55 lines
1.3 KiB
Go
55 lines
1.3 KiB
Go
package verification
|
|
|
|
import (
|
|
"embed"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/sigstore/sigstore-go/pkg/tuf"
|
|
)
|
|
|
|
//go:embed embed
|
|
var embeddedRepos embed.FS
|
|
|
|
const GitHubTUFMirror = "https://tuf-repo.github.com"
|
|
|
|
// readEmbeddedRoot reads the embedded trust anchor for the given URL
|
|
func readEmbeddedRoot(url string) ([]byte, error) {
|
|
// the embed file system always uses forward slashes, even on Windows
|
|
p := fmt.Sprintf("embed/%s/root.json", tuf.URLToPath(url))
|
|
|
|
b, err := embeddedRepos.ReadFile(p)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return b, nil
|
|
}
|
|
|
|
func DefaultOptionsWithCacheSetting() *tuf.Options {
|
|
opts := tuf.DefaultOptions()
|
|
|
|
// The CODESPACES environment variable will be set to true in a Codespaces workspace
|
|
if os.Getenv("CODESPACES") == "true" {
|
|
// if the tool is being used in a Codespace, disable the local cache
|
|
// because there is a permissions issue preventing the tuf library
|
|
// from writing the Sigstore cache to the home directory
|
|
opts.DisableLocalCache = true
|
|
}
|
|
|
|
return opts
|
|
}
|
|
|
|
func GitHubTUFOptions() (*tuf.Options, error) {
|
|
opts := DefaultOptionsWithCacheSetting()
|
|
|
|
// replace root and mirror url
|
|
root, err := readEmbeddedRoot(GitHubTUFMirror)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
opts.Root = root
|
|
opts.RepositoryBaseURL = GitHubTUFMirror
|
|
|
|
return opts, nil
|
|
}
|