore: customMetadata{Usage: usage, Status: "Active"}}) | |
| if err != nil { | |
| panic(err) | |
| } | |
| // Add target and sign metadata with the targets key. | |
| err = r.AddTarget(base, scmActive) | |
| if err != nil { | |
| panic(err) | |
| } | |
| } | |
| // Create a snapshot of the targets metadata. | |
| err = r.Snapshot() | |
| if err != nil { | |
| panic(err) | |
| } | |
| // Create a timestamp of the snapshot. | |
| err = r.Timestamp() | |
| if err != nil { | |
| panic(err) | |
| } | |
| // Publish all TUF metadata, moving from staging to the final repository. | |
| err = r.Commit() | |
| if err != nil { | |
| panic(err) | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module byo-tuf | |
| go 1.17 | |
| require github.com/theupdateframework/go-tuf v0.0.0-20220107163458-5573c9c8694d | |
| require ( | |
| github.com/secure-systems-lab/go-securesystemslib v0.3.0 // indirect | |
| golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect | |
| golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect | |
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= | |
| github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= | |
| github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= | |
| github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI= | |
| github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= | |
| github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= | |
| github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= | |
| github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= | |
| github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= | |
| github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= | |
| github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= | |
| github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= | |
| github.com/secure-systems-lab/go-securesystemslib v0.3.0 h1:PH0mUKuUSXVEVDbrKMgGPcrqrnKA8gJii614+EKKi7g= | |
| github.com/secure-systems-lab/go-securesystemslib v0.3.0/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U= | |
| github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= | |
| github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | |
| github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= | |
| github.com/theupdateframework/go-tuf v0.0.0-20220107163458-5573c9c8694d h1:wVP+vC+Q4vYBQWuMOwjcGoRj0RBVX0VSlW2bGX0Qx3s= | |
| github.com/theupdateframework/go-tuf v0.0.0-20220107163458-5573c9c8694d/go.mod h1:I0Gs4Tev4hYQ5wiNqN8VJ7qS0gw7KOZNQuckC624RmE= | |
| golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI= | |
| golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= | |
| golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= | |
| golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= | |
| golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | |
| golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= | |
| golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
| golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
| golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= | |
| golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | |
| golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= | |
| golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= | |
| golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= | |
| golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= | |
| golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= | |
| gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= | |
| gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= | |
| gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= | |
| gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= | |
| gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment