-
Notifications
You must be signed in to change notification settings - Fork 783
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1869 from mtrmac/generate-keys
Add (skopeo generate-sigstore-key)
- Loading branch information
Showing
79 changed files
with
11,519 additions
and
634 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package main | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"io" | ||
"io/fs" | ||
"os" | ||
|
||
"github.com/containers/image/v5/pkg/cli" | ||
"github.com/containers/image/v5/signature/sigstore" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
type generateSigstoreKeyOptions struct { | ||
outputPrefix string | ||
passphraseFile string | ||
} | ||
|
||
func generateSigstoreKeyCmd() *cobra.Command { | ||
var opts generateSigstoreKeyOptions | ||
cmd := &cobra.Command{ | ||
Use: "generate-sigstore-key [command options] --output-prefix PREFIX", | ||
Short: "Generate a sigstore public/private key pair", | ||
RunE: commandAction(opts.run), | ||
Example: "skopeo generate-sigstore-key --output-prefix my-key", | ||
} | ||
adjustUsage(cmd) | ||
flags := cmd.Flags() | ||
flags.StringVar(&opts.outputPrefix, "output-prefix", "", "Write the keys to `PREFIX`.pub and `PREFIX`.private") | ||
flags.StringVar(&opts.passphraseFile, "passphrase-file", "", "Read a passphrase for the private key from `PATH`") | ||
return cmd | ||
} | ||
|
||
// ensurePathDoesNotExist verifies that path does not refer to an existing file, | ||
// and returns an error if so. | ||
func ensurePathDoesNotExist(path string) error { | ||
switch _, err := os.Stat(path); { | ||
case err == nil: | ||
return fmt.Errorf("Refusing to overwrite existing %q", path) | ||
case errors.Is(err, fs.ErrNotExist): | ||
return nil | ||
default: | ||
return fmt.Errorf("Error checking existence of %q: %w", path, err) | ||
} | ||
} | ||
|
||
func (opts *generateSigstoreKeyOptions) run(args []string, stdout io.Writer) error { | ||
if len(args) != 0 || opts.outputPrefix == "" { | ||
return errors.New("Usage: generate-sigstore-key --output-prefix PREFIX") | ||
} | ||
|
||
pubKeyPath := opts.outputPrefix + ".pub" | ||
privateKeyPath := opts.outputPrefix + ".private" | ||
if err := ensurePathDoesNotExist(pubKeyPath); err != nil { | ||
return err | ||
} | ||
if err := ensurePathDoesNotExist(privateKeyPath); err != nil { | ||
return err | ||
} | ||
|
||
var passphrase string | ||
if opts.passphraseFile != "" { | ||
p, err := cli.ReadPassphraseFile(opts.passphraseFile) | ||
if err != nil { | ||
return err | ||
} | ||
passphrase = p | ||
} else { | ||
p, err := promptForPassphrase(privateKeyPath, os.Stdin, os.Stdout) | ||
if err != nil { | ||
return err | ||
} | ||
passphrase = p | ||
} | ||
|
||
keys, err := sigstore.GenerateKeyPair([]byte(passphrase)) | ||
if err != nil { | ||
return fmt.Errorf("Error generating key pair: %w", err) | ||
} | ||
|
||
if err := os.WriteFile(privateKeyPath, keys.PrivateKey, 0600); err != nil { | ||
return fmt.Errorf("Error writing private key to %q: %w", privateKeyPath, err) | ||
} | ||
if err := os.WriteFile(pubKeyPath, keys.PublicKey, 0644); err != nil { | ||
return fmt.Errorf("Error writing private key to %q: %w", pubKeyPath, err) | ||
} | ||
fmt.Fprintf(stdout, "Key written to %q and %q", privateKeyPath, pubKeyPath) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package main | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestGenerateSigstoreKey(t *testing.T) { | ||
// Invalid command-line arguments | ||
for _, args := range [][]string{ | ||
{}, | ||
{"--output-prefix", "foo", "a1"}, | ||
} { | ||
out, err := runSkopeo(append([]string{"generate-sigstore-key"}, args...)...) | ||
assertTestFailed(t, out, err, "Usage") | ||
} | ||
|
||
// One of the destination files already exists | ||
outputSuffixes := []string{".pub", ".private"} | ||
