github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-18 21:48:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
83adc3c8904d2fc74b2918f17ed6cc7aabbc19ff
zot/pkg/extensions/extensions_lint.go
T
copilot-swe-agent[bot] 83adc3c890 Implement signature-lint cleanup and fix lint formatting
2026-05-29 17:25:42 +00:00

91 lines
2.4 KiB
Go
Raw Blame History

//go:build lint
package extensions
import (
"os"
"path/filepath"
"zotregistry.dev/zot/v2/pkg/api/config"
"zotregistry.dev/zot/v2/pkg/extensions/imagetrust"
"zotregistry.dev/zot/v2/pkg/extensions/lint"
"zotregistry.dev/zot/v2/pkg/log"
mTypes "zotregistry.dev/zot/v2/pkg/meta/types"
sconstants "zotregistry.dev/zot/v2/pkg/storage/constants"
)
func GetLinter(config *config.Config, log log.Logger) *lint.Linter {
if config.Extensions == nil {
return lint.NewLinter(nil, log)
}
linter := lint.NewLinter(config.Extensions.Lint, log)
if config.Extensions.Lint == nil || len(config.Extensions.Lint.MandatorySignatures) == 0 {
return linter
}
extensionsConfig := config.CopyExtensionsConfig()
if !IsBuiltWithImageTrustExtension() || !extensionsConfig.IsImageTrustEnabled() {
log.Warn().Msg("mandatory signatures lint requires image trust and trust store configuration")
linter.SetSignatureVerifier(nil, false)
return linter
}
var (
imageTrustStore mTypes.ImageTrustStore
err error
)
if config.Storage.RemoteCache && config.Storage.CacheDriver["name"] == sconstants.DynamoDBDriverName {
endpoint, _ := config.Storage.CacheDriver["endpoint"].(string)
region, _ := config.Storage.CacheDriver["region"].(string)
imageTrustStore, err = imagetrust.NewAWSImageTrustStore(region, endpoint)
} else {
imageTrustStore, err = imagetrust.NewLocalImageTrustStore(config.Storage.RootDirectory)
}
if err != nil {
log.Warn().Err(err).Msg("mandatory signatures lint could not initialize trust store")
linter.SetSignatureVerifier(nil, false)
return linter
}
trustStoreReady := true
if !config.Storage.RemoteCache && !hasLocalTrustStoreMaterial(config.Storage.RootDirectory) {
log.Warn().Msg("mandatory signatures lint is enabled, but no trust store certificates or keys are configured")
trustStoreReady = false
}
linter.SetSignatureVerifier(imageTrustStore, trustStoreReady)
return linter
}
func hasLocalTrustStoreMaterial(rootDir string) bool {
return containsFiles(filepath.Join(rootDir, "_cosign")) ||
containsFiles(filepath.Join(rootDir, "_notation", "truststore", "x509"))
}
func containsFiles(root string