get.porter.sh/porter@v1.3.0/pkg/signing/plugins/notation/notation.go (about) 1 package notation 2 3 import ( 4 "context" 5 "errors" 6 "fmt" 7 "os/exec" 8 9 "get.porter.sh/porter/pkg/portercontext" 10 "get.porter.sh/porter/pkg/signing/plugins" 11 "get.porter.sh/porter/pkg/tracing" 12 ) 13 14 var _ plugins.SigningProtocol = &Signer{} 15 16 // Signer implements an in-memory signer for testing. 17 type Signer struct { 18 19 // Need the key we want to use 20 SigningKey string 21 InsecureRegistry bool 22 } 23 24 func NewSigner(c *portercontext.Context, cfg PluginConfig) *Signer { 25 s := &Signer{ 26 SigningKey: cfg.SigningKey, 27 InsecureRegistry: cfg.InsecureRegistry, 28 } 29 return s 30 } 31 32 func (s *Signer) Connect(ctx context.Context) error { 33 _, log := tracing.StartSpan(ctx) 34 defer log.EndSpan() 35 36 if err := exec.Command("notation", "version").Run(); err != nil { 37 return errors.New("notation was not found") 38 } 39 40 return nil 41 } 42 43 func (s *Signer) Sign(ctx context.Context, ref string) error { 44 _, log := tracing.StartSpan(ctx) 45 defer log.EndSpan() 46 47 args := []string{"sign", ref, "--key", s.SigningKey} 48 if s.InsecureRegistry { 49 args = append(args, "--insecure-registry") 50 } 51 cmd := exec.Command("notation", args...) 52 out, err := cmd.CombinedOutput() 53 if err != nil { 54 return fmt.Errorf("%s: %w", string(out), err) 55 } 56 log.Infof("%s", out) 57 return nil 58 } 59 60 func (s *Signer) Verify(ctx context.Context, ref string) error { 61 _, log := tracing.StartSpan(ctx) 62 defer log.EndSpan() 63 64 args := []string{"verify", ref} 65 if s.InsecureRegistry { 66 args = append(args, "--insecure-registry") 67 } 68 cmd := exec.Command("notation", args...) 69 out, err := cmd.CombinedOutput() 70 if err != nil { 71 return fmt.Errorf("%s: %w", string(out), err) 72 } 73 log.Infof("%s", out) 74 return nil 75 }