├── .github ├── dependabot.yml └── workflows │ └── main.yml ├── .gitignore ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── COPYRIGHT.txt ├── Cargo.lock ├── Cargo.toml ├── LICENSE ├── README.md ├── src ├── main.rs ├── oci.rs ├── policy.rs └── utils.rs └── tests ├── nopanic.ci ├── test.sh └── test_data ├── fulcio_root.pem ├── policy_bad.json └── policy_good.json /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | 2 | 3 | version: 2 4 | updates: 5 | - package-ecosystem: "cargo" # See documentation for possible values 6 | directory: "/" # Location of package manifests 7 | schedule: 8 | interval: "weekly" 9 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: CI 4 | 5 | # Controls when the workflow will run 6 | on: 7 | # Triggers the workflow on push or pull request events but only for the main branch 8 | push: 9 | branches: [ main ] 10 | pull_request: 11 | branches: [ main ] 12 | 13 | # Allows you to run this workflow manually from the Actions tab 14 | workflow_dispatch: 15 | 16 | jobs: 17 | build_and_test: 18 | name: Rust project 19 | strategy: 20 | matrix: 21 | os: [ ubuntu-latest, macOS-latest, windows-latest ] 22 | runs-on: ${{ matrix.os }} 23 | steps: 24 | - uses: actions/checkout@v2 25 | - uses: actions-rs/toolchain@v1 26 | with: 27 | toolchain: stable 28 | 29 | ### FOR WINDOWS ### 30 | - name: Cache vcpkg installed 31 | uses: actions/cache@v1.0.3 32 | if: matrix.os == 'windows-latest' 33 | with: 34 | path: $VCPKG_ROOT/installed 35 | key: ${{ runner.os }}-vcpkg-cache-${{ matrix.db-backend }} 36 | env: 37 | VCPKG_ROOT: 'C:\vcpkg' 38 | 39 | - name: Cache vcpkg downloads 40 | uses: actions/cache@v1.0.3 41 | if: matrix.os == 'windows-latest' 42 | with: 43 | path: $VCPKG_ROOT/downloads 44 | key: ${{ runner.os }}-vcpkg-cache-${{ matrix.db-backend }} 45 | env: 46 | VCPKG_ROOT: 'C:\vcpkg' 47 | 48 | - name: Install dependencies Windows 49 | run: vcpkg integrate install; vcpkg install openssl:x64-windows 50 | if: matrix.os == 'windows-latest' 51 | env: 52 | VCPKG_ROOT: 'C:\vcpkg' 53 | 54 | - name: Check Windows 55 | run: cargo check --all 56 | if: matrix.os == 'windows-latest' 57 | env: 58 | VCPKGRS_DYNAMIC: '1' 59 | VCPKG_ROOT: 'C:\vcpkg' 60 | 61 | - name: Cargo build Windows 62 | uses: actions-rs/cargo@v1 63 | if: matrix.os == 'windows-latest' 64 | with: 65 | command: build 66 | args: --release --all-features 67 | env: 68 | VCPKGRS_DYNAMIC: '1' 69 | VCPKG_ROOT: 'C:\vcpkg' 70 | 71 | - name: Cargo test Windows 72 | uses: actions-rs/cargo@v1 73 | if: matrix.os == 'windows-latest' 74 | with: 75 | command: test 76 | env: 77 | VCPKGRS_DYNAMIC: '1' 78 | VCPKG_ROOT: 'C:\vcpkg' 79 | 80 | ### FOR MAC ### 81 | - name: Install dependencies macOS 82 | run: brew update; brew install openssl 83 | if: matrix.os == 'macOS-latest' 84 | 85 | - name: Cargo check Mac 86 | run: cargo check --all 87 | if: matrix.os == 'macOS-latest' 88 | 89 | - name: Cargo build Mac 90 | uses: actions-rs/cargo@v1 91 | if: matrix.os == 'macOS-latest' 92 | with: 93 | command: build 94 | args: --release --all-features 95 | 96 | - name: Cargo test Mac 97 | uses: actions-rs/cargo@v1 98 | with: 99 | command: test 100 | if: matrix.os == 'macOS-latest' 101 | 102 | ### FOR LINUX ### 103 | - name: Install dependencies Ubuntu 104 | run: sudo apt-get update && sudo apt-get install --no-install-recommends openssl 105 | if: matrix.os == 'ubuntu-latest' 106 | 107 | - name: Check Linux 108 | run: cargo check --all 109 | if: matrix.os == 'ubuntu-latest' 110 | 111 | - name: Cargo build Linux 112 | uses: actions-rs/cargo@v1 113 | if: matrix.os == 'ubuntu-latest' 114 | with: 115 | command: build 116 | args: --release --all-features 117 | 118 | - name: Cargo test Linux 119 | uses: actions-rs/cargo@v1 120 | if: matrix.os == 'ubuntu-latest' 121 | with: 122 | command: test 123 | 124 | static_checks: 125 | runs-on: ubuntu-latest 126 | steps: 127 | - uses: actions/checkout@v1 128 | - run: rustup component add clippy 129 | - uses: actions-rs/clippy-check@v1 130 | with: 131 | token: ${{ secrets.GITHUB_TOKEN }} 132 | args: --all-targets --all-features -- -D clippy::all 133 | - name: Check formatting 134 | run: cargo fmt --all -- --check 135 | - name: Check for panics 136 | run: ./tests/nopanic.ci 137 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | @sigstore/sget-codeowners 2 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, gender identity and expression, level of experience, 9 | nationality, personal appearance, race, religion, or sexual identity and 10 | orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviors that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at . All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at [http://contributor-covenant.org/version/1/4][version] 72 | 73 | [homepage]: http://contributor-covenant.org 74 | [version]: http://contributor-covenant.org/version/1/4/ -------------------------------------------------------------------------------- /COPYRIGHT.txt: -------------------------------------------------------------------------------- 1 | 2 | Copyright 2021 The Sigstore Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | -------------------------------------------------------------------------------- /Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "aho-corasick" 7 | version = "0.7.18" 8 | source = "registry+https://github.com/rust-lang/crates.io-index" 9 | checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" 10 | dependencies = [ 11 | "memchr", 12 | ] 13 | 14 | [[package]] 15 | name = "ansi_term" 16 | version = "0.12.1" 17 | source = "registry+https://github.com/rust-lang/crates.io-index" 18 | checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" 19 | dependencies = [ 20 | "winapi", 21 | ] 22 | 23 | [[package]] 24 | name = "anyhow" 25 | version = "1.0.52" 26 | source = "registry+https://github.com/rust-lang/crates.io-index" 27 | checksum = "84450d0b4a8bd1ba4144ce8ce718fbc5d071358b1e5384bace6536b3d1f2d5b3" 28 | 29 | [[package]] 30 | name = "atty" 31 | version = "0.2.14" 32 | source = "registry+https://github.com/rust-lang/crates.io-index" 33 | checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" 34 | dependencies = [ 35 | "hermit-abi", 36 | "libc", 37 | "winapi", 38 | ] 39 | 40 | [[package]] 41 | name = "autocfg" 42 | version = "1.0.1" 43 | source = "registry+https://github.com/rust-lang/crates.io-index" 44 | checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" 45 | 46 | [[package]] 47 | name = "base16ct" 48 | version = "0.1.1" 49 | source = "registry+https://github.com/rust-lang/crates.io-index" 50 | checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" 51 | 52 | [[package]] 53 | name = "base64" 54 | version = "0.13.0" 55 | source = "registry+https://github.com/rust-lang/crates.io-index" 56 | checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" 57 | 58 | [[package]] 59 | name = "base64ct" 60 | version = "1.1.1" 61 | source = "registry+https://github.com/rust-lang/crates.io-index" 62 | checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c" 63 | 64 | [[package]] 65 | name = "bitflags" 66 | version = "1.3.2" 67 | source = "registry+https://github.com/rust-lang/crates.io-index" 68 | checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" 69 | 70 | [[package]] 71 | name = "block-buffer" 72 | version = "0.9.0" 73 | source = "registry+https://github.com/rust-lang/crates.io-index" 74 | checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" 75 | dependencies = [ 76 | "generic-array", 77 | ] 78 | 79 | [[package]] 80 | name = "bumpalo" 81 | version = "3.9.1" 82 | source = "registry+https://github.com/rust-lang/crates.io-index" 83 | checksum = "a4a45a46ab1f2412e53d3a0ade76ffad2025804294569aae387231a0cd6e0899" 84 | 85 | [[package]] 86 | name = "bytes" 87 | version = "1.1.0" 88 | source = "registry+https://github.com/rust-lang/crates.io-index" 89 | checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" 90 | 91 | [[package]] 92 | name = "cc" 93 | version = "1.0.72" 94 | source = "registry+https://github.com/rust-lang/crates.io-index" 95 | checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" 96 | 97 | [[package]] 98 | name = "cfg-if" 99 | version = "1.0.0" 100 | source = "registry+https://github.com/rust-lang/crates.io-index" 101 | checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" 102 | 103 | [[package]] 104 | name = "chrono" 105 | version = "0.4.19" 106 | source = "registry+https://github.com/rust-lang/crates.io-index" 107 | checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" 108 | dependencies = [ 109 | "libc", 110 | "num-integer", 111 | "num-traits", 112 | "serde", 113 | "time 0.1.43", 114 | "winapi", 115 | ] 116 | 117 | [[package]] 118 | name = "clap" 119 | version = "2.34.0" 120 | source = "registry+https://github.com/rust-lang/crates.io-index" 121 | checksum = "a0610544180c38b88101fecf2dd634b174a62eef6946f84dfc6a7127512b381c" 122 | dependencies = [ 123 | "ansi_term", 124 | "atty", 125 | "bitflags", 126 | "strsim 0.8.0", 127 | "textwrap 0.11.0", 128 | "unicode-width", 129 | "vec_map", 130 | ] 131 | 132 | [[package]] 133 | name = "clap" 134 | version = "3.0.10" 135 | source = "registry+https://github.com/rust-lang/crates.io-index" 136 | checksum = "7a30c3bf9ff12dfe5dae53f0a96e0febcd18420d1c0e7fad77796d9d5c4b5375" 137 | dependencies = [ 138 | "atty", 139 | "bitflags", 140 | "indexmap", 141 | "os_str_bytes", 142 | "strsim 0.10.0", 143 | "termcolor", 144 | "textwrap 0.14.2", 145 | ] 146 | 147 | [[package]] 148 | name = "const-oid" 149 | version = "0.7.1" 150 | source = "registry+https://github.com/rust-lang/crates.io-index" 151 | checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" 152 | 153 | [[package]] 154 | name = "core-foundation" 155 | version = "0.9.2" 156 | source = "registry+https://github.com/rust-lang/crates.io-index" 157 | checksum = "6888e10551bb93e424d8df1d07f1a8b4fceb0001a3a4b048bfc47554946f47b3" 158 | dependencies = [ 159 | "core-foundation-sys", 160 | "libc", 161 | ] 162 | 163 | [[package]] 164 | name = "core-foundation-sys" 165 | version = "0.8.3" 166 | source = "registry+https://github.com/rust-lang/crates.io-index" 167 | checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" 168 | 169 | [[package]] 170 | name = "cpufeatures" 171 | version = "0.2.1" 172 | source = "registry+https://github.com/rust-lang/crates.io-index" 173 | checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" 174 | dependencies = [ 175 | "libc", 176 | ] 177 | 178 | [[package]] 179 | name = "crypto-bigint" 180 | version = "0.3.2" 181 | source = "registry+https://github.com/rust-lang/crates.io-index" 182 | checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" 183 | dependencies = [ 184 | "generic-array", 185 | "rand_core", 186 | "subtle", 187 | "zeroize", 188 | ] 189 | 190 | [[package]] 191 | name = "crypto-mac" 