attest/pkg/attest/sign.go

package attest

import (
	"context"
	"fmt"

	"github.com/docker/attest/pkg/attestation"
	v1 "github.com/google/go-containerregistry/pkg/v1"
	"github.com/secure-systems-lab/go-securesystemslib/dsse"
)

// this is only relevant if there are (unsigned) in-toto statements.
func SignStatements(ctx context.Context, idx v1.ImageIndex, signer dsse.SignerVerifier, opts *attestation.SigningOptions) ([]*attestation.Manifest, error) {
	// extract attestation manifests from index
	attestationManifests, err := attestation.ManifestsFromIndex(idx)
	if err != nil {
		return nil, fmt.Errorf("failed to load attestation manifests from index: %w", err)
	}
	// sign every attestation layer in each manifest
	for _, manifest := range attestationManifests {
		for _, layer := range manifest.OriginalLayers {
			err = manifest.Add(ctx, signer, layer.Statement, opts)
			if err != nil {
				return nil, fmt.Errorf("failed to sign attestation layer %w", err)
			}
		}
	}
	return attestationManifests, nil
}
feat: add attest sign/verify 2024-04-29 12:52:39 -05:00			`package attest`

feat: add attest sign/verify 2024-04-29 15:02:21 -05:00			`import (`
			`"context"`
			`"fmt"`

			`"github.com/docker/attest/pkg/attestation"`
			`v1 "github.com/google/go-containerregistry/pkg/v1"`
			`"github.com/secure-systems-lab/go-securesystemslib/dsse"`
			`)`

fix: standardize casing of initialisms (#112) * fix: standardize casing of initialisms * fix: rename intoto -> inToto and Intoto to InToto * fix: fix all linting errors 2024-08-01 15:35:15 +01:00			`// this is only relevant if there are (unsigned) in-toto statements.`
			`func SignStatements(ctx context.Context, idx v1.ImageIndex, signer dsse.SignerVerifier, opts attestation.SigningOptions) ([]attestation.Manifest, error) {`
refactor: SignIndexAttestations 2024-04-30 12:23:07 -05:00			`// extract attestation manifests from index`
fix: cyclical imports 2024-08-12 14:49:52 -05:00			`attestationManifests, err := attestation.ManifestsFromIndex(idx)`
feat: add attest sign/verify 2024-04-29 15:02:21 -05:00			`if err != nil {`
Unify functions for use in `sign` & `verify --vsa` (#71) * Use receivers for manifest functions * Move SaveImage/SaveIndex from image-signing-verifier * Ignore test fixtures in coverage * Add AddImagesToIndex function 2024-07-05 09:29:14 +01:00			`return nil, fmt.Errorf("failed to load attestation manifests from index: %w", err)`
feat: add attest sign/verify 2024-04-29 15:02:21 -05:00			`}`
refactor: SignIndexAttestations 2024-04-30 12:23:07 -05:00			`// sign every attestation layer in each manifest`
			`for _, manifest := range attestationManifests {`
Make referrers attestations OCI compliant (#80) * Single attestation when creating VSA * Create single layer images for referrers attestations * Move mock to test package. Add artifacts test * Add test for envelope detection * Add tests for image/index saving * Add mirror tests * Remove AttestationImage field from AttestationManifest * Update naming. strictReferers != laxReferrers * Add specific test for SaveReferrers 2024-07-16 10:05:17 +01:00			`for _, layer := range manifest.OriginalLayers {`
fix: cyclical imports 2024-08-12 14:49:52 -05:00			`err = manifest.Add(ctx, signer, layer.Statement, opts)`
Make referrers attestations OCI compliant (#80) * Single attestation when creating VSA * Create single layer images for referrers attestations * Move mock to test package. Add artifacts test * Add test for envelope detection * Add tests for image/index saving * Add mirror tests * Remove AttestationImage field from AttestationManifest * Update naming. strictReferers != laxReferrers * Add specific test for SaveReferrers 2024-07-16 10:05:17 +01:00			`if err != nil {`
			`return nil, fmt.Errorf("failed to sign attestation layer %w", err)`
			`}`
feat: add attest sign/verify 2024-04-29 15:02:21 -05:00			`}`
			`}`
Unify functions for use in `sign` & `verify --vsa` (#71) * Use receivers for manifest functions * Move SaveImage/SaveIndex from image-signing-verifier * Ignore test fixtures in coverage * Add AddImagesToIndex function 2024-07-05 09:29:14 +01:00			`return attestationManifests, nil`
feat: add attest sign/verify 2024-04-29 15:02:21 -05:00			`}`