aboutsummaryrefslogtreecommitdiff
path: root/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'cmd')
-rw-r--r--cmd/sigsum/hash/main.go7
-rw-r--r--cmd/sigsum/log/main.go7
-rw-r--r--cmd/sigsum/main.go94
-rw-r--r--cmd/sigsum/namespace/main.go7
-rw-r--r--cmd/sigsum/policy/main.go7
-rw-r--r--cmd/sigsum/verify/main.go7
6 files changed, 129 insertions, 0 deletions
diff --git a/cmd/sigsum/hash/main.go b/cmd/sigsum/hash/main.go
new file mode 100644
index 0000000..df5ecfa
--- /dev/null
+++ b/cmd/sigsum/hash/main.go
@@ -0,0 +1,7 @@
+package hash
+
+import "fmt"
+
+func Main(_ []string) error {
+ return fmt.Errorf("TODO")
+}
diff --git a/cmd/sigsum/log/main.go b/cmd/sigsum/log/main.go
new file mode 100644
index 0000000..ecc4e6d
--- /dev/null
+++ b/cmd/sigsum/log/main.go
@@ -0,0 +1,7 @@
+package log
+
+import "fmt"
+
+func Main(_ []string) error {
+ return fmt.Errorf("TODO")
+}
diff --git a/cmd/sigsum/main.go b/cmd/sigsum/main.go
new file mode 100644
index 0000000..8b26aba
--- /dev/null
+++ b/cmd/sigsum/main.go
@@ -0,0 +1,94 @@
+// package main provides a log and verification tool named sigsum
+//
+// Install:
+//
+// $ go install git.sigsum.org/sigsum-go/cmd/sigsum@latest
+//
+// Usage:
+//
+// $ sigsum help
+//
+package main
+
+import (
+ "flag"
+ "fmt"
+ stdlog "log"
+ "os"
+
+ "git.sigsum.org/sigsum-go/cmd/sigsum/hash"
+ "git.sigsum.org/sigsum-go/cmd/sigsum/log"
+ "git.sigsum.org/sigsum-go/cmd/sigsum/namespace"
+ "git.sigsum.org/sigsum-go/cmd/sigsum/policy"
+ "git.sigsum.org/sigsum-go/cmd/sigsum/verify"
+
+ "git.sigsum.org/sigsum-go/internal/options"
+)
+
+const usage = `
+sigsum is a tool that logs and verifies signed checksums
+
+Usage:
+
+ sigsum COMMAND <options>
+ sigsum COMMAND help
+
+Commands:
+
+ - policy # output a new log and witness policy
+ - hash # output a new checksum
+ - namespace # output a new ssh namespace
+ - log # log ssh-signed checksums
+ - verify # verify a logged signed checksum
+
+Quick start and cheat-sheet:
+
+ # KEY GENERATION
+ ssh-keygen -t ed25519
+ # BASIC SETUP
+ sudo mkdir -p /etc/sigsum
+ sigsum policy default | sudo tee /etc/sigsum/policy
+ echo "alice@example.org $(cat ~/.ssh/id_ed25519.pub)" | sudo tee --append /etc/sigsum/allowed_signers
+ # SIGN A CHECKSUM
+ sigsum hash -m "msg" | ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n $(sigsum namespace) -O hashalg=sha256 > FILE.sig
+ sigsum hash -f FILE | ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n $(sigsum namespace) -O hashalg=sha256 > FILE.sig
+ # LOG SIGNED CHECKSUM
+ sigsum log -d example.org FILE.sig # rate-limit via dns
+ sigsum log -t XXXXXXXXXXX FILE.sig # rate-limit via token
+ # VERIFY SIGNED CHECKSUM
+ sigsum verify -m "msg" -I alice@example.org -s FILE.sig
+ sigsum verify -f FILE -I alice@example.org -s FILE.sig
+`
+
+func main() {
+ var err error
+
+ stdlog.SetFlags(0)
+ opt := options.New(os.Args[1:], func() { stdlog.Printf(usage[1:]) }, func(_ *flag.FlagSet) {})
+ switch opt.Name() {
+ case "help", "":
+ opt.Usage()
+ case "policy":
+ err = policy.Main(opt.Args())
+ case "hash":
+ err = hash.Main(opt.Args())
+ case "namespace":
+ err = namespace.Main(opt.Args())
+ case "log":
+ err = log.Main(opt.Args())
+ case "verify":
+ err = verify.Main(opt.Args())
+ default:
+ err = fmt.Errorf(": invalid command %q, try \"help\"", opt.Name())
+ }
+
+ if err != nil {
+ format := "sigsum %s%s"
+ if len(opt.Name()) == 0 {
+ format = "sigsum%s%s"
+ }
+
+ stdlog.Printf(format, opt.Name(), err.Error())
+ os.Exit(1)
+ }
+}
diff --git a/cmd/sigsum/namespace/main.go b/cmd/sigsum/namespace/main.go
new file mode 100644
index 0000000..9ac9ee2
--- /dev/null
+++ b/cmd/sigsum/namespace/main.go
@@ -0,0 +1,7 @@
+package namespace
+
+import "fmt"
+
+func Main(_ []string) error {
+ return fmt.Errorf("TODO")
+}
diff --git a/cmd/sigsum/policy/main.go b/cmd/sigsum/policy/main.go
new file mode 100644
index 0000000..1586158
--- /dev/null
+++ b/cmd/sigsum/policy/main.go
@@ -0,0 +1,7 @@
+package policy
+
+import "fmt"
+
+func Main(_ []string) error {
+ return fmt.Errorf("TODO")
+}
diff --git a/cmd/sigsum/verify/main.go b/cmd/sigsum/verify/main.go
new file mode 100644
index 0000000..1c43a4f
--- /dev/null
+++ b/cmd/sigsum/verify/main.go
@@ -0,0 +1,7 @@
+package verify
+
+import "fmt"
+
+func Main(_ []string) error {
+ return fmt.Errorf("TODO")
+}