192 | version = "0.11.1" 193 | source = "registry+https://github.com/rust-lang/crates.io-index" 194 | checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" 195 | dependencies = [ 196 | "generic-array", 197 | "subtle", 198 | ] 199 | 200 | [[package]] 201 | name = "darling" 202 | version = "0.13.1" 203 | source = "registry+https://github.com/rust-lang/crates.io-index" 204 | checksum = "d0d720b8683f8dd83c65155f0530560cba68cd2bf395f6513a483caee57ff7f4" 205 | dependencies = [ 206 | "darling_core", 207 | "darling_macro", 208 | ] 209 | 210 | [[package]] 211 | name = "darling_core" 212 | version = "0.13.1" 213 | source = "registry+https://github.com/rust-lang/crates.io-index" 214 | checksum = "7a340f241d2ceed1deb47ae36c4144b2707ec7dd0b649f894cb39bb595986324" 215 | dependencies = [ 216 | "fnv", 217 | "ident_case", 218 | "proc-macro2", 219 | "quote", 220 | "strsim 0.10.0", 221 | "syn", 222 | ] 223 | 224 | [[package]] 225 | name = "darling_macro" 226 | version = "0.13.1" 227 | source = "registry+https://github.com/rust-lang/crates.io-index" 228 | checksum = "72c41b3b7352feb3211a0d743dc5700a4e3b60f51bd2b368892d1e0f9a95f44b" 229 | dependencies = [ 230 | "darling_core", 231 | "quote", 232 | "syn", 233 | ] 234 | 235 | [[package]] 236 | name = "data-encoding" 237 | version = "2.3.2" 238 | source = "registry+https://github.com/rust-lang/crates.io-index" 239 | checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" 240 | 241 | [[package]] 242 | name = "der" 243 | version = "0.5.1" 244 | source = "registry+https://github.com/rust-lang/crates.io-index" 245 | checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" 246 | dependencies = [ 247 | "const-oid", 248 | "pem-rfc7468", 249 | ] 250 | 251 | [[package]] 252 | name = "der-oid-macro" 253 | version = "0.5.0" 254 | source = "registry+https://github.com/rust-lang/crates.io-index" 255 | checksum = "c73af209b6a5dc8ca7cbaba720732304792cddc933cfea3d74509c2b1ef2f436" 256 | dependencies = [ 257 | "num-bigint", 258 | "num-traits", 259 | "syn", 260 | ] 261 | 262 | [[package]] 263 | name = "der-parser" 264 | version = "6.0.0" 265 | source = "registry+https://github.com/rust-lang/crates.io-index" 266 | checksum = "9807efb310ce4ea172924f3a69d82f9fd6c9c3a19336344591153e665b31c43e" 267 | dependencies = [ 268 | "der-oid-macro", 269 | "nom", 270 | "num-bigint", 271 | "num-traits", 272 | "rusticata-macros", 273 | ] 274 | 275 | [[package]] 276 | name = "digest" 277 | version = "0.9.0" 278 | source = "registry+https://github.com/rust-lang/crates.io-index" 279 | checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" 280 | dependencies = [ 281 | "generic-array", 282 | ] 283 | 284 | [[package]] 285 | name = "ecdsa" 286 | version = "0.13.4" 287 | source = "registry+https://github.com/rust-lang/crates.io-index" 288 | checksum = "d0d69ae62e0ce582d56380743515fefaf1a8c70cec685d9677636d7e30ae9dc9" 289 | dependencies = [ 290 | "der", 291 | "elliptic-curve", 292 | "rfc6979", 293 | "signature", 294 | ] 295 | 296 | [[package]] 297 | name = "elliptic-curve" 298 | version = "0.11.9" 299 | source = "registry+https://github.com/rust-lang/crates.io-index" 300 | checksum = "3a4641673db66b0492d99edd8fd1cf2e6eb4ab91de525d1d2d6cc99442ed15f5" 301 | dependencies = [ 302 | "base16ct", 303 | "crypto-bigint", 304 | "der", 305 | "ff", 306 | "generic-array", 307 | "group", 308 | "pem-rfc7468", 309 | "rand_core", 310 | "sec1", 311 | "subtle", 312 | "zeroize", 313 | ] 314 | 315 | [[package]] 316 | name = "encoding_rs" 317 | version = "0.8.30" 318 | source = "registry+https://github.com/rust-lang/crates.io-index" 319 | checksum = "7896dc8abb250ffdda33912550faa54c88ec8b998dec0b2c55ab224921ce11df" 320 | dependencies = [ 321 | "cfg-if", 322 | ] 323 | 324 | [[package]] 325 | name = "ff" 326 | version = "0.11.0" 327 | source = "registry+https://github.com/rust-lang/crates.io-index" 328 | checksum = "b2958d04124b9f27f175eaeb9a9f383d026098aa837eadd8ba22c11f13a05b9e" 329 | dependencies = [ 330 | "rand_core", 331 | "subtle", 332 | ] 333 | 334 | [[package]] 335 | name = "fnv" 336 | version = "1.0.7" 337 | source = "registry+https://github.com/rust-lang/crates.io-index" 338 | checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" 339 | 340 | [[package]] 341 | name = "foreign-types" 342 | version = "0.3.2" 343 | source = "registry+https://github.com/rust-lang/crates.io-index" 344 | checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" 345 | dependencies = [ 346 | "foreign-types-shared", 347 | ] 348 | 349 | [[package]] 350 | name = "foreign-types-shared" 351 | version = "0.1.1" 352 | source = "registry+https://github.com/rust-lang/crates.io-index" 353 | checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" 354 | 355 | [[package]] 356 | name = "form_urlencoded" 357 | version = "1.0.1" 358 | source = "registry+https://github.com/rust-lang/crates.io-index" 359 | checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" 360 | dependencies = [ 361 | "matches", 362 | "percent-encoding 2.1.0", 363 | ] 364 | 365 | [[package]] 366 | name = "futures-channel" 367 | version = "0.3.19" 368 | source = "registry+https://github.com/rust-lang/crates.io-index" 369 | checksum = "ba3dda0b6588335f360afc675d0564c17a77a2bda81ca178a4b6081bd86c7f0b" 370 | dependencies = [ 371 | "futures-core", 372 | ] 373 | 374 | [[package]] 375 | name = "futures-core" 376 | version = "0.3.19" 377 | source = "registry+https://github.com/rust-lang/crates.io-index" 378 | checksum = "d0c8ff0461b82559810cdccfde3215c3f373807f5e5232b71479bff7bb2583d7" 379 | 380 | [[package]] 381 | name = "futures-macro" 382 | version = "0.3.19" 383 | source = "registry+https://github.com/rust-lang/crates.io-index" 384 | checksum = "6dbd947adfffb0efc70599b3ddcf7b5597bb5fa9e245eb99f62b3a5f7bb8bd3c" 385 | dependencies = [ 386 | "proc-macro2", 387 | "quote", 388 | "syn", 389 | ] 390 | 391 | [[package]] 392 | name = "futures-sink" 393 | version = "0.3.19" 394 | source = "registry+https://github.com/rust-lang/crates.io-index" 395 | checksum = "e3055baccb68d74ff6480350f8d6eb8fcfa3aa11bdc1a1ae3afdd0514617d508" 396 | 397 | [[package]] 398 | name = "futures-task" 399 | version = "0.3.19" 400 | source = "registry+https://github.com/rust-lang/crates.io-index" 401 | checksum = "6ee7c6485c30167ce4dfb83ac568a849fe53274c831081476ee13e0dce1aad72" 402 | 403 | [[package]] 404 | name = "futures-util" 405 | version = "0.3.19" 406 | source = "registry+https://github.com/rust-lang/crates.io-index" 407 | checksum = "d9b5cf40b47a271f77a8b1bec03ca09044d99d2372c0de244e66430761127164" 408 | dependencies = [ 409 | "futures-core", 410 | "futures-macro", 411 | "futures-task", 412 | "pin-project-lite", 413 | "pin-utils", 414 | "slab", 415 | ] 416 | 417 | [[package]] 418 | name = "generic-array" 419 | version = "0.14.5" 420 | source = "registry+https://github.com/rust-lang/crates.io-index" 421 | checksum = "fd48d33ec7f05fbfa152300fdad764757cbded343c1aa1cff2fbaf4134851803" 422 | dependencies = [ 423 | "typenum", 424 | "version_check 0.9.4", 425 | ] 426 | 427 | [[package]] 428 | name = "getrandom" 429 | version = "0.2.3" 430 | source = "registry+https://github.com/rust-lang/crates.io-index" 431 | checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" 432 | dependencies = [ 433 | "cfg-if", 434 | "libc", 435 | "wasi", 436 | ] 437 | 438 | [[package]] 439 | name = "group" 440 | version = "0.11.0" 441 | source = "registry+https://github.com/rust-lang/crates.io-index" 442 | checksum = "bc5ac374b108929de78460075f3dc439fa66df9d8fc77e8f12caa5165fcf0c89" 443 | dependencies = [ 444 | "ff", 445 | "rand_core", 446 | "subtle", 447 | ] 448 | 449 | [[package]] 450 | name = "h2" 451 | version = "0.3.10" 452 | source = "registry+https://github.com/rust-lang/crates.io-index" 453 | checksum = "0c9de88456263e249e241fcd211d3954e2c9b0ef7ccfc235a444eb367cae3689" 454 | dependencies = [ 455 | "bytes", 456 | "fnv", 457 | "futures-core", 458 | "futures-sink", 459 | "futures-util", 460 | "http", 461 | "indexmap", 462 | "slab", 463 | "tokio", 464 | "tokio-util", 465 | "tracing", 466 | ] 467 | 468 | [[package]] 469 | name = "hashbrown" 470 | version = "0.11.2" 471 | source = "registry+https://github.com/rust-lang/crates.io-index" 472 | checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e" 473 | 474 | [[package]] 475 | name = "heck" 476 | version = "0.3.3" 477 | source = "registry+https://github.com/rust-lang/crates.io-index" 478 | checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c" 479 | dependencies = [ 480 | "unicode-segmentation", 481 | ] 482 | 483 | [[package]] 484 | name = "hermit-abi" 485 | version = "0.1.19" 486 | source = "registry+https://github.com/rust-lang/crates.io-index" 487 | checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" 488 | dependencies = [ 489 | "libc", 490 | ] 491 | 492 | [[package]] 493 | name = "hmac" 494 | version = "0.11.0" 495 | source = "registry+https://github.com/rust-lang/crates.io-index" 496 | checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" 497 | dependencies = [ 498 | "crypto-mac", 499 | "digest", 500 | ] 501 | 502 | [[package]] 503 | name = "http" 504 | version = "0.2.6" 505 | source = "registry+https://github.com/rust-lang/crates.io-index" 506 | checksum = "31f4c6746584866f0feabcc69893c5b51beef3831656a968ed7ae254cdc4fd03" 507 | dependencies = [ 508 | "bytes", 509 | "fnv", 510 | "itoa 1.0.1", 511 | ] 512 | 513 | [[package]] 514 | name = "http-body" 515 | version = "0.4.4" 516 | source = "registry+https://github.com/rust-lang/crates.io-index" 517 | checksum = "1ff4f84919677303da5f147645dbea6b1881f368d03ac84e1dc09031ebd7b2c6" 518 | dependencies = [ 519 | "bytes", 520 | "http", 521 | "pin-project-lite", 522 | ] 523 | 524 | [[package]] 525 | name = "httparse" 526 | version = "1.5.1" 527 | source = "registry+https://github.com/rust-lang/crates.io-index" 528 | checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" 529 | 530 | [[package]] 531 | name = "httpdate" 532 | version = "1.0.2" 533 | source = "registry+https://github.com/rust-lang/crates.io-index" 534 | checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" 535 | 536 | [[package]] 537 | name = "hyper" 538 | version = "0.14.16" 539 | source = "registry+https://github.com/rust-lang/crates.io-index" 540 | checksum = "b7ec3e62bdc98a2f0393a5048e4c30ef659440ea6e0e572965103e72bd836f55" 541 | dependencies = [ 542 | "bytes", 543 | "futures-channel", 544 | "futures-core", 545 | "futures-util", 546 | "h2", 547 | "http", 548 | "http-body", 549 | "httparse", 550 | "httpdate", 551 | "itoa 0.4.8", 552 | "pin-project-lite", 553 | "socket2", 554 | "tokio", 555 | "tower-service", 556 | "tracing", 557 | "want", 558 | ] 559 | 560 | [[package]] 561 | name = "hyper-tls" 562 | version = "0.5.0" 563 | source = "registry+https://github.com/rust-lang/crates.io-index" 564 | checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" 565 | dependencies = [ 566 | "bytes", 567 | "hyper", 568 | "native-tls", 569 | "tokio", 570 | "tokio-native-tls", 571 | ] 572 | 573 | [[package]] 574 | name = "hyperx" 575 | version = "1.4.0" 576 | source = "registry+https://github.com/rust-lang/crates.io-index" 577 | checksum = "5617e92fc2f2501c3e2bc6ce547cad841adba2bae5b921c7e52510beca6d084c" 578 | dependencies = [ 579 | "base64", 580 | "bytes", 581 | "http", 582 | "httpdate", 583 | "language-tags", 584 | "mime", 585 | "percent-encoding 2.1.0", 586 | "unicase 2.6.0", 587 | ] 588 | 589 | [[package]] 590 | name = "ident_case" 591 | version = "1.0.1" 592 | source = "registry+https://github.com/rust-lang/crates.io-index" 593 | checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" 594 | 595 | [[package]] 596 | name = "idna" 597 | version = "0.1.5" 598 | source = "registry+https://github.com/rust-lang/crates.io-index" 599 | checksum = "38f09e0f0b1fb55fdee1f17470ad800da77af5186a1a76c026b679358b7e844e" 600 | dependencies = [ 601 | "matches", 602 | "unicode-bidi", 603 | "unicode-normalization", 604 | ] 605 | 606 | [[package]] 607 | name = "idna" 608 | version = "0.2.3" 609 | source = "registry+https://github.com/rust-lang/crates.io-index" 610 | checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" 611 | dependencies = [ 612 | "matches", 613 | "unicode-bidi", 614 | "unicode-normalization", 615 | ] 616 | 617 | [[package]] 618 | name = "indexmap" 619 | version = "1.7.0" 620 | source = "registry+https://github.com/rust-lang/crates.io-index" 621 | checksum = "bc633605454125dec4b66843673f01c7df2b89479b32e0ed634e43a91cff62a5" 622 | dependencies = [ 623 | "autocfg", 624 | "hashbrown", 625 | ] 626 | 627 | [[package]] 628 | name = "ipnet" 629 | version = "2.3.1" 630 | source = "registry+https://github.com/rust-lang/crates.io-index" 631 | checksum = "68f2d64f2edebec4ce84ad108148e67e1064789bee435edc5b60ad398714a3a9" 632 | 633 | [[package]] 634 | name = "itoa" 635 | version = "0.4.8" 636 | source = "registry+https://github.com/rust-lang/crates.io-index" 637 | checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" 638 | 639 | [[package]] 640 | name = "itoa" 641 | version = "1.0.1" 642 | source = "registry+https://github.com/rust-lang/crates.io-index" 643 | checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" 644 | 645 | [[package]] 646 | name = "js-sys" 647 | version = "0.3.55" 648 | source = "registry+https://github.com/rust-lang/crates.io-index" 649 | checksum = "7cc9ffccd38c451a86bf13657df244e9c3f37493cce8e5e21e940963777acc84" 650 | dependencies = [ 651 | "wasm-bindgen", 652 | ] 653 | 654 | [[package]] 655 | name = "jwt" 656 | version = "0.15.0" 657 | source = "registry+https://github.com/rust-lang/crates.io-index" 658 | checksum = "98328bb4f360e6b2ceb1f95645602c7014000ef0c3809963df8ad3a3a09f8d99" 659 | dependencies = [ 660 | "base64", 661 | "crypto-mac", 662 | "digest", 663 | "hmac", 664 | "serde", 665 | "serde_json", 666 | "sha2", 667 | ] 668 | 669 | [[package]] 670 | name = "language-tags" 671 | version = "0.3.2" 672 | source = "registry+https://github.com/rust-lang/crates.io-index" 673 | checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" 674 | 675 | [[package]] 676 | name = "lazy_static" 677 | version = "1.4.0" 678 | source = "registry+https://github.com/rust-lang/crates.io-index" 679 | checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" 680 | 681 | [[package]] 682 | name = "libc" 683 | version = "0.2.112" 684 | source = "registry+https://github.com/rust-lang/crates.io-index" 685 | checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" 686 | 687 | [[package]] 688 | name = "log" 689 | version = "0.4.14" 690 | source = "registry+https://github.com/rust-lang/crates.io-index" 691 | checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" 692 | dependencies = [ 693 | "cfg-if", 694 | ] 695 | 696 | [[package]] 697 | name = "matches" 698 | version = "0.1.9" 699 | source = "registry+https://github.com/rust-lang/crates.io-index" 700 | checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" 701 | 702 | [[package]] 703 | name = "memchr" 704 | version = "2.4.1" 705 | source = "registry+https://github.com/rust-lang/crates.io-index" 706 | checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" 707 | 708 | [[package]] 709 | name = "mime" 710 | version = "0.3.16" 711 | source = "registry+https://github.com/rust-lang/crates.io-index" 712 | checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" 713 | 714 | [[package]] 715 | name = "minimal-lexical" 716 | version = "0.2.1" 717 | source = "registry+https://github.com/rust-lang/crates.io-index" 718 | checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 719 | 720 | [[package]] 721 | name = "mio" 722 | version = "0.7.14" 723 | source = "registry+https://github.com/rust-lang/crates.io-index" 724 | checksum = "8067b404fe97c70829f082dec8bcf4f71225d7eaea1d8645349cb76fa06205cc" 725 | dependencies = [ 726 | "libc", 727 | "log", 728 | "miow", 729 | "ntapi", 730 | "winapi", 731 | ] 732 | 733 | [[package]] 734 | name = "miow" 735 | version = "0.3.7" 736 | source = "registry+https://github.com/rust-lang/crates.io-index" 737 | checksum = "b9f1c5b025cda876f66ef43a113f91ebc9f4ccef34843000e0adf6ebbab84e21" 738 | dependencies = [ 739 | "winapi", 740 | ] 741 | 742 | [[package]] 743 | name = "native-tls" 744 | version = "0.2.8" 745 | source = "registry+https://github.com/rust-lang/crates.io-index" 746 | checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d" 747 | dependencies = [ 748 | "lazy_static", 749 | "libc", 750 | "log", 751 | "openssl", 752 | "openssl-probe", 753 | "openssl-sys", 754 | "schannel", 755 | "security-framework", 756 | "security-framework-sys", 757 | "tempfile", 758 | ] 759 | 760 | [[package]] 761 | name = "nom" 762 | version = "7.1.0" 763 | source = "registry+https://github.com/rust-lang/crates.io-index" 764 | checksum = "1b1d11e1ef389c76fe5b81bcaf2ea32cf88b62bc494e19f493d0b30e7a930109" 765 | dependencies = [ 766 | "memchr", 767 | "minimal-lexical", 768 | "version_check 0.9.4", 769 | ] 770 | 771 | [[package]] 772 | name = "ntapi" 773 | version = "0.3.6" 774 | source = "registry+https://github.com/rust-lang/crates.io-index" 775 | checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" 776 | dependencies = [ 777 | "winapi", 778 | ] 779 | 780 | [[package]] 781 | name = "num-bigint" 782 | version = "0.4.3" 783 | source = "registry+https://github.com/rust-lang/crates.io-index" 784 | checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" 785 | dependencies = [ 786 | "autocfg", 787 | "num-integer", 788 | "num-traits", 789 | ] 790 | 791 | [[package]] 792 | name = "num-integer" 793 | version = "0.1.44" 794 | source = "registry+https://github.com/rust-lang/crates.io-index" 795 | checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" 796 | dependencies = [ 797 | "autocfg", 798 | "num-traits", 799 | ] 800 | 801 | [[package]] 802 | name = "num-traits" 803 | version = "0.2.14" 804 | source = "registry+https://github.com/rust-lang/crates.io-index" 805 | checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" 806 | dependencies = [ 807 | "autocfg", 808 | ] 809 | 810 | [[package]] 811 | name = "num_cpus" 812 | version = "1.13.1" 813 | source = "registry+https://github.com/rust-lang/crates.io-index" 814 | checksum = "19e64526ebdee182341572e50e9ad03965aa510cd94427a4549448f285e957a1" 815 | dependencies = [ 816 | "hermit-abi", 817 | "libc", 818 | ] 819 | 820 | [[package]] 821 | name = "num_threads" 822 | version = "0.1.2" 823 | source = "registry+https://github.com/rust-lang/crates.io-index" 824 | checksum = "71a1eb3a36534514077c1e079ada2fb170ef30c47d203aa6916138cf882ecd52" 825 | dependencies = [ 826 | "libc", 827 | ] 828 | 829 | [[package]] 830 | name = "oci-distribution" 831 | version = "0.8.1" 832 | source = "registry+https://github.com/rust-lang/crates.io-index" 833 | checksum = "cb3c580ad67504493981fff06d790929ece7ce149f344f4d8e411808e5a50f62" 834 | dependencies = [ 835 | "anyhow", 836 | "futures-util", 837 | "hyperx", 838 | "jwt", 839 | "lazy_static", 840 | "regex", 841 | "reqwest", 842 | "serde", 843 | "serde_json", 844 | "sha2", 845 | "tokio", 846 | "tracing", 847 | "unicase 1.4.2", 848 | "url 1.7.2", 849 | "www-authenticate", 850 | ] 851 | 852 | [[package]] 853 | name = "oid-registry" 854 | version = "0.2.0" 855 | source = "registry+https://github.com/rust-lang/crates.io-index" 856 | checksum = "fe554cb2393bc784fd678c82c84cc0599c31ceadc7f03a594911f822cb8d1815" 857 | dependencies = [ 858 | "der-parser", 859 | ] 860 | 861 | [[package]] 862 | name = "once_cell" 863 | version = "1.9.0" 864 | source = "registry+https://github.com/rust-lang/crates.io-index" 865 | checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" 866 | 867 | [[package]] 868 | name = "opaque-debug" 869 | version = "0.3.0" 870 | source = "registry+https://github.com/rust-lang/crates.io-index" 871 | checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" 872 | 873 | [[package]] 874 | name = "openssl" 875 | version = "0.10.38" 876 | source = "registry+https://github.com/rust-lang/crates.io-index" 877 | checksum = "0c7ae222234c30df141154f159066c5093ff73b63204dcda7121eb082fc56a95" 878 | dependencies = [ 879 | "bitflags", 880 | "cfg-if", 881 | "foreign-types", 882 | "libc", 883 | "once_cell", 884 | "openssl-sys", 885 | ] 886 | 887 | [[package]] 888 | name = "openssl-probe" 889 | version = "0.1.4" 890 | source = "registry+https://github.com/rust-lang/crates.io-index" 891 | checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a" 892 | 893 | [[package]] 894 | name = "openssl-sys" 895 | version = "0.9.72" 896 | source = "registry+https://github.com/rust-lang/crates.io-index" 897 | checksum = "7e46109c383602735fa0a2e48dd2b7c892b048e1bf69e5c3b1d804b7d9c203cb" 898 | dependencies = [ 899 | "autocfg", 900 | "cc", 901 | "libc", 902 | "pkg-config", 903 | "vcpkg", 904 | ] 905 | 906 | [[package]] 907 | name = "os_str_bytes" 908 | version = "6.0.0" 909 | source = "registry+https://github.com/rust-lang/crates.io-index" 910 | checksum = "8e22443d1643a904602595ba1cd8f7d896afe56d26712531c5ff73a15b2fbf64" 911 | dependencies = [ 912 | "memchr", 913 | ] 914 | 915 | [[package]] 916 | name = "p256" 917 | version = "0.10.1" 918 | source = "registry+https://github.com/rust-lang/crates.io-index" 919 | checksum = "19736d80675fbe9fe33426268150b951a3fb8f5cfca2a23a17c85ef3adb24e3b" 920 | dependencies = [ 921 | "ecdsa", 922 | "elliptic-curve", 923 | "sec1", 924 | "sha2", 925 | ] 926 | 927 | [[package]] 928 | name = "pem-rfc7468" 929 | version = "0.3.1" 930 | source = "registry+https://github.com/rust-lang/crates.io-index" 931 | checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30" 932 | dependencies = [ 933 | "base64ct", 934 | ] 935 | 936 | [[package]] 937 | name = "percent-encoding" 938 | version = "1.0.1" 939 | source = "registry+https://github.com/rust-lang/crates.io-index" 940 | checksum = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831" 941 | 942 | [[package]] 943 | name = "percent-encoding" 944 | version = "2.1.0" 945 | source = "registry+https://github.com/rust-lang/crates.io-index" 946 | checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" 947 | 948 | [[package]] 949 | name = "pin-project-lite" 950 | version = "0.2.8" 951 | source = "registry+https://github.com/rust-lang/crates.io-index" 952 | checksum = "e280fbe77cc62c91527259e9442153f4688736748d24660126286329742b4c6c" 953 | 954 | [[package]] 955 | name = "pin-utils" 956 | version = "0.1.0" 957 | source = "registry+https://github.com/rust-lang/crates.io-index" 958 | checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" 959 | 960 | [[package]] 961 | name = "pkcs8" 962 | version = "0.8.0" 963 | source = "registry+https://github.com/rust-lang/crates.io-index" 964 | checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" 965 | dependencies = [ 966 | "der", 967 | "spki", 968 | "zeroize", 969 | ] 970 | 971 | [[package]] 972 | name = "pkg-config" 973 | version = "0.3.24" 974 | source = "registry+https://github.com/rust-lang/crates.io-index" 975 | checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" 976 | 977 | [[package]] 978 | name = "ppv-lite86" 979 | version = "0.2.16" 980 | source = "registry+https://github.com/rust-lang/crates.io-index" 981 | checksum = "eb9f9e6e233e5c4a35559a617bf40a4ec447db2e84c20b55a6f83167b7e57872" 982 | 983 | [[package]] 984 | name = "proc-macro-error" 985 | version = "1.0.4" 986 | source = "registry+https://github.com/rust-lang/crates.io-index" 987 | checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" 988 | dependencies = [ 989 | "proc-macro-error-attr", 990 | "proc-macro2", 991 | "quote", 992 | "syn", 993 | "version_check 0.9.4", 994 | ] 995 | 996 | [[package]] 997 | name = "proc-macro-error-attr" 998 | version = "1.0.4" 999 | source = "registry+https://github.com/rust-lang/crates.io-index" 1000 | checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" 1001 | dependencies = [ 1002 | "proc-macro2", 1003 | "quote", 1004 | "version_check 0.9.4", 1005 | ] 1006 | 1007 | [[package]] 1008 | name = "proc-macro2" 1009 | version = "1.0.36" 1010 | source = "registry+https://github.com/rust-lang/crates.io-index" 1011 | checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029" 1012 | dependencies = [ 1013 | "unicode-xid", 1014 | ] 1015 | 1016 | [[package]] 1017 | name = "quote" 1018 | version = "1.0.14" 1019 | source = "registry+https://github.com/rust-lang/crates.io-index" 1020 | checksum = "47aa80447ce4daf1717500037052af176af5d38cc3e571d9ec1c7353fc10c87d" 1021 | dependencies = [ 1022 | "proc-macro2", 1023 | ] 1024 | 1025 | [[package]] 1026 | name = "rand" 1027 | version = "0.8.4" 1028 | source = "registry+https://github.com/rust-lang/crates.io-index" 1029 | checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" 1030 | dependencies = [ 1031 | "libc", 1032 | "rand_chacha", 1033 | "rand_core", 1034 | "rand_hc", 1035 | ] 1036 | 1037 | [[package]] 1038 | name = "rand_chacha" 1039 | version = "0.3.1" 1040 | source = "registry+https://github.com/rust-lang/crates.io-index" 1041 | checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" 1042 | dependencies = [ 1043 | "ppv-lite86", 1044 | "rand_core", 1045 | ] 1046 | 1047 | [[package]] 1048 | name = "rand_core" 1049 | version = "0.6.3" 1050 | source = "registry+https://github.com/rust-lang/crates.io-index" 1051 | checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" 1052 | dependencies = [ 1053 | "getrandom", 1054 | ] 1055 | 1056 | [[package]] 1057 | name = "rand_hc" 1058 | version = "0.3.1" 1059 | source = "registry+https://github.com/rust-lang/crates.io-index" 1060 | checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" 1061 | dependencies = [ 1062 | "rand_core", 1063 | ] 1064 | 1065 | [[package]] 1066 | name = "redox_syscall" 1067 | version = "0.2.10" 1068 | source = "registry+https://github.com/rust-lang/crates.io-index" 1069 | checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" 1070 | dependencies = [ 1071 | "bitflags", 1072 | ] 1073 | 1074 | [[package]] 1075 | name = "regex" 1076 | version = "1.5.4" 1077 | source = "registry+https://github.com/rust-lang/crates.io-index" 1078 | checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" 1079 | dependencies = [ 1080 | "aho-corasick", 1081 | "memchr", 1082 | "regex-syntax", 1083 | ] 1084 | 1085 | [[package]] 1086 | name = "regex-syntax" 1087 | version = "0.6.25" 1088 | source = "registry+https://github.com/rust-lang/crates.io-index" 1089 | checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" 1090 | 1091 | [[package]] 1092 | name = "remove_dir_all" 1093 | version = "0.5.3" 1094 | source = "registry+https://github.com/rust-lang/crates.io-index" 1095 | checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" 1096 | dependencies = [ 1097 | "winapi", 1098 | ] 1099 | 1100 | [[package]] 1101 | name = "reqwest" 1102 | version = "0.11.8" 1103 | source = "registry+https://github.com/rust-lang/crates.io-index" 1104 | checksum = "7c4e0a76dc12a116108933f6301b95e83634e0c47b0afbed6abbaa0601e99258" 1105 | dependencies = [ 1106 | "base64", 1107 | "bytes", 1108 | "encoding_rs", 1109 | "futures-core", 1110 | "futures-util", 1111 | "http", 1112 | "http-body", 1113 | "hyper", 1114 | "hyper-tls", 1115 | "ipnet", 1116 | "js-sys", 1117 | "lazy_static", 1118 | "log", 1119 | "mime", 1120 | "native-tls", 1121 | "percent-encoding 2.1.0", 1122 | "pin-project-lite", 1123 | "serde", 1124 | "serde_json", 1125 | "serde_urlencoded", 1126 | "tokio", 1127 | "tokio-native-tls", 1128 | "tokio-util", 1129 | "url 2.2.2", 1130 | "wasm-bindgen", 1131 | "wasm-bindgen-futures", 1132 | "web-sys", 1133 | "winreg", 1134 | ] 1135 | 1136 | [[package]] 1137 | name = "rfc6979" 1138 | version = "0.1.0" 1139 | source = "registry+https://github.com/rust-lang/crates.io-index" 1140 | checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525" 1141 | dependencies = [ 1142 | "crypto-bigint", 1143 | "hmac", 1144 | "zeroize", 1145 | ] 1146 | 1147 | [[package]] 1148 | name = "rusticata-macros" 1149 | version = "4.0.0" 1150 | source = "registry+https://github.com/rust-lang/crates.io-index" 1151 | checksum = "65c52377bb2288aa522a0c8208947fada1e0c76397f108cc08f57efe6077b50d" 1152 | dependencies = [ 1153 | "nom", 1154 | ] 1155 | 1156 | [[package]] 1157 | name = "rustversion" 1158 | version = "1.0.6" 1159 | source = "registry+https://github.com/rust-lang/crates.io-index" 1160 | checksum = "f2cc38e8fa666e2de3c4aba7edeb5ffc5246c1c2ed0e3d17e560aeeba736b23f" 1161 | 1162 | [[package]] 1163 | name = "ryu" 1164 | version = "1.0.9" 1165 | source = "registry+https://github.com/rust-lang/crates.io-index" 1166 | checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" 1167 | 1168 | [[package]] 1169 | name = "schannel" 1170 | version = "0.1.19" 1171 | source = "registry+https://github.com/rust-lang/crates.io-index" 1172 | checksum = "8f05ba609c234e60bee0d547fe94a4c7e9da733d1c962cf6e59efa4cd9c8bc75" 1173 | dependencies = [ 1174 | "lazy_static", 1175 | "winapi", 1176 | ] 1177 | 1178 | [[package]] 1179 | name = "sec1" 1180 | version = "0.2.1" 1181 | source = "registry+https://github.com/rust-lang/crates.io-index" 1182 | checksum = "08da66b8b0965a5555b6bd6639e68ccba85e1e2506f5fbb089e93f8a04e1a2d1" 1183 | dependencies = [ 1184 | "der", 1185 | "generic-array", 1186 | "pkcs8", 1187 | "subtle", 1188 | "zeroize", 1189 | ] 1190 | 1191 | [[package]] 1192 | name = "security-framework" 1193 | version = "2.4.2" 1194 | source = "registry+https://github.com/rust-lang/crates.io-index" 1195 | checksum = "525bc1abfda2e1998d152c45cf13e696f76d0a4972310b22fac1658b05df7c87" 1196 | dependencies = [ 1197 | "bitflags", 1198 | "core-foundation", 1199 | "core-foundation-sys", 1200 | "libc", 1201 | "security-framework-sys", 1202 | ] 1203 | 1204 | [[package]] 1205 | name = "security-framework-sys" 1206 | version = "2.4.2" 1207 | source = "registry+https://github.com/rust-lang/crates.io-index" 1208 | checksum = "a9dd14d83160b528b7bfd66439110573efcfbe281b17fc2ca9f39f550d619c7e" 1209 | dependencies = [ 1210 | "core-foundation-sys", 1211 | "libc", 1212 | ] 1213 | 1214 | [[package]] 1215 | name = "serde" 1216 | version = "1.0.134" 1217 | source = "registry+https://github.com/rust-lang/crates.io-index" 1218 | checksum = "96b3c34c1690edf8174f5b289a336ab03f568a4460d8c6df75f2f3a692b3bc6a" 1219 | dependencies = [ 1220 | "serde_derive", 1221 | ] 1222 | 1223 | [[package]] 1224 | name = "serde_derive" 1225 | version = "1.0.134" 1226 | source = "registry+https://github.com/rust-lang/crates.io-index" 1227 | checksum = "784ed1fbfa13fe191077537b0d70ec8ad1e903cfe04831da608aa36457cb653d" 1228 | dependencies = [ 1229 | "proc-macro2", 1230 | "quote", 1231 | "syn", 1232 | ] 1233 | 1234 | [[package]] 1235 | name = "serde_json" 1236 | version = "1.0.75" 1237 | source = "registry+https://github.com/rust-lang/crates.io-index" 1238 | checksum = "c059c05b48c5c0067d4b4b2b4f0732dd65feb52daf7e0ea09cd87e7dadc1af79" 1239 | dependencies = [ 1240 | "itoa 1.0.1", 1241 | "ryu", 1242 | "serde", 1243 | ] 1244 | 1245 | [[package]] 1246 | name = "serde_plain" 1247 | version = "1.0.0" 1248 | source = "registry+https://github.com/rust-lang/crates.io-index" 1249 | checksum = "95455e7e29fada2052e72170af226fbe368a4ca33dee847875325d9fdb133858" 1250 | dependencies = [ 1251 | "serde", 1252 | ] 1253 | 1254 | [[package]] 1255 | name = "serde_urlencoded" 1256 | version = "0.7.0" 1257 | source = "registry+https://github.com/rust-lang/crates.io-index" 1258 | checksum = "edfa57a7f8d9c1d260a549e7224100f6c43d43f9103e06dd8b4095a9b2b43ce9" 1259 | dependencies = [ 1260 | "form_urlencoded", 1261 | "itoa 0.4.8", 1262 | "ryu", 1263 | "serde", 1264 | ] 1265 | 1266 | [[package]] 1267 | name = "serde_with" 1268 | version = "1.11.0" 1269 | source = "registry+https://github.com/rust-lang/crates.io-index" 1270 | checksum = "ad6056b4cb69b6e43e3a0f055def223380baecc99da683884f205bf347f7c4b3" 1271 | dependencies = [ 1272 | "rustversion", 1273 | "serde", 1274 | "serde_json", 1275 | "serde_with_macros", 1276 | ] 1277 | 1278 | [[package]] 1279 | name = "serde_with_macros" 1280 | version = "1.5.1" 1281 | source = "registry+https://github.com/rust-lang/crates.io-index" 1282 | checksum = "12e47be9471c72889ebafb5e14d5ff930d89ae7a67bbdb5f8abb564f845a927e" 1283 | dependencies = [ 1284 | "darling", 1285 | "proc-macro2", 1286 | "quote", 1287 | "syn", 1288 | ] 1289 | 1290 | [[package]] 1291 | name = "sget" 1292 | version = "0.1.0" 1293 | dependencies = [ 1294 | "anyhow", 1295 | "base64", 1296 | "chrono", 1297 | "clap 3.0.10", 1298 | "ecdsa", 1299 | "oci-distribution", 1300 | "openssl", 1301 | "p256", 1302 | "serde", 1303 | "serde_json", 1304 | "serde_plain", 1305 | "serde_with", 1306 | "structopt", 1307 | "time 0.3.6", 1308 | "tokio", 1309 | "x509-parser", 1310 | ] 1311 | 1312 | [[package]] 1313 | name = "sha2" 1314 | version = "0.9.9" 1315 | source = "registry+https://github.com/rust-lang/crates.io-index" 1316 | checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" 1317 | dependencies = [ 1318 | "block-buffer", 1319 | "cfg-if", 1320 | "cpufeatures", 1321 | "digest", 1322 | "opaque-debug", 1323 | ] 1324 | 1325 | [[package]] 1326 | name = "signature" 1327 | version = "1.3.2" 1328 | source = "registry+https://github.com/rust-lang/crates.io-index" 1329 | checksum = "f2807892cfa58e081aa1f1111391c7a0649d4fa127a4ffbe34bcbfb35a1171a4" 1330 | dependencies = [ 1331 | "digest", 1332 | "rand_core", 1333 | ] 1334 | 1335 | [[package]] 1336 | name = "slab" 1337 | version = "0.4.5" 1338 | source = "registry+https://github.com/rust-lang/crates.io-index" 1339 | checksum = "9def91fd1e018fe007022791f865d0ccc9b3a0d5001e01aabb8b40e46000afb5" 1340 | 1341 | [[package]] 1342 | name = "socket2" 1343 | version = "0.4.2" 1344 | source = "registry+https://github.com/rust-lang/crates.io-index" 1345 | checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" 1346 | dependencies = [ 1347 | "libc", 1348 | "winapi", 1349 | ] 1350 | 1351 | [[package]] 1352 | name = "spki" 1353 | version = "0.5.4" 1354 | source = "registry+https://github.com/rust-lang/crates.io-index" 1355 | checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" 1356 | dependencies = [ 1357 | "base64ct", 1358 | "der", 1359 | ] 1360 | 1361 | [[package]] 1362 | name = "strsim" 1363 | version = "0.8.0" 1364 | source = "registry+https://github.com/rust-lang/crates.io-index" 1365 | checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" 1366 | 1367 | [[package]] 1368 | name = "strsim" 1369 | version = "0.10.0" 1370 | source = "registry+https://github.com/rust-lang/crates.io-index" 1371 | checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" 1372 | 1373 | [[package]] 1374 | name = "structopt" 1375 | version = "0.3.26" 1376 | source = "registry+https://github.com/rust-lang/crates.io-index" 1377 | checksum = "0c6b5c64445ba8094a6ab0c3cd2ad323e07171012d9c98b0b15651daf1787a10" 1378 | dependencies = [ 1379 | "clap 2.34.0", 1380 | "lazy_static", 1381 | "structopt-derive", 1382 | ] 1383 | 1384 | [[package]] 1385 | name = "structopt-derive" 1386 | version = "0.4.18" 1387 | source = "registry+https://github.com/rust-lang/crates.io-index" 1388 | checksum = "dcb5ae327f9cc13b68763b5749770cb9e048a99bd9dfdfa58d0cf05d5f64afe0" 1389 | dependencies = [ 1390 | "heck", 1391 | "proc-macro-error", 1392 | "proc-macro2", 1393 | "quote", 1394 | "syn", 1395 | ] 1396 | 1397 | [[package]] 1398 | name = "subtle" 1399 | version = "2.4.1" 1400 | source = "registry+https://github.com/rust-lang/crates.io-index" 1401 | checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" 1402 | 1403 | [[package]] 1404 | name = "syn" 1405 | version = "1.0.85" 1406 | source = "registry+https://github.com/rust-lang/crates.io-index" 1407 | checksum = "a684ac3dcd8913827e18cd09a68384ee66c1de24157e3c556c9ab16d85695fb7" 1408 | dependencies = [ 1409 | "proc-macro2", 1410 | "quote", 1411 | "unicode-xid", 1412 | ] 1413 | 1414 | [[package]] 1415 | name = "tempfile" 1416 | version = "3.2.0" 1417 | source = "registry+https://github.com/rust-lang/crates.io-index" 1418 | checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" 1419 | dependencies = [ 1420 | "cfg-if", 1421 | "libc", 1422 | "rand", 1423 | "redox_syscall", 1424 | "remove_dir_all", 1425 | "winapi", 1426 | ] 1427 | 1428 | [[package]] 1429 | name = "termcolor" 1430 | version = "1.1.2" 1431 | source = "registry+https://github.com/rust-lang/crates.io-index" 1432 | checksum = "2dfed899f0eb03f32ee8c6a0aabdb8a7949659e3466561fc0adf54e26d88c5f4" 1433 | dependencies = [ 1434 | "winapi-util", 1435 | ] 1436 | 1437 | [[package]] 1438 | name = "textwrap" 1439 | version = "0.11.0" 1440 | source = "registry+https://github.com/rust-lang/crates.io-index" 1441 | checksum = "d326610f408c7a4eb6f51c37c330e496b08506c9457c9d34287ecc38809fb060" 1442 | dependencies = [ 1443 | "unicode-width", 1444 | ] 1445 | 1446 | [[package]] 1447 | name = "textwrap" 1448 | version = "0.14.2" 1449 | source = "registry+https://github.com/rust-lang/crates.io-index" 1450 | checksum = "0066c8d12af8b5acd21e00547c3797fde4e8677254a7ee429176ccebbe93dd80" 1451 | 1452 | [[package]] 1453 | name = "thiserror" 1454 | version = "1.0.30" 1455 | source = "registry+https://github.com/rust-lang/crates.io-index" 1456 | checksum = "854babe52e4df1653706b98fcfc05843010039b406875930a70e4d9644e5c417" 1457 | dependencies = [ 1458 | "thiserror-impl", 1459 | ] 1460 | 1461 | [[package]] 1462 | name = "thiserror-impl" 1463 | version = "1.0.30" 1464 | source = "registry+https://github.com/rust-lang/crates.io-index" 1465 | checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" 1466 | dependencies = [ 1467 | "proc-macro2", 1468 | "quote", 1469 | "syn", 1470 | ] 1471 | 1472 | [[package]] 1473 | name = "time" 1474 | version = "0.1.43" 1475 | source = "registry+https://github.com/rust-lang/crates.io-index" 1476 | checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" 1477 | dependencies = [ 1478 | "libc", 1479 | "winapi", 1480 | ] 1481 | 1482 | [[package]] 1483 | name = "time" 1484 | version = "0.3.6" 1485 | source = "registry+https://github.com/rust-lang/crates.io-index" 1486 | checksum = "c8d54b9298e05179c335de2b9645d061255bcd5155f843b3e328d2cfe0a5b413" 1487 | dependencies = [ 1488 | "libc", 1489 | "num_threads", 1490 | ] 1491 | 1492 | [[package]] 1493 | name = "tinyvec" 1494 | version = "1.5.1" 1495 | source = "registry+https://github.com/rust-lang/crates.io-index" 1496 | checksum = "2c1c1d5a42b6245520c249549ec267180beaffcc0615401ac8e31853d4b6d8d2" 1497 | dependencies = [ 1498 | "tinyvec_macros", 1499 | ] 1500 | 1501 | [[package]] 1502 | name = "tinyvec_macros" 1503 | version = "0.1.0" 1504 | source = "registry+https://github.com/rust-lang/crates.io-index" 1505 | checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" 1506 | 1507 | [[package]] 1508 | name = "tokio" 1509 | version = "1.15.0" 1510 | source = "registry+https://github.com/rust-lang/crates.io-index" 1511 | checksum = "fbbf1c778ec206785635ce8ad57fe52b3009ae9e0c9f574a728f3049d3e55838" 1512 | dependencies = [ 1513 | "bytes", 1514 | "libc", 1515 | "memchr", 1516 | "mio", 1517 | "num_cpus", 1518 | "pin-project-lite", 1519 | "tokio-macros", 1520 | "winapi", 1521 | ] 1522 | 1523 | [[package]] 1524 | name = "tokio-macros" 1525 | version = "1.7.0" 1526 | source = "registry+https://github.com/rust-lang/crates.io-index" 1527 | checksum = "b557f72f448c511a979e2564e55d74e6c4432fc96ff4f6241bc6bded342643b7" 1528 | dependencies = [ 1529 | "proc-macro2", 1530 | "quote", 1531 | "syn", 1532 | ] 1533 | 1534 | [[package]] 1535 | name = "tokio-native-tls" 1536 | version = "0.3.0" 1537 | source = "registry+https://github.com/rust-lang/crates.io-index" 1538 | checksum = "f7d995660bd2b7f8c1568414c1126076c13fbb725c40112dc0120b78eb9b717b" 1539 | dependencies = [ 1540 | "native-tls", 1541 | "tokio", 1542 | ] 1543 | 1544 | [[package]] 1545 | name = "tokio-util" 1546 | version = "0.6.9" 1547 | source = "registry+https://github.com/rust-lang/crates.io-index" 1548 | checksum = "9e99e1983e5d376cd8eb4b66604d2e99e79f5bd988c3055891dcd8c9e2604cc0" 1549 | dependencies = [ 1550 | "bytes", 1551 | "futures-core", 1552 | "futures-sink", 1553 | "log", 1554 | "pin-project-lite", 1555 | "tokio", 1556 | ] 1557 | 1558 | [[package]] 1559 | name = "tower-service" 1560 | version = "0.3.1" 1561 | source = "registry+https://github.com/rust-lang/crates.io-index" 1562 | checksum = "360dfd1d6d30e05fda32ace2c8c70e9c0a9da713275777f5a4dbb8a1893930c6" 1563 | 1564 | [[package]] 1565 | name = "tracing" 1566 | version = "0.1.29" 1567 | source = "registry+https://github.com/rust-lang/crates.io-index" 1568 | checksum = "375a639232caf30edfc78e8d89b2d4c375515393e7af7e16f01cd96917fb2105" 1569 | dependencies = [ 1570 | "cfg-if", 1571 | "log", 1572 | "pin-project-lite", 1573 | "tracing-attributes", 1574 | "tracing-core", 1575 | ] 1576 | 1577 | [[package]] 1578 | name = "tracing-attributes" 1579 | version = "0.1.18" 1580 | source = "registry+https://github.com/rust-lang/crates.io-index" 1581 | checksum = "f4f480b8f81512e825f337ad51e94c1eb5d3bbdf2b363dcd01e2b19a9ffe3f8e" 1582 | dependencies = [ 1583 | "proc-macro2", 1584 | "quote", 1585 | "syn", 1586 | ] 1587 | 1588 | [[package]] 1589 | name = "tracing-core" 1590 | version = "0.1.21" 1591 | source = "registry+https://github.com/rust-lang/crates.io-index" 1592 | checksum = "1f4ed65637b8390770814083d20756f87bfa2c21bf2f110babdc5438351746e4" 1593 | dependencies = [ 1594 | "lazy_static", 1595 | ] 1596 | 1597 | [[package]] 1598 | name = "try-lock" 1599 | version = "0.2.3" 1600 | source = "registry+https://github.com/rust-lang/crates.io-index" 1601 | checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" 1602 | 1603 | [[package]] 1604 | name = "typenum" 1605 | version = "1.15.0" 1606 | source = "registry+https://github.com/rust-lang/crates.io-index" 1607 | checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" 1608 | 1609 | [[package]] 1610 | name = "unicase" 1611 | version = "1.4.2" 1612 | source = "registry+https://github.com/rust-lang/crates.io-index" 1613 | checksum = "7f4765f83163b74f957c797ad9253caf97f103fb064d3999aea9568d09fc8a33" 1614 | dependencies = [ 1615 | "version_check 0.1.5", 1616 | ] 1617 | 1618 | [[package]] 1619 | name = "unicase" 1620 | version = "2.6.0" 1621 | source = "registry+https://github.com/rust-lang/crates.io-index" 1622 | checksum = "50f37be617794602aabbeee0be4f259dc1778fabe05e2d67ee8f79326d5cb4f6" 1623 | dependencies = [ 1624 | "version_check 0.9.4", 1625 | ] 1626 | 1627 | [[package]] 1628 | name = "unicode-bidi" 1629 | version = "0.3.7" 1630 | source = "registry+https://github.com/rust-lang/crates.io-index" 1631 | checksum = "1a01404663e3db436ed2746d9fefef640d868edae3cceb81c3b8d5732fda678f" 1632 | 1633 | [[package]] 1634 | name = "unicode-normalization" 1635 | version = "0.1.19" 1636 | source = "registry+https://github.com/rust-lang/crates.io-index" 1637 | checksum = "d54590932941a9e9266f0832deed84ebe1bf2e4c9e4a3554d393d18f5e854bf9" 1638 | dependencies = [ 1639 | "tinyvec", 1640 | ] 1641 | 1642 | [[package]] 1643 | name = "unicode-segmentation" 1644 | version = "1.8.0" 1645 | source = "registry+https://github.com/rust-lang/crates.io-index" 1646 | checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b" 1647 | 1648 | [[package]] 1649 | name = "unicode-width" 1650 | version = "0.1.9" 1651 | source = "registry+https://github.com/rust-lang/crates.io-index" 1652 | checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" 1653 | 1654 | [[package]] 1655 | name = "unicode-xid" 1656 | version = "0.2.2" 1657 | source = "registry+https://github.com/rust-lang/crates.io-index" 1658 | checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" 1659 | 1660 | [[package]] 1661 | name = "url" 1662 | version = "1.7.2" 1663 | source = "registry+https://github.com/rust-lang/crates.io-index" 1664 | checksum = "dd4e7c0d531266369519a4aa4f399d748bd37043b00bde1e4ff1f60a120b355a" 1665 | dependencies = [ 1666 | "idna 0.1.5", 1667 | "matches", 1668 | "percent-encoding 1.0.1", 1669 | ] 1670 | 1671 | [[package]] 1672 | name = "url" 1673 | version = "2.2.2" 1674 | source = "registry+https://github.com/rust-lang/crates.io-index" 1675 | checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" 1676 | dependencies = [ 1677 | "form_urlencoded", 1678 | "idna 0.2.3", 1679 | "matches", 1680 | "percent-encoding 2.1.0", 1681 | ] 1682 | 1683 | [[package]] 1684 | name = "vcpkg" 1685 | version = "0.2.15" 1686 | source = "registry+https://github.com/rust-lang/crates.io-index" 1687 | checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" 1688 | 1689 | [[package]] 1690 | name = "vec_map" 1691 | version = "0.8.2" 1692 | source = "registry+https://github.com/rust-lang/crates.io-index" 1693 | checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" 1694 | 1695 | [[package]] 1696 | name = "version_check" 1697 | version = "0.1.5" 1698 | source = "registry+https://github.com/rust-lang/crates.io-index" 1699 | checksum = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd" 1700 | 1701 | [[package]] 1702 | name = "version_check" 1703 | version = "0.9.4" 1704 | source = "registry+https://github.com/rust-lang/crates.io-index" 1705 | checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" 1706 | 1707 | [[package]] 1708 | name = "want" 1709 | version = "0.3.0" 1710 | source = "registry+https://github.com/rust-lang/crates.io-index" 1711 | checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" 1712 | dependencies = [ 1713 | "log", 1714 | "try-lock", 1715 | ] 1716 | 1717 | [[package]] 1718 | name = "wasi" 1719 | version = "0.10.2+wasi-snapshot-preview1" 1720 | source = "registry+https://github.com/rust-lang/crates.io-index" 1721 | checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" 1722 | 1723 | [[package]] 1724 | name = "wasm-bindgen" 1725 | version = "0.2.78" 1726 | source = "registry+https://github.com/rust-lang/crates.io-index" 1727 | checksum = "632f73e236b219150ea279196e54e610f5dbafa5d61786303d4da54f84e47fce" 1728 | dependencies = [ 1729 | "cfg-if", 1730 | "wasm-bindgen-macro", 1731 | ] 1732 | 1733 | [[package]] 1734 | name = "wasm-bindgen-backend" 1735 | version = "0.2.78" 1736 | source = "registry+https://github.com/rust-lang/crates.io-index" 1737 | checksum = "a317bf8f9fba2476b4b2c85ef4c4af8ff39c3c7f0cdfeed4f82c34a880aa837b" 1738 | dependencies = [ 1739 | "bumpalo", 1740 | "lazy_static", 1741 | "log", 1742 | "proc-macro2", 1743 | "quote", 1744 | "syn", 1745 | "wasm-bindgen-shared", 1746 | ] 1747 | 1748 | [[package]] 1749 | name = "wasm-bindgen-futures" 1750 | version = "0.4.28" 1751 | source = "registry+https://github.com/rust-lang/crates.io-index" 1752 | checksum = "8e8d7523cb1f2a4c96c1317ca690031b714a51cc14e05f712446691f413f5d39" 1753 | dependencies = [ 1754 | "cfg-if", 1755 | "js-sys", 1756 | "wasm-bindgen", 1757 | "web-sys", 1758 | ] 1759 | 1760 | [[package]] 1761 | name = "wasm-bindgen-macro" 1762 | version = "0.2.78" 1763 | source = "registry+https://github.com/rust-lang/crates.io-index" 1764 | checksum = "d56146e7c495528bf6587663bea13a8eb588d39b36b679d83972e1a2dbbdacf9" 1765 | dependencies = [ 1766 | "quote", 1767 | "wasm-bindgen-macro-support", 1768 | ] 1769 | 1770 | [[package]] 1771 | name = "wasm-bindgen-macro-support" 1772 | version = "0.2.78" 1773 | source = "registry+https://github.com/rust-lang/crates.io-index" 1774 | checksum = "7803e0eea25835f8abdc585cd3021b3deb11543c6fe226dcd30b228857c5c5ab" 1775 | dependencies = [ 1776 | "proc-macro2", 1777 | "quote", 1778 | "syn", 1779 | "wasm-bindgen-backend", 1780 | "wasm-bindgen-shared", 1781 | ] 1782 | 1783 | [[package]] 1784 | name = "wasm-bindgen-shared" 1785 | version = "0.2.78" 1786 | source = "registry+https://github.com/rust-lang/crates.io-index" 1787 | checksum = "0237232789cf037d5480773fe568aac745bfe2afbc11a863e97901780a6b47cc" 1788 | 1789 | [[package]] 1790 | name = "web-sys" 1791 | version = "0.3.55" 1792 | source = "registry+https://github.com/rust-lang/crates.io-index" 1793 | checksum = "38eb105f1c59d9eaa6b5cdc92b859d85b926e82cb2e0945cd0c9259faa6fe9fb" 1794 | dependencies = [ 1795 | "js-sys", 1796 | "wasm-bindgen", 1797 | ] 1798 | 1799 | [[package]] 1800 | name = "winapi" 1801 | version = "0.3.9" 1802 | source = "registry+https://github.com/rust-lang/crates.io-index" 1803 | checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" 1804 | dependencies = [ 1805 | "winapi-i686-pc-windows-gnu", 1806 | "winapi-x86_64-pc-windows-gnu", 1807 | ] 1808 | 1809 | [[package]] 1810 | name = "winapi-i686-pc-windows-gnu" 1811 | version = "0.4.0" 1812 | source = "registry+https://github.com/rust-lang/crates.io-index" 1813 | checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" 1814 | 1815 | [[package]] 1816 | name = "winapi-util" 1817 | version = "0.1.5" 1818 | source = "registry+https://github.com/rust-lang/crates.io-index" 1819 | checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" 1820 | dependencies = [ 1821 | "winapi", 1822 | ] 1823 | 1824 | [[package]] 1825 | name = "winapi-x86_64-pc-windows-gnu" 1826 | version = "0.4.0" 1827 | source = "registry+https://github.com/rust-lang/crates.io-index" 1828 | checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" 1829 | 1830 | [[package]] 1831 | name = "winreg" 1832 | version = "0.7.0" 1833 | source = "registry+https://github.com/rust-lang/crates.io-index" 1834 | checksum = "0120db82e8a1e0b9fb3345a539c478767c0048d842860994d96113d5b667bd69" 1835 | dependencies = [ 1836 | "winapi", 1837 | ] 1838 | 1839 | [[package]] 1840 | name = "www-authenticate" 1841 | version = "0.4.0" 1842 | source = "registry+https://github.com/rust-lang/crates.io-index" 1843 | checksum = "02fd1970505d8d9842104b229ba0c6b6331c0897677d0fc0517ea657e77428d0" 1844 | dependencies = [ 1845 | "hyperx", 1846 | "unicase 1.4.2", 1847 | "url 1.7.2", 1848 | ] 1849 | 1850 | [[package]] 1851 | name = "x509-parser" 1852 | version = "0.12.0" 1853 | source = "registry+https://github.com/rust-lang/crates.io-index" 1854 | checksum = "ffc90836a84cb72e6934137b1504d0cae304ef5d83904beb0c8d773bbfe256ed" 1855 | dependencies = [ 1856 | "base64", 1857 | "chrono", 1858 | "data-encoding", 1859 | "der-parser", 1860 | "lazy_static", 1861 | "nom", 1862 | "oid-registry", 1863 | "rusticata-macros", 1864 | "thiserror", 1865 | ] 1866 | 1867 | [[package]] 1868 | name = "zeroize" 1869 | version = "1.5.0" 1870 | source = "registry+https://github.com/rust-lang/crates.io-index" 1871 | checksum = "cc222aec311c323c717f56060324f32b82da1ce1dd81d9a09aa6a9030bfe08db" 1872 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "sget" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | anyhow = "1.0" 10 | chrono = { version = "0.4.11", features = ["serde"] } 11 | clap = "3.0.10" 12 | serde_json = { version = "1.0", features = ["raw_value"] } 13 | serde = {version = "1.0.134", features = ["derive"]} 14 | serde_plain = "1.0.0" 15 | serde_with = { version = "1.8.0", features = ["json"]} 16 | structopt = "0.3" 17 | oci-distribution = "0.8.1" 18 | tokio = { version = "1", features = ["rt-multi-thread", "macros"] } 19 | time = "0.3" 20 | base64 = "0.13.0" 21 | x509-parser = "0.12.0" 22 | p256 = {version = "0.10.1", features = ["ecdsa-core"]} 23 | ecdsa = { version = "0.13.4", features = ["verify", "pem", "der", "pkcs8"] } 24 | #[cfg(not(target_os = "windows"))] 25 | openssl = "0.10.38" -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # sget 2 | 3 | [![CI](https://github.com/sigstore/sget/actions/workflows/main.yml/badge.svg)](https://github.com/sigstore/sget/actions/workflows/main.yml) 4 | 5 | > :warning: Not ready for use yet! :warning: 6 | 7 | sget is a safe artifact retrieval and execution tool. 8 | 9 | It's purpose is to provide a means to address common insecure download methods, such as using curl operations piped to bash, followed by shell script execution. 10 | 11 | The initial work involves the use of an OCI registry, however other storage methods are planned and we are open to suggestions from the community. 12 | 13 | > sget is based off the prototype [sget](https://github.com/sigstore/cosign/blob/main/cmd/sget/) repurposed in Rust. 14 | 15 | ## Security 16 | 17 | Should you discover any security issues, please refer to sigstore's [security 18 | process](https://github.com/sigstore/community/blob/main/SECURITY.md). 19 | -------------------------------------------------------------------------------- /src/main.rs: -------------------------------------------------------------------------------- 1 | // Copyright 2021 The Sigstore Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | mod oci; 16 | pub mod policy; 17 | mod utils; 18 | use anyhow::Result; 19 | use clap::{App, Arg}; 20 | use std::env; 21 | use std::fs; 22 | use std::fs::File; 23 | use std::io::Write; 24 | 25 | #[cfg(not(target_os = "windows"))] 26 | use std::os::unix::fs::PermissionsExt; 27 | use std::path::Path; 28 | 29 | // Example Usage: ./sget ghcr.io/jyotsna-penumaka/hello_sget:latest 30 | // This will fetch the contents and print them to stdout. 31 | 32 | #[tokio::main] 33 | async fn main() -> Result<(), anyhow::Error> { 34 | let matches = App::new("sget") 35 | .version("0.1") 36 | .author("Sigstore Developers") 37 | .about("Secure script retrieval and execution") 38 | .arg( 39 | Arg::new("ref") 40 | .help("OCI image reference") 41 | .required(true) 42 | .index(1), 43 | ) 44 | .arg( 45 | Arg::new("exec") 46 | .long("exec") 47 | .takes_value(false) 48 | .requires("outfile") 49 | .help("Execute script"), 50 | ) 51 | .arg( 52 | Arg::new("outfile") 53 | .short('f') 54 | .long("outfile") 55 | .value_name("OUT_FILE") 56 | .help("Save script to file") 57 | .takes_value(true), 58 | ) 59 | .arg( 60 | Arg::new("interactive") 61 | .short('i') 62 | .long("interactive") 63 | .takes_value(false) 64 | .help("Displays executing script's stdout to console"), 65 | ) 66 | .get_matches(); 67 | 68 | let data = oci::blob_pull(matches.value_of("ref").unwrap_or("")).await?; 69 | 70 | if let Some(outfile) = matches.value_of("outfile") { 71 | let filepath = { 72 | let p = Path::new(outfile); 73 | if p.is_absolute() { 74 | p.into() 75 | } else { 76 | env::current_dir()?.join(outfile) 77 | } 78 | }; 79 | 80 | let mut file = File::create(&filepath)?; 81 | file.write_all(&data[..])