-
Notifications
You must be signed in to change notification settings - Fork 15
/
sign.go
66 lines (56 loc) · 1.73 KB
/
sign.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Copyright © 2023 Intel Corporation
// SPDX-License-Identifier: Apache-2.0
package cmd
import (
"fmt"
"os"
"path/filepath"
"aconcli/repo"
"github.com/spf13/cobra"
)
var resign bool = false
var signCmd = &cobra.Command{
Use: "sign manifest",
Short: "Sign an ACON image",
GroupID: "image",
Long: `
Sign the specified ACON image/manifest and store the signature in the ACON
image repo.
When signing a manifest for the first time, both a private key file and its
corresponding certificate file must be specified. The certificate file is used
to determine the hash algorithm when creating the digital signature. 'aconcli
sign' keeps symlinks (in the ACON image repo) to the private key and
certificate files to facilitate future re-signing.
When re-signing a manifest, 'aconcli sign' reuses the private key and
certifcate files by default, and can be overridden by respective command line
flags.
`,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
return signManifest(args)
},
}
func signManifest(args []string) error {
manifestFile := args[0]
startingDir := filepath.Dir(manifestFile)
if targetDir != "" {
startingDir = targetDir
}
r, err := repo.FindRepo(startingDir)
if err != nil {
fmt.Fprintf(os.Stderr, "Sign Manifest: %v\n", err)
return err
}
if err := r.CommitManifest(manifestFile, certFile, privFile); err != nil {
fmt.Fprintf(os.Stderr, "Sign Manifest: cannot sign manifest %s: %v\n", manifestFile, err)
return err
}
return nil
}
func init() {
rootCmd.AddCommand(signCmd)
signCmd.Flags().StringVarP(&privFile, "key", "k", "",
"path of the private key file")
signCmd.Flags().StringVarP(&certFile, "cert", "c", "",
"path of the certificate file to get the hash algorithm from")
}