From 8da382069f42f6d88d3abf914dd38d7e40a845bc Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Wed, 2 Mar 2022 23:16:43 +0100 Subject: initial commit --- cmd/sigsum/main.go | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 cmd/sigsum/main.go (limited to 'cmd/sigsum/main.go') diff --git a/cmd/sigsum/main.go b/cmd/sigsum/main.go new file mode 100644 index 0000000..460eba3 --- /dev/null +++ b/cmd/sigsum/main.go @@ -0,0 +1,116 @@ +// package main provides a tool named `sigsum`. +// +// Build as follows: +// +// $ go build -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'" +// +// Install as follows: +// +// $ go install -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'" +// +package main + +import ( + "flag" + "fmt" + "log" + "os" + + "git.sigsum.org/sigsum-tool-go/pkg/policy" +) + +const usage = `sigsum version %s + +Usage: + sigsum help + Output usage message. + + sigsum verify -t TYPE -k PUBLIC_KEY FILE + Verify that a file's signed checksum is public and valid. + -t, --type Signature format (Available options: signify, minisign, ssh) + -k, --key Path to a public key. + + sigsum bundle -t TYPE -k PUBLIC_KEY -d DOMAIN_HINT FILE... + Perform logging request(s) and write inclusion proof bundle(s). + -t, --type Signature format (Available options: signify, minisign, ssh) + -k, --key Path to a public key. + -d, --domain-hint Domain name that is aware of the public key. + + sigsum format FILE + Output bytes to be Ed25519-signed. + + sigsum namespace + Output namespace to be used in SSH signing context. + +Transparency log proofs and signatures must be located at $FILE.sigsum.v0. +Signatures must be located at $FILE.{sig,minisig}, depending on -t TYPE. + +` + +var ( + optBundleType, optBundleKey, optBundleDomainHint string + optVerifyType, optVerifyKey string + + someVersion = "unknown" +) + +func main() { + log.SetFlags(0) + + var err error + var defaultPolicy policy.DefaultPolicy + switch cmd := parseCommand(); cmd.Name() { + case "help": + cmd.Usage() + case "verify": + err = cmdVerify(cmd.Args(), &defaultPolicy, optVerifyType, optVerifyKey) + case "bundle": + err = cmdBundle(cmd.Args(), &defaultPolicy, optBundleType, optBundleKey, optBundleDomainHint) + case "format": + err = cmdFormat(cmd.Args(), &defaultPolicy) + case "namespace": + err = cmdNamespace(cmd.Args(), &defaultPolicy) + default: + err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help") + } + + if err != nil { + log.Printf("%s", err) + os.Exit(1) + } +} + +func parseCommand() (fs *flag.FlagSet) { + args := os.Args + if len(args) < 2 { + args = append(args, "") + } + defer func() { + registerOptions(fs) + fs.Usage = func() { + log.Printf(usage, someVersion) + } + fs.Parse(args) + }() + + fs = flag.NewFlagSet(args[1], flag.ExitOnError) + args = args[2:] + return +} + +func registerOptions(fs *flag.FlagSet) { + switch cmd := fs.Name(); cmd { + case "verify": + registerStringOption(fs, &optVerifyType, "t", "type", "") + registerStringOption(fs, &optVerifyKey, "k", "key", "") + case "bundle": + registerStringOption(fs, &optBundleType, "t", "type", "") + registerStringOption(fs, &optBundleKey, "k", "key", "") + registerStringOption(fs, &optBundleDomainHint, "d", "domain-hint", "") + } +} + +func registerStringOption(fs *flag.FlagSet, opt *string, short, long, value string) { + fs.StringVar(opt, short, value, "") + fs.StringVar(opt, long, value, "") +} -- cgit v1.2.3