diff options
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/sigsum/hash/main.go | 7 | ||||
-rw-r--r-- | cmd/sigsum/log/main.go | 7 | ||||
-rw-r--r-- | cmd/sigsum/main.go | 94 | ||||
-rw-r--r-- | cmd/sigsum/namespace/main.go | 7 | ||||
-rw-r--r-- | cmd/sigsum/policy/main.go | 7 | ||||
-rw-r--r-- | cmd/sigsum/verify/main.go | 7 |
6 files changed, 129 insertions, 0 deletions
diff --git a/cmd/sigsum/hash/main.go b/cmd/sigsum/hash/main.go new file mode 100644 index 0000000..df5ecfa --- /dev/null +++ b/cmd/sigsum/hash/main.go @@ -0,0 +1,7 @@ +package hash + +import "fmt" + +func Main(_ []string) error { + return fmt.Errorf("TODO") +} diff --git a/cmd/sigsum/log/main.go b/cmd/sigsum/log/main.go new file mode 100644 index 0000000..ecc4e6d --- /dev/null +++ b/cmd/sigsum/log/main.go @@ -0,0 +1,7 @@ +package log + +import "fmt" + +func Main(_ []string) error { + return fmt.Errorf("TODO") +} diff --git a/cmd/sigsum/main.go b/cmd/sigsum/main.go new file mode 100644 index 0000000..8b26aba --- /dev/null +++ b/cmd/sigsum/main.go @@ -0,0 +1,94 @@ +// package main provides a log and verification tool named sigsum +// +// Install: +// +// $ go install git.sigsum.org/sigsum-go/cmd/sigsum@latest +// +// Usage: +// +// $ sigsum help +// +package main + +import ( + "flag" + "fmt" + stdlog "log" + "os" + + "git.sigsum.org/sigsum-go/cmd/sigsum/hash" + "git.sigsum.org/sigsum-go/cmd/sigsum/log" + "git.sigsum.org/sigsum-go/cmd/sigsum/namespace" + "git.sigsum.org/sigsum-go/cmd/sigsum/policy" + "git.sigsum.org/sigsum-go/cmd/sigsum/verify" + + "git.sigsum.org/sigsum-go/internal/options" +) + +const usage = ` +sigsum is a tool that logs and verifies signed checksums + +Usage: + + sigsum COMMAND <options> + sigsum COMMAND help + +Commands: + + - policy # output a new log and witness policy + - hash # output a new checksum + - namespace # output a new ssh namespace + - log # log ssh-signed checksums + - verify # verify a logged signed checksum + +Quick start and cheat-sheet: + + # KEY GENERATION + ssh-keygen -t ed25519 + # BASIC SETUP + sudo mkdir -p /etc/sigsum + sigsum policy default | sudo tee /etc/sigsum/policy + echo "alice@example.org $(cat ~/.ssh/id_ed25519.pub)" | sudo tee --append /etc/sigsum/allowed_signers + # SIGN A CHECKSUM + sigsum hash -m "msg" | ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n $(sigsum namespace) -O hashalg=sha256 > FILE.sig + sigsum hash -f FILE | ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n $(sigsum namespace) -O hashalg=sha256 > FILE.sig + # LOG SIGNED CHECKSUM + sigsum log -d example.org FILE.sig # rate-limit via dns + sigsum log -t XXXXXXXXXXX FILE.sig # rate-limit via token + # VERIFY SIGNED CHECKSUM + sigsum verify -m "msg" -I alice@example.org -s FILE.sig + sigsum verify -f FILE -I alice@example.org -s FILE.sig +` + +func main() { + var err error + + stdlog.SetFlags(0) + opt := options.New(os.Args[1:], func() { stdlog.Printf(usage[1:]) }, func(_ *flag.FlagSet) {}) + switch opt.Name() { + case "help", "": + opt.Usage() + case "policy": + err = policy.Main(opt.Args()) + case "hash": + err = hash.Main(opt.Args()) + case "namespace": + err = namespace.Main(opt.Args()) + case "log": + err = log.Main(opt.Args()) + case "verify": + err = verify.Main(opt.Args()) + default: + err = fmt.Errorf(": invalid command %q, try \"help\"", opt.Name()) + } + + if err != nil { + format := "sigsum %s%s" + if len(opt.Name()) == 0 { + format = "sigsum%s%s" + } + + stdlog.Printf(format, opt.Name(), err.Error()) + os.Exit(1) + } +} diff --git a/cmd/sigsum/namespace/main.go b/cmd/sigsum/namespace/main.go new file mode 100644 index 0000000..9ac9ee2 --- /dev/null +++ b/cmd/sigsum/namespace/main.go @@ -0,0 +1,7 @@ +package namespace + +import "fmt" + +func Main(_ []string) error { + return fmt.Errorf("TODO") +} diff --git a/cmd/sigsum/policy/main.go b/cmd/sigsum/policy/main.go new file mode 100644 index 0000000..1586158 --- /dev/null +++ b/cmd/sigsum/policy/main.go @@ -0,0 +1,7 @@ +package policy + +import "fmt" + +func Main(_ []string) error { + return fmt.Errorf("TODO") +} diff --git a/cmd/sigsum/verify/main.go b/cmd/sigsum/verify/main.go new file mode 100644 index 0000000..1c43a4f --- /dev/null +++ b/cmd/sigsum/verify/main.go @@ -0,0 +1,7 @@ +package verify + +import "fmt" + +func Main(_ []string) error { + return fmt.Errorf("TODO") +} |