for _, suffix := range outputSuffixes { | ||
dir := t.TempDir() | ||
prefix := filepath.Join(dir, "prefix") | ||
err := os.WriteFile(prefix+suffix, []byte{}, 0600) | ||
require.NoError(t, err) | ||
out, err := runSkopeo("generate-sigstore-key", | ||
"--output-prefix", prefix, "--passphrase-file", "/dev/null", | ||
) | ||
assertTestFailed(t, out, err, "Refusing to overwrite") | ||
} | ||
|
||
// One of the destinations is inaccessible (simulate by a symlink that tries to | ||
// traverse a non-directory) | ||
for _, suffix := range outputSuffixes { | ||
dir := t.TempDir() | ||
nonDirectory := filepath.Join(dir, "nondirectory") | ||
err := os.WriteFile(nonDirectory, []byte{}, 0600) | ||
require.NoError(t, err) | ||
prefix := filepath.Join(dir, "prefix") | ||
err = os.Symlink(filepath.Join(nonDirectory, "unaccessible"), prefix+suffix) | ||
require.NoError(t, err) | ||
out, err := runSkopeo("generate-sigstore-key", | ||
"--output-prefix", prefix, "--passphrase-file", "/dev/null", | ||
) | ||
assertTestFailed(t, out, err, prefix+suffix) // + an OS-specific error message | ||
} | ||
destDir := t.TempDir() | ||
// Error reading passphrase | ||
out, err := runSkopeo("generate-sigstore-key", | ||
"--output-prefix", filepath.Join(destDir, "prefix"), | ||
"--passphrase-file", filepath.Join(destDir, "this-does-not-exist"), | ||
) | ||
assertTestFailed(t, out, err, "this-does-not-exist") | ||
|
||
// (The interactive passphrase prompting is not yet tested) | ||
|
||
// Error writing outputs is untested: when unit tests run as root, we can’t use permissions on a directory to cause write failures, | ||
// with the --output-prefix mechanism, and refusing to even start writing to pre-exisiting files, directories are the only mechanism | ||
// we have to trigger a write failure. | ||
|
||
// Success | ||
// Just a smoke-test, useability of the keys is tested in the generate implementation. | ||
dir := t.TempDir() | ||
prefix := filepath.Join(dir, "prefix") | ||
passphraseFile := filepath.Join(dir, "passphrase") | ||
err = os.WriteFile(passphraseFile, []byte("some passphrase"), 0600) | ||
require.NoError(t, err) | ||
out, err = runSkopeo("generate-sigstore-key", | ||
"--output-prefix", prefix, "--passphrase-file", passphraseFile, | ||
) | ||
assert.NoError(t, err) | ||
for _, suffix := range outputSuffixes { | ||
assert.Contains(t, out, prefix+suffix) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
% skopeo-generate-sigstore-key(1) | ||
|
||
## NAME | ||
skopeo\-generate-sigstore-key - Generate a sigstore public/private key pair. | ||
|
||
## SYNOPSIS | ||
**skopeo generate-sigstore-key** [*options*] **--output-prefix** _prefix_ | ||
|
||
## DESCRIPTION | ||
|
||
Generates a public/private key pair suitable for creating sigstore image signatures. | ||
The private key is encrypted with a passphrase; | ||
if one is not provided using an option, this command prompts for it interactively. | ||
|
||
The private key is written to _prefix_**.private** . | ||
The private key is written to _prefix_**.pub** . | ||
|
||
## OPTIONS | ||
|
||
**--help**, **-h** | ||
|
||
Print usage statement | ||
|
||
**--output-prefix** _prefix_ | ||
|
||
Mandatory. | ||
Path prefix for the output keys (_prefix_**.private** and _prefix_**.pub**). | ||
|
||
**--passphrase-file** _path_ | ||
|
||
The passphare to use to encrypt the private key. | ||
Only the first line will be read. | ||
A passphrase stored in a file is of questionable security if other users can read this file. | ||
Do not use this option if at all avoidable. | ||
|
||
## EXAMPLES | ||
|
||
```sh | ||
$ skopeo generate-sigstore-key --output-prefix mykey | ||
``` | ||
|
||
# SEE ALSO | ||
skopeo(1), skopeo-copy(1), containers-policy.json(5) | ||
|
||
## AUTHORS | ||
|
||
Miloslav Trmač <mitr@redhat.com> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.