/
sign.go
71 lines (58 loc) · 1.95 KB
/
sign.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
// Copyright (c) 2017-2019, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE.md file distributed with the sources of this project regarding your
// rights to use or distribute this software.
package cli
import (
"fmt"
"os"
"github.com/spf13/cobra"
"github.com/sylabs/singularity/docs"
"github.com/sylabs/singularity/internal/pkg/sylog"
"github.com/sylabs/singularity/pkg/signing"
)
var (
privKey int // -k encryption key (index from 'keys list') specification
)
func init() {
SignCmd.Flags().SetInterspersed(false)
SignCmd.Flags().StringVarP(&keyServerURL, "url", "u", defaultKeyServer, "key server URL")
SignCmd.Flags().SetAnnotation("url", "envkey", []string{"URL"})
SignCmd.Flags().Uint32VarP(&sifGroupID, "groupid", "g", 0, "group ID to be signed")
SignCmd.Flags().Uint32VarP(&sifDescID, "id", "i", 0, "descriptor ID to be signed")
SignCmd.Flags().IntVarP(&privKey, "keyidx", "k", -1, "private key to use (index from 'keys list')")
SingularityCmd.AddCommand(SignCmd)
}
// SignCmd singularity sign
var SignCmd = &cobra.Command{
DisableFlagsInUseLine: true,
Args: cobra.ExactArgs(1),
PreRun: sylabsToken,
Run: func(cmd *cobra.Command, args []string) {
// args[0] contains image path
fmt.Printf("Signing image: %s\n", args[0])
if err := doSignCmd(args[0], keyServerURL); err != nil {
sylog.Errorf("signing container failed: %s", err)
os.Exit(2)
}
fmt.Printf("Signature created and applied to %v\n", args[0])
},
Use: docs.SignUse,
Short: docs.SignShort,
Long: docs.SignLong,
Example: docs.SignExample,
}
func doSignCmd(cpath, url string) error {
if sifGroupID != 0 && sifDescID != 0 {
return fmt.Errorf("only one of -i or -g may be set")
}
var isGroup bool
var id uint32
if sifGroupID != 0 {
isGroup = true
id = sifGroupID
} else {
id = sifDescID
}
return signing.Sign(cpath, url, id, isGroup, privKey, authToken)
}