?; 82 | 83 | if matches.is_present("exec") { 84 | let md = file.metadata()?; 85 | let mut perms = md.permissions(); 86 | // Setting executable mode only on non-Windows. 87 | #[cfg(not(target_os = "windows"))] 88 | perms.set_mode(0o777); // Make the file executable. 89 | fs::set_permissions(&filepath, perms)?; 90 | drop(file); 91 | 92 | utils::run_script( 93 | &filepath.to_string_lossy(), 94 | matches.is_present("interactive"), 95 | ) 96 | .expect("Execution failed"); 97 | eprintln!("\n\nExecution succeeded"); 98 | } 99 | } else { 100 | println!("{}", String::from_utf8(data)?); // Print to stdout. 101 | } 102 | 103 | anyhow::Ok(()) 104 | } 105 | -------------------------------------------------------------------------------- /src/oci.rs: -------------------------------------------------------------------------------- 1 | use anyhow::Result; 2 | use oci_distribution::{client, secrets::RegistryAuth, Client, Reference}; 3 | 4 | pub async fn blob_pull(reference: &str) -> Result, anyhow::Error> { 5 | let reference: Reference = reference.parse().expect("Invalid reference"); 6 | let config = client::ClientConfig { 7 | protocol: client::ClientProtocol::Https, 8 | accept_invalid_hostnames: false, 9 | accept_invalid_certificates: false, 10 | extra_root_certificates: Vec::new(), 11 | }; 12 | let mut client = Client::new(config); 13 | let auth: RegistryAuth = RegistryAuth::Anonymous; 14 | let accepted_media_types = vec!["text/plain"]; 15 | let image = client 16 | .pull(&reference, &auth, accepted_media_types) 17 | .await? 18 | .layers 19 | .into_iter() 20 | .next() 21 | .map(|layer| layer.data); 22 | match image { 23 | Some(data) => Ok(data), 24 | None => Err(anyhow::anyhow!("Failed to fetch blob")), // TODO: Better error message. 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/policy.rs: -------------------------------------------------------------------------------- 1 | use anyhow::{anyhow, Error, Result}; 2 | use chrono::{DateTime, Utc}; 3 | use ecdsa::signature::Verifier; 4 | use ecdsa::{Signature as OtherSignature, VerifyingKey}; 5 | use openssl::{stack::Stack, x509::*}; 6 | use p256::pkcs8::DecodePublicKey; 7 | use serde::{Deserialize, Serialize}; 8 | use serde_json::{value::RawValue, Value}; 9 | use serde_plain::{derive_display_from_serialize, derive_fromstr_from_deserialize}; 10 | use std::{collections::HashMap, convert::TryFrom, num::NonZeroU64}; 11 | use x509_parser::{parse_x509_certificate, pem::parse_x509_pem}; 12 | 13 | pub type CosignVerificationKey = VerifyingKey; 14 | 15 | // A signed root policy object 16 | #[derive(Serialize, Deserialize)] 17 | pub struct Policy { 18 | // A list of signatures. 19 | pub signatures: Vec, 20 | // The root policy that is signed. 21 | pub signed: Signed, 22 | } 23 | 24 | impl Policy { 25 | pub fn validate_expires(&self) -> chrono::Duration { 26 | self.signed.expires.signed_duration_since(Utc::now()) 27 | } 28 | 29 | /// Extract the public key from the policy 30 | pub fn extract_pub_key(&self) -> Result { 31 | let cert = base64::decode(&self.signatures[0].cert)?; 32 | let (_, pem) = parse_x509_pem(&cert) 33 | .map_err(|e| anyhow!("Error parsing fulcio PEM certificate: {:?}", e))?; 34 | let (_, res_x509) = parse_x509_certificate(&pem.contents) 35 | .map_err(|e| anyhow!("Error parsing fulcio certificate: {:?}", e))?; 36 | let pub_key_bytes = res_x509.public_key().raw.to_owned(); 37 | VerifyingKey::::from_public_key_der(&pub_key_bytes[..]) 38 | .map_err(|e| anyhow!("Cannot load key: {:?}", e)) 39 | } 40 | 41 | /// Verify the signature provided has been actually generated by the given key against the 42 | /// when signing the provided message. 43 | pub fn verify_signature( 44 | &self, 45 | verification_key: &CosignVerificationKey, 46 | msg: &[u8], 47 | ) -> Result<()> { 48 | let signature_raw = base64::decode(&self.signatures[0].sig)?; 49 | let signature = OtherSignature::::from_der(&signature_raw)?; 50 | verification_key 51 | .verify(msg, &signature) 52 | .map_err(|e| anyhow!("Verification failed: {:?}", e)) 53 | } 54 | 55 | pub fn verify_fulcio_chain( 56 | &self, 57 | root_cert: openssl::x509::X509, 58 | ) -> Result { 59 | let leaf_cert = base64::decode(&self.signatures[0].cert)?; 60 | let leaf_cert = X509::from_pem(&leaf_cert)?; 61 | 62 | // Check 1 : verifies that the leaf cert's issuer matches the root cert's subject field. 63 | if root_cert.issued(&leaf_cert) != X509VerifyResult::OK { 64 | return Ok(false); 65 | } 66 | 67 | let mut chain = Stack::new()?; 68 | let _ = chain.push(leaf_cert.clone()); 69 | 70 | let mut store_bldr = store::X509StoreBuilder::new()?; 71 | store_bldr.add_cert(root_cert)?; 72 | 73 | let mut flags = openssl::x509::verify::X509VerifyFlags::empty(); 74 | flags.insert(openssl::x509::verify::X509VerifyFlags::NO_CHECK_TIME); 75 | store_bldr.set_flags(flags)?; 76 | 77 | let store = store_bldr.build(); 78 | 79 | // Check 2 : verifies that the leaf cert's issuer matches the root cert's subject field. 80 | let mut context = X509StoreContext::new()?; 81 | Ok(context.init(&store, &leaf_cert, &chain, |c| c.verify_cert())?) 82 | } 83 | } 84 | 85 | // This holds the raw data from a serialized policy, accessible via the 86 | // 'signatures' and 'signed' fields. We must preserve this data as RawValues 87 | // in order for signature verification to work. 88 | #[derive(Serialize, Deserialize)] 89 | struct RawPolicy<'a> { 90 | #[serde(borrow)] 91 | pub signatures: &'a RawValue, 92 | #[serde(borrow)] 93 | pub signed: &'a RawValue, 94 | } 95 | 96 | // A signature and the key ID and certificate that made it. 97 | #[derive(Serialize, Deserialize)] 98 | pub struct Signature { 99 | // The hex encoded key ID that made this signature. 100 | pub keyid: String, 101 | // The base64 encoded signature of the canonical JSON of the root policy. 102 | pub sig: String, 103 | // The base64 encoded certificate that was used to create the signature. 104 | pub cert: String, 105 | } 106 | 107 | // The root policy indicated the trusted root keys. 108 | #[derive(Serialize, Deserialize)] 109 | pub struct Signed { 110 | pub consistent_snapshot: bool, 111 | pub expires: DateTime, 112 | pub keys: HashMap, 113 | pub namespace: String, 114 | pub roles: HashMap, 115 | pub spec_version: String, 116 | pub version: NonZeroU64, 117 | } 118 | 119 | #[derive(Serialize, Deserialize)] 120 | pub struct RoleKeys { 121 | /// The key IDs used for the role. 122 | pub keyids: Vec, 123 | /// The threshold of signatures required to validate the role. 124 | pub threshold: NonZeroU64, 125 | } 126 | 127 | #[derive(PartialEq, Eq, Hash, Serialize, Deserialize)] 128 | /// The type of metadata role. 129 | pub enum RoleType { 130 | /// The root role delegates trust to specific keys trusted for all other top-level roles used in 131 | /// the system. 132 | Root, 133 | } 134 | 135 | impl TryFrom<&str> for RoleType { 136 | type Error = Error; 137 | fn try_from(s: &str) -> Result { 138 | match s { 139 | "Root" => Ok(RoleType::Root), 140 | other => Err(anyhow!("Unknown RoleType: {}", other)), 141 | } 142 | } 143 | } 144 | 145 | derive_display_from_serialize!(RoleType); 146 | derive_fromstr_from_deserialize!(RoleType); 147 | 148 | #[derive(Serialize, Deserialize)] 149 | #[serde(tag = "keytype")] 150 | pub enum Key { 151 | /// A sigstore oidc key. 152 | #[serde(rename = "sigstore-oidc")] 153 | SigstoreOidc { 154 | /// The sigstore oidc key. 155 | keyval: SigstoreOidcKey, 156 | /// Denotes the key's scheme 157 | scheme: String, 158 | /// Any additional fields read during deserialization; will not be used. 159 | // TODO: key_hash_algorithms 160 | #[serde(flatten)] 161 | _extra: HashMap, 162 | }, 163 | } 164 | 165 | derive_display_from_serialize!(Key); 166 | derive_fromstr_from_deserialize!(Key); 167 | 168 | #[derive(Serialize, Deserialize)] 169 | /// Represents a deserialized (decoded) SigstoreOidc public key. 170 | pub struct SigstoreOidcKey { 171 | /// The identity (subject) 172 | pub identity: String, 173 | /// The issuer 174 | pub issuer: String, 175 | } 176 | 177 | #[cfg(test)] 178 | mod tests { 179 | use super::*; 180 | use std::{ 181 | fs::read, 182 | path::{Path, PathBuf}, 183 | }; 184 | 185 | const CRATE: &str = env!("CARGO_MANIFEST_DIR"); 186 | 187 | struct Setup { 188 | good_policy: PathBuf, 189 | bad_policy: PathBuf, 190 | } 191 | 192 | impl Setup { 193 | fn new() -> Self { 194 | let good_policy = Path::new(CRATE).join("tests/test_data/policy_good.json"); 195 | let bad_policy = Path::new(CRATE).join("tests/test_data/policy_bad.json"); 196 | 197 | Self { 198 | good_policy, 199 | bad_policy, 200 | } 201 | } 202 | 203 | fn read_good_policy(&self) -> Policy { 204 | let raw_json = read(&self.good_policy).expect("Cannot read good policy file"); 205 | serde_json::from_slice(&raw_json).expect("Cannot deserialize policy") 206 | } 207 | 208 | fn read_bad_policy(&self) -> Policy { 209 | let raw_json = read(&self.bad_policy).expect("Cannot read bad policy file"); 210 | serde_json::from_slice(&raw_json).expect("Cannot deserialize policy") 211 | } 212 | } 213 | 214 | #[test] 215 | fn deserialize() { 216 | let setup = Setup::new(); 217 | setup.read_good_policy(); 218 | } 219 | 220 | #[test] 221 | fn parse_script_success() { 222 | let setup = Setup::new(); 223 | let policy = setup.read_good_policy(); 224 | assert_eq!(policy.signed.version, NonZeroU64::new(1).unwrap()) //#[allow_ci] 225 | } 226 | 227 | #[test] 228 | fn validate_expiry_success() { 229 | let setup = Setup::new(); 230 | let policy = setup.read_good_policy(); 231 | assert!(!policy.validate_expires().to_std().is_err()); 232 | } 233 | 234 | #[test] 235 | fn validate_expiry_failure() { 236 | let setup = Setup::new(); 237 | let policy = setup.read_bad_policy(); 238 | assert!(policy.validate_expires().to_std().is_err()); 239 | } 240 | 241 | // Note: open an issue about getting tests to run on Windows 242 | #[test] 243 | #[cfg(not(target_os = "windows"))] 244 | fn validate_signature_success() { 245 | let setup = Setup::new(); 246 | let policy = setup.read_good_policy(); 247 | 248 | let good_policy = Path::new(CRATE).join("tests/test_data/policy_good.json"); 249 | let raw_json = read(good_policy).expect("Cannot read good policy file"); 250 | let raw_policy: RawPolicy = 251 | serde_json::from_slice(&raw_json).expect("Could not create Raw Policy"); 252 | 253 | let pub_key = policy.extract_pub_key(); 254 | let msg = (raw_policy.signed).get().as_bytes(); 255 | 256 | let outcome = policy.verify_signature(&pub_key.unwrap(), msg); //#[allow_ci] 257 | assert!