signatures.go

Documentation: github.com/sigstore/cosign/v2/pkg/oci/mutate

     1  //
     2  // Copyright 2021 The Sigstore Authors.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  package mutate
    17  
    18  import (
    19  	v1 "github.com/google/go-containerregistry/pkg/v1"
    20  	"github.com/google/go-containerregistry/pkg/v1/empty"
    21  	"github.com/google/go-containerregistry/pkg/v1/mutate"
    22  	"github.com/sigstore/cosign/v2/internal/pkg/now"
    23  	"github.com/sigstore/cosign/v2/pkg/oci"
    24  )
    25  
    26  const maxLayers = 1000
    27  
    28  // AppendSignatures produces a new oci.Signatures with the provided signatures
    29  // appended to the provided base signatures.
    30  func AppendSignatures(base oci.Signatures, recordCreationTimestamp bool, sigs ...oci.Signature) (oci.Signatures, error) {
    31  	adds := make([]mutate.Addendum, 0, len(sigs))
    32  	for _, sig := range sigs {
    33  		ann, err := sig.Annotations()
    34  		if err != nil {
    35  			return nil, err
    36  		}
    37  		adds = append(adds, mutate.Addendum{
    38  			Layer:       sig,
    39  			Annotations: ann,
    40  		})
    41  	}
    42  
    43  	img, err := mutate.Append(base, adds...)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  
    48  	if recordCreationTimestamp {
    49  		t, err := now.Now()
    50  		if err != nil {
    51  			return nil, err
    52  		}
    53  
    54  		// Set the Created date to time of execution
    55  		img, err = mutate.CreatedAt(img, v1.Time{Time: t})
    56  		if err != nil {
    57  			return nil, err
    58  		}
    59  	}
    60  
    61  	return &sigAppender{
    62  		Image: img,
    63  		base:  base,
    64  		sigs:  sigs,
    65  	}, nil
    66  }
    67  
    68  // ReplaceSignatures produces a new oci.Signatures provided by the base signatures
    69  // replaced with the new oci.Signatures.
    70  func ReplaceSignatures(base oci.Signatures) (oci.Signatures, error) {
    71  	sigs, err := base.Get()
    72  	if err != nil {
    73  		return nil, err
    74  	}
    75  	adds := make([]mutate.Addendum, 0, len(sigs))
    76  	for _, sig := range sigs {
    77  		ann, err := sig.Annotations()
    78  		if err != nil {
    79  			return nil, err
    80  		}
    81  		adds = append(adds, mutate.Addendum{
    82  			Layer:       sig,
    83  			Annotations: ann,
    84  		})
    85  	}
    86  	img, err := mutate.Append(empty.Image, adds...)
    87  	if err != nil {
    88  		return nil, err
    89  	}
    90  	return &sigAppender{
    91  		Image: img,
    92  		base:  base,
    93  		sigs:  []oci.Signature{},
    94  	}, nil
    95  }
    96  
    97  type sigAppender struct {
    98  	v1.Image
    99  	base oci.Signatures
   100  	sigs []oci.Signature
   101  }
   102  
   103  var _ oci.Signatures = (*sigAppender)(nil)
   104  
   105  // Get implements oci.Signatures
   106  func (sa *sigAppender) Get() ([]oci.Signature, error) {
   107  	sl, err := sa.base.Get()
   108  	if err != nil {
   109  		return nil, err
   110  	}
   111  	sumLayers := int64(len(sl) + len(sa.sigs))
   112  	if sumLayers > maxLayers {
   113  		return nil, oci.NewMaxLayersExceeded(sumLayers, maxLayers)
   114  	}
   115  	return append(sl, sa.sigs...), nil
   116  }
   117
View as plain text