Merge pull request #1 from radu-matei/signy

WIP Notary integration

Author: Radu M

Gopkg.lock

@@ -1,30 +1,3 @@
-# Gopkg.toml example
-#
-# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#   name = "github.com/x/y"
-#   version = "2.4.0"
-#
-# [prune]
-#   non-go = false
-#   go-tests = true
-#   unused-packages = true
-
-
 [[constraint]]
   name = "github.com/deislabs/oras"
   version = "0.6.0"
@@ -33,6 +6,14 @@
   name = "github.com/docker/docker"
   revision = "8a43b7bb99cd1eedc3aca61fbc3ccfba6b75c209"
 
+[[constraint]]
+  name = "github.com/containerd/containerd"
+  revision = "894b81a4b802e4eb2a91d1ce216b8817763c29fb"
+
+[[override]]
+  name = "github.com/containerd/containerd"
+  revision = "894b81a4b802e4eb2a91d1ce216b8817763c29fb"
+
 [prune]
   go-tests = true
   unused-packages = true

Gopkg.toml

@@ -2,17 +2,53 @@ package main
 
 import (
 	"os"
+	"path/filepath"
+	"runtime"
 
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+
+	"github.com/engineerd/wasm-to-oci/pkg/tuf"
+)
+
+var (
+	trustServer string
+	tlscacert   string
+	trustDir    string
+	logLevel    string
+	timeout     string
 )
 
 func main() {
 	cmd := &cobra.Command{
 		Use: "wasm-to-oci <subcommand> [options]",
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			l, err := log.ParseLevel(logLevel)
+			if err != nil {
+				return err
+			}
+			log.SetLevel(l)
+			return nil
+		},
 	}
 
+	cmd.PersistentFlags().StringVarP(&trustServer, "server", "", tuf.DockerNotaryServer, "The trust server used")
+	cmd.PersistentFlags().StringVarP(&tlscacert, "tlscacert", "", "", "Trust certs signed only by this CA")
+	cmd.PersistentFlags().StringVarP(&trustDir, "dir", "d", defaultTrustDir(), "Directory where the trust data is persisted to")
+	cmd.PersistentFlags().StringVar(&logLevel, "log", "info", `Set the logging level ("debug"|"info"|"warn"|"error"|"fatal")`)
+	cmd.PersistentFlags().StringVarP(&timeout, "timeout", "t", "5s", `Timeout for the trust server`)
+
 	cmd.AddCommand(newPushCmd(), newPullCmd())
 	if err := cmd.Execute(); err != nil {
 		os.Exit(1)
 	}
 }
+
+func defaultTrustDir() string {
+	homeEnvPath := os.Getenv("HOME")
+	if homeEnvPath == "" && runtime.GOOS == "windows" {
+		homeEnvPath = os.Getenv("USERPROFILE")
+	}
+
+	return filepath.Join(homeEnvPath, ".wasm-to-oci")
+}

cmd/main.go

@@ -1,13 +1,18 @@
 package main
 
 import (
+	"os"
+
 	"github.com/engineerd/wasm-to-oci/pkg/oci"
+	"github.com/engineerd/wasm-to-oci/pkg/tuf"
 	"github.com/spf13/cobra"
 )
 
 type pullOptions struct {
 	ref     string
 	outFile string
+
+	sign bool
 }
 
 func newPullCmd() *cobra.Command {
@@ -22,10 +27,24 @@ func newPullCmd() *cobra.Command {
 		},
 	}
 	cmd.Flags().StringVarP(&opts.outFile, "out", "o", "module.wasm", "Name of the output module")
+	cmd.Flags().BoolVarP(&opts.sign, "sign", "", false, "Verifies the signature of the WebAssembly module from a trust server")
 
 	return cmd
 }
 
 func (p *pullOptions) run() error {
-	return oci.Pull(p.ref, p.outFile)
+	err := oci.Pull(p.ref, p.outFile)
+	if err != nil {
+		return err
+	}
+
+	if p.sign {
+		err = tuf.VerifyFileTrust(p.ref, p.outFile, trustServer, tlscacert, trustDir, timeout)
+		if err != nil {
+			os.Remove(p.outFile)
+			return err
+		}
+	}
+
+	return nil
 }