Skip to content

Commit

Permalink
Rename import package to reflect future organization change to cnabio
Browse files Browse the repository at this point in the history 
Signed-off-by: Radu M <root@radu.sh>
  • Loading branch information
Radu M committed Feb 13, 2020
1 parent 3254a69 commit 3cd3dbe
Show file tree
Hide file tree
Showing 11 changed files with 22 additions and 27 deletions.
2 changes: 1 addition & 1 deletion LICENSE
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2019 Engineerd
Copyright (c) 2019 The CNAB Authors

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
PROJECT := signy
ORG := engineerd
ORG := cnabio
BINDIR := $(CURDIR)/bin
GOFLAGS :=
GOBUILDTAGS := osusergo
Expand Down
13 changes: 4 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
# Signy

![](https://github.com/engineerd/signy/workflows/GitHub%20Actions/badge.svg) [![Build Status](https://dev.azure.com/engineerd-dev/signy/_apis/build/status/engineerd.signy?branchName=master)](https://dev.azure.com/engineerd-dev/signy/_build/latest?definitionId=5&branchName=master)

Signy is a tool for exercising the TUF and in-toto specifications in order to sign various cloud-native artifacts. It uses the Notary client libraries, and communicates with a Notary server.
It is an educational project with the purpose of implementing [the entire TUF workflow for signing content](https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#5-detailed-workflows), and validate its correctness for [Cloud Native Application Bundles (CNAB)](https://github.com/deislabs/cnab-spec), and it is intended as a WIP reference implementation for its security specification.

It implements signing and verifying for CNAB bundles in [the canonical formats (thin and thick bundles)](https://github.com/deislabs/cnab-spec/blob/master/104-bundle-formats.md).
Signy is an experimental tool that implements the CNAB Security specification. It implements signing and verifying for CNAB bundles in [the canonical formats (thin and thick bundles)](https://github.com/deislabs/cnab-spec/blob/master/104-bundle-formats.md).

## Notes

Expand All @@ -19,9 +14,9 @@ It implements signing and verifying for CNAB bundles in [the canonical formats (

```bash
$ cd $GOPATH/src/github.com
$ mkdir engineerd && cd engineerd && git clone https://github.com/engineerd/signy && cd signy
# This will build and install an updated version of the Signy binary in $GOPATH/bin whenever the source changes in $GOPATH/src/github.com/engineerd/signy.
./scripts/live-reload.sh
$ mkdir cnabio && cd cnabio && git clone https://github.com/cnabio/signy && cd signy
$ make bootstrap build
$ mv bin/signy $GOPATH/bin
```

## Using Signy
Expand Down
2 changes: 1 addition & 1 deletion cmd/list.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package main
import (
"github.com/spf13/cobra"

"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/tuf"
)

type listCmd struct {
Expand Down
2 changes: 1 addition & 1 deletion cmd/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (
"path/filepath"
"runtime"

"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/tuf"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
)
Expand Down
6 changes: 3 additions & 3 deletions cmd/sign.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import (
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"

"github.com/engineerd/signy/pkg/cnab"
"github.com/engineerd/signy/pkg/intoto"
"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/cnab"
"github.com/cnabio/signy/pkg/intoto"
"github.com/cnabio/signy/pkg/tuf"
)

type signCmd struct {
Expand Down
6 changes: 3 additions & 3 deletions cmd/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@ package main
import (
"fmt"

"github.com/engineerd/signy/pkg/trust"
"github.com/cnabio/signy/pkg/trust"

"github.com/spf13/cobra"

"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/tuf"
)

type verifyCmd struct {
Expand Down Expand Up @@ -75,7 +75,7 @@ INFO[0001] The software product passed all verification.
cmd.Flags().StringVarP(&verify.localFile, "local", "", "", "Local file to validate the SHA256 against (mandatory for thick bundles)")

cmd.Flags().BoolVarP(&verify.intoto, "in-toto", "", false, "If passed, will try to fetch in-toto metadata from TUF and perform the verification")
cmd.Flags().StringVarP(&verify.verificationImage, "image", "", "docker.pkg.github.com/engineerd/in-toto-container/verification:v1", "container image to run the in-toto verification")
cmd.Flags().StringVarP(&verify.verificationImage, "image", "", "docker.pkg.github.com/cnabio/in-toto-container/verification:v1", "container image to run the in-toto verification")
cmd.Flags().BoolVarP(&verify.keepTempDir, "keep", "", false, "if passed, the temporary directory where the in-toto metadata is pulled is not deleted")
cmd.Flags().StringArrayVarP(&verify.targetFiles, "target", "", nil, "target files to copy in container for in-toto verifications")

Expand Down
6 changes: 3 additions & 3 deletions pkg/trust/sign.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ import (
"encoding/hex"
"fmt"

"github.com/engineerd/signy/pkg/cnab"
"github.com/engineerd/signy/pkg/intoto"
"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/cnab"
"github.com/cnabio/signy/pkg/intoto"
"github.com/cnabio/signy/pkg/tuf"
log "github.com/sirupsen/logrus"
)

Expand Down
6 changes: 3 additions & 3 deletions pkg/trust/validate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import (

log "github.com/sirupsen/logrus"

"github.com/engineerd/signy/pkg/docker"
"github.com/engineerd/signy/pkg/intoto"
"github.com/engineerd/signy/pkg/tuf"
"github.com/cnabio/signy/pkg/docker"
"github.com/cnabio/signy/pkg/intoto"
"github.com/cnabio/signy/pkg/tuf"
)

// ValidateThinBundle runs the TUF and in-toto validations for a CNAB bundle in thin format (canonical JSON form)
Expand Down
2 changes: 1 addition & 1 deletion pkg/tuf/sign.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"github.com/theupdateframework/notary/trustpinning"
"github.com/theupdateframework/notary/tuf/data"

"github.com/engineerd/signy/pkg/cnab"
"github.com/cnabio/signy/pkg/cnab"
)

// SignAndPublish signs an artifact, then publishes the metadata to a trust server
Expand Down
2 changes: 1 addition & 1 deletion pkg/tuf/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
log "github.com/sirupsen/logrus"
"github.com/theupdateframework/notary/client"

"github.com/engineerd/signy/pkg/cnab"
"github.com/cnabio/signy/pkg/cnab"
)

// VerifyCNABTrust ensures the trust metadata for a given GUN matches the metadata of the pushed bundle
Expand Down

0 comments on commit 3cd3dbe

Please sign in to comment.