aboutsummaryrefslogtreecommitdiff
path: root/cmd/sigsum/main.go
blob: 146dadbc3c195bdf67cc2849c5812572c2513b1b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

// package main provides a tool named `sigsum`.
//
// Build as follows:
//
//     $ go build -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'"
//
// Install as follows:
//
//     $ go install -ldflags="-X 'main.someVersion=git commit $(git rev-list -1 HEAD)'"
//
package main

import (
	"flag"
	"fmt"
	"log"
	"os"

	"git.sigsum.org/sigsum-tools-go/pkg/policy"
)

const usage = `sigsum version %s

Usage:
    sigsum help
        Output usage message.

    sigsum verify -t TYPE -k PUBLIC_KEY FILE
        Verify that a file's signed checksum is public and valid.
        -t, --type         Signature format (Available options: signify, minisign, ssh)
        -k, --key          Path to a public key.

    sigsum bundle -t TYPE -k PUBLIC_KEY -d DOMAIN_HINT FILE...
        Perform logging request(s) and write inclusion proof bundle(s).
        -t, --type         Signature format (Available options: signify, minisign, ssh)
        -k, --key          Path to a public key.
        -d, --domain-hint  Domain name that is aware of the public key.

    sigsum format FILE
        Output bytes to be Ed25519-signed.

    sigsum namespace
        Output namespace to be used in SSH signing context.

Transparency log proofs and signatures must be located at $FILE.sigsum.v0.
Signatures must be located at $FILE.{sig,minisig}, depending on -t TYPE.

`

var (
	optBundleType, optBundleKey, optBundleDomainHint string
	optVerifyType, optVerifyKey                      string

	someVersion = "unknown"
)

func main() {
	log.SetFlags(0)

	var err error
	var defaultPolicy policy.DefaultPolicy
	switch cmd := parseCommand(); cmd.Name() {
	case "help":
		cmd.Usage()
	case "verify":
		err = cmdVerify(cmd.Args(), &defaultPolicy, optVerifyType, optVerifyKey)
	case "bundle":
		err = cmdBundle(cmd.Args(), &defaultPolicy, optBundleType, optBundleKey, optBundleDomainHint)
	case "format":
		err = cmdFormat(cmd.Args(), &defaultPolicy)
	case "namespace":
		err = cmdNamespace(cmd.Args(), &defaultPolicy)
	default:
		err = fmt.Errorf("invalid command %q, try %q", cmd.Name(), "sigsum help")
	}

	if err != nil {
		log.Printf("%s", err)
		os.Exit(1)
	}
}

func parseCommand() (fs *flag.FlagSet) {
	args := os.Args
	if len(args) < 2 {
		args = append(args, "")
	}
	defer func() {
		registerOptions(fs)
		fs.Usage = func() {
			log.Printf(usage, someVersion)
		}
		fs.Parse(args)
	}()

	fs = flag.NewFlagSet(args[1], flag.ExitOnError)
	args = args[2:]
	return
}

func registerOptions(fs *flag.FlagSet) {
	switch cmd := fs.Name(); cmd {
	case "verify":
		registerStringOption(fs, &optVerifyType, "t", "type", "")
		registerStringOption(fs, &optVerifyKey, "k", "key", "")
	case "bundle":
		registerStringOption(fs, &optBundleType, "t", "type", "")
		registerStringOption(fs, &optBundleKey, "k", "key", "")
		registerStringOption(fs, &optBundleDomainHint, "d", "domain-hint", "")
	}
}

func registerStringOption(fs *flag.FlagSet, opt *string, short, long, value string) {
	fs.StringVar(opt, short, value, "")
	fs.StringVar(opt, long, value, "")
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 05:03:14 +0000