(outcome.is_ok()); 258 | } 259 | 260 | #[test] 261 | fn validate_signature_failure() { 262 | let setup = Setup::new(); 263 | let policy = setup.read_bad_policy(); 264 | 265 | let bad_policy = Path::new(CRATE).join("tests/test_data/policy_bad.json"); 266 | let raw_json = read(bad_policy).expect("Cannot read bad policy file"); 267 | let raw_policy: RawPolicy = 268 | serde_json::from_slice(&raw_json).expect("Could not create Raw Policy"); 269 | 270 | let pub_key = policy.extract_pub_key(); 271 | let msg = (raw_policy.signed).get().as_bytes(); 272 | 273 | let outcome = policy.verify_signature(&pub_key.unwrap(), msg); //#[allow_ci] 274 | assert!(outcome.is_err()); 275 | } 276 | 277 | // Note: open an issue about getting tests to run on Windows 278 | #[test] 279 | #[cfg(not(target_os = "windows"))] 280 | fn validate_fulcio_cert_success() { 281 | let setup = Setup::new(); 282 | let policy = setup.read_good_policy(); 283 | 284 | let root_cert = std::include_bytes!("../tests/test_data/fulcio_root.pem"); 285 | let root_cert = X509::from_pem(root_cert).unwrap(); //#[allow_ci] 286 | 287 | let fulcio = policy.verify_fulcio_chain(root_cert).unwrap(); //#[allow_ci] 288 | assert!(fulcio); 289 | } 290 | } 291 | -------------------------------------------------------------------------------- /src/utils.rs: -------------------------------------------------------------------------------- 1 | use std::io::Error; 2 | use std::process::{Command, ExitStatus, Stdio}; 3 | 4 | pub(crate) fn run_script(path: &str, interactive: bool) -> Result { 5 | // TODO: we can feed in args for the script by using the following 6 | // command.arg("some-flag"); 7 | let mut childproc = if interactive { 8 | Command::new(path).spawn()? 9 | } else { 10 | Command::new(path) 11 | .stdin(Stdio::piped()) 12 | .stdout(Stdio::piped()) 13 | .stderr(Stdio::piped()) 14 | .spawn()? 15 | }; 16 | // Returns exit code of child process, or an error 17 | childproc.wait() 18 | } 19 | 20 | #[test] 21 | fn execute_script_fail() { 22 | assert_eq!( 23 | run_script("i_dont_exist.txt", false).unwrap_err().kind(), 24 | std::io::ErrorKind::NotFound 25 | ); 26 | } 27 | 28 | #[test] 29 | #[cfg(not(target_os = "windows"))] 30 | fn execute_script_success() { 31 | let mut dir = std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")); 32 | dir.push("tests/test.sh"); 33 | 34 | let res = run_script(&dir.to_string_lossy(), false).expect("Execution falied"); 35 | assert!(res.success()); 36 | } 37 | -------------------------------------------------------------------------------- /tests/nopanic.ci: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | ''' 3 | SPDX-License-Identifier: Apache-2.0 4 | 5 | To prevent CI failing for approved instance of banned words, add a comment: //#[allow_ci] 6 | ''' 7 | 8 | import os 9 | 10 | banned = ["unwrap(", "panic!("] 11 | 12 | srcs = os.listdir("src") 13 | print("Files to check: %s" % srcs) 14 | 15 | failed = False 16 | for f in srcs: 17 | with open("src/" + f) as src_file: 18 | for line_no, line in enumerate(src_file): 19 | for b in banned: 20 | if b not in line or "//#[allow_ci]" in line: 21 | continue 22 | failed = True 23 | print("File %s on line number %s calls banned function: %s)" % (f, line_no + 1, b)) 24 | pass 25 | exit(failed) 26 | -------------------------------------------------------------------------------- /tests/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo -n "Hello Sigstore!" 4 | -------------------------------------------------------------------------------- /tests/test_data/fulcio_root.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB+DCCAX6gAwIBAgITNVkDZoCiofPDsy7dfm6geLbuhzAKBggqhkjOPQQDAzAq 3 | MRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIx 4 | MDMwNzAzMjAyOVoXDTMxMDIyMzAzMjAyOVowKjEVMBMGA1UEChMMc2lnc3RvcmUu 5 | ZGV2MREwDwYDVQQDEwhzaWdzdG9yZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLSy 6 | A7Ii5k+pNO8ZEWY0ylemWDowOkNa3kL+GZE5Z5GWehL9/A9bRNA3RbrsZ5i0Jcas 7 | taRL7Sp5fp/jD5dxqc/UdTVnlvS16an+2Yfswe/QuLolRUCrcOE2+2iA5+tzd6Nm 8 | MGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE 9 | FMjFHQBBmiQpMlEk6w2uSu1KBtPsMB8GA1UdIwQYMBaAFMjFHQBBmiQpMlEk6w2u 10 | Su1KBtPsMAoGCCqGSM49BAMDA2gAMGUCMH8liWJfMui6vXXBhjDgY4MwslmN/TJx 11 | Ve/83WrFomwmNf056y1X48F9c4m3a3ozXAIxAKjRay5/aj/jsKKGIkmQatjI8uup 12 | Hr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ== 13 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /tests/test_data/policy_bad.json: -------------------------------------------------------------------------------- 1 | { 2 | "signatures": [ 3 | { 4 | "cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNwakNDQWl5Z0F3SUJBZ0lVQU9rZGFGTnlmRi9ZV0VqbnIwam81N2pWZ0pZd0NnWUlLb1pJemowRUF3TXcKS2pFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUkV3RHdZRFZRUURFd2h6YVdkemRHOXlaVEFlRncweQpNVEV4TWpNeU1ESTVNVEJhRncweU1URXhNak15TURRNU1EbGFNQUF3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPClBRTUJCd05DQUFSeGxCTnlwV2xOUTVBQS9samlWTWNGTlJ2THF0NWpwajBQcFF5NXpjRmpMREYrajd4eStsdnAKVFZXYld5cmtZdWh4elNQby9GV0MvVHorQkc4azdTSmFvNElCV0RDQ0FWUXdEZ1lEVlIwUEFRSC9CQVFEQWdlQQpNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01ETUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGS0VpCnJGME5wQmQreENNWm9hZFZLMmxrbHZxUk1COEdBMVVkSXdRWU1CYUFGTWpGSFFCQm1pUXBNbEVrNncydVN1MUsKQnRQc01JR05CZ2dyQmdFRkJRY0JBUVNCZ0RCK01Id0dDQ3NHQVFVRkJ6QUNobkJvZEhSd09pOHZjSEpwZG1GMApaV05oTFdOdmJuUmxiblF0TmpBelptVTNaVGN0TURBd01DMHlNakkzTFdKbU56VXRaalJtTldVNE1HUXlPVFUwCkxuTjBiM0poWjJVdVoyOXZaMnhsWVhCcGN5NWpiMjB2WTJFek5tRXhaVGsyTWpReVlqbG1ZMkl4TkRZdlkyRXUKWTNKME1DRUdBMVVkRVFFQi93UVhNQldCRTJwd1pXNTFiV0ZyUUhKbFpHaGhkQzVqYjIwd0xBWUtLd1lCQkFHRAp2ekFCQVFRZWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyeHZaMmx1TDI5aGRYUm9NQW9HQ0NxR1NNNDlCQU1ECkEyZ0FNR1VDTVFEK2c5RmxQTXBTOVd4UlFKd3phcVJGdWFPR21tdTNzZk1TTFUxZmU0VGs3NExySklEaC9aeC8KSDFjT0dHdTZsd1VDTUJLclVmbGo4U3BTT1o2TzFVMkZBUGs0ZEFFVjhzbm4xY3dkYWN6MEZPa3BMU09yazlHMQp1Y1hibDh0R1VNTmN6Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", 5 | "keyid": "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a", 6 | "sig": "MEUCIQD8hp70pD5P4phof9LVfLispss5uUTDPnunWI2OgoT4owIgJIxkvoOhM4qvNGaowfpKhcJUL42Itvz0Jw+kKHL+2Rs=" 7 | } 8 | ], 9 | "signed": { 10 | "_type": "root", 11 | "consistent_snapshot": true, 12 | "expires": "2020-02-23T20:29:00Z", 13 | "keys": { 14 | "0dbdcea45bc3fa9091551690b89caa8bc322546b72fc6c766ccfa2be60547de6": { 15 | "keyid_hash_algorithms": [ 16 | "sha256", 17 | "sha512" 18 | ], 19 | "keytype": "sigstore-oidc", 20 | "keyval": { 21 | "identity": "jyotsnap@bu.edu", 22 | "issuer": "" 23 | }, 24 | "scheme": "https://fulcio.sigstore.dev" 25 | }, 26 | "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a": { 27 | "keyid_hash_algorithms": [ 28 | "sha256", 29 | "sha512" 30 | ], 31 | "keytype": "sigstore-oidc", 32 | "keyval": { 33 | "identity": "jpenumak@redhat.com", 34 | "issuer": "" 35 | }, 36 | "scheme": "https://fulcio.sigstore.dev" 37 | }, 38 | "e71beb853fb177ecd4248f1fe8c6e7c31476b8ff00842d53ecfff9332b7c70be": { 39 | "keyid_hash_algorithms": [ 40 | "sha256", 41 | "sha512" 42 | ], 43 | "keytype": "sigstore-oidc", 44 | "keyval": { 45 | "identity": "lsturman@redhat.com", 46 | "issuer": "" 47 | }, 48 | "scheme": "https://fulcio.sigstore.dev" 49 | } 50 | }, 51 | "namespace": "ghcr.io/jyotsna-penumaka/sigstore-kubecon", 52 | "roles": { 53 | "root": { 54 | "keyids": [ 55 | "e71beb853fb177ecd4248f1fe8c6e7c31476b8ff00842d53ecfff9332b7c70be", 56 | "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a", 57 | "0dbdcea45bc3fa9091551690b89caa8bc322546b72fc6c766ccfa2be60547de6" 58 | ], 59 | "threshold": 2 60 | } 61 | }, 62 | "spec_version": "1.0", 63 | "version": 1 64 | } 65 | } -------------------------------------------------------------------------------- /tests/test_data/policy_good.json: -------------------------------------------------------------------------------- 1 | { 2 | "signatures": [ 3 | { 4 | "cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNwakNDQWl5Z0F3SUJBZ0lVQU9rZGFGTnlmRi9ZV0VqbnIwam81N2pWZ0pZd0NnWUlLb1pJemowRUF3TXcKS2pFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUkV3RHdZRFZRUURFd2h6YVdkemRHOXlaVEFlRncweQpNVEV4TWpNeU1ESTVNVEJhRncweU1URXhNak15TURRNU1EbGFNQUF3V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPClBRTUJCd05DQUFSeGxCTnlwV2xOUTVBQS9samlWTWNGTlJ2THF0NWpwajBQcFF5NXpjRmpMREYrajd4eStsdnAKVFZXYld5cmtZdWh4elNQby9GV0MvVHorQkc4azdTSmFvNElCV0RDQ0FWUXdEZ1lEVlIwUEFRSC9CQVFEQWdlQQpNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01ETUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEVlIwT0JCWUVGS0VpCnJGME5wQmQreENNWm9hZFZLMmxrbHZxUk1COEdBMVVkSXdRWU1CYUFGTWpGSFFCQm1pUXBNbEVrNncydVN1MUsKQnRQc01JR05CZ2dyQmdFRkJRY0JBUVNCZ0RCK01Id0dDQ3NHQVFVRkJ6QUNobkJvZEhSd09pOHZjSEpwZG1GMApaV05oTFdOdmJuUmxiblF0TmpBelptVTNaVGN0TURBd01DMHlNakkzTFdKbU56VXRaalJtTldVNE1HUXlPVFUwCkxuTjBiM0poWjJVdVoyOXZaMnhsWVhCcGN5NWpiMjB2WTJFek5tRXhaVGsyTWpReVlqbG1ZMkl4TkRZdlkyRXUKWTNKME1DRUdBMVVkRVFFQi93UVhNQldCRTJwd1pXNTFiV0ZyUUhKbFpHaGhkQzVqYjIwd0xBWUtLd1lCQkFHRAp2ekFCQVFRZWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyeHZaMmx1TDI5aGRYUm9NQW9HQ0NxR1NNNDlCQU1ECkEyZ0FNR1VDTVFEK2c5RmxQTXBTOVd4UlFKd3phcVJGdWFPR21tdTNzZk1TTFUxZmU0VGs3NExySklEaC9aeC8KSDFjT0dHdTZsd1VDTUJLclVmbGo4U3BTT1o2TzFVMkZBUGs0ZEFFVjhzbm4xY3dkYWN6MEZPa3BMU09yazlHMQp1Y1hibDh0R1VNTmN6Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", 5 | "keyid": "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a", 6 | "sig": "MEUCIQD8hp70pD5P4phof9LVfLispss5uUTDPnunWI2OgoT4owIgJIxkvoOhM4qvNGaowfpKhcJUL42Itvz0Jw+kKHL+2Rs=" 7 | } 8 | ], 9 | "signed": { 10 | "_type": "root", 11 | "consistent_snapshot": true, 12 | "expires": "2022-02-23T20:29:00Z", 13 | "keys": { 14 | "0dbdcea45bc3fa9091551690b89caa8bc322546b72fc6c766ccfa2be60547de6": { 15 | "keyid_hash_algorithms": [ 16 | "sha256", 17 | "sha512" 18 | ], 19 | "keytype": "sigstore-oidc", 20 | "keyval": { 21 | "identity": "jyotsnap@bu.edu", 22 | "issuer": "" 23 | }, 24 | "scheme": "https://fulcio.sigstore.dev" 25 | }, 26 | "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a": { 27 | "keyid_hash_algorithms": [ 28 | "sha256", 29 | "sha512" 30 | ], 31 | "keytype": "sigstore-oidc", 32 | "keyval": { 33 | "identity": "jpenumak@redhat.com", 34 | "issuer": "" 35 | }, 36 | "scheme": "https://fulcio.sigstore.dev" 37 | }, 38 | "e71beb853fb177ecd4248f1fe8c6e7c31476b8ff00842d53ecfff9332b7c70be": { 39 | "keyid_hash_algorithms": [ 40 | "sha256", 41 | "sha512" 42 | ], 43 | "keytype": "sigstore-oidc", 44 | "keyval": { 45 | "identity": "lsturman@redhat.com", 46 | "issuer": "" 47 | }, 48 | "scheme": "https://fulcio.sigstore.dev" 49 | } 50 | }, 51 | "namespace": "ghcr.io/jyotsna-penumaka/sigstore-kubecon", 52 | "roles": { 53 | "root": { 54 | "keyids": [ 55 | "e71beb853fb177ecd4248f1fe8c6e7c31476b8ff00842d53ecfff9332b7c70be", 56 | "db379d3746fe29d97f8e2dee8381d535a4b579d3ecf619613738cf138dadec0a", 57 | "0dbdcea45bc3fa9091551690b89caa8bc322546b72fc6c766ccfa2be60547de6" 58 | ], 59 | "threshold": 2 60 | } 61 | }, 62 | "spec_version": "1.0", 63 | "version": 1 64 | } 65 | } --------------------------------------------------------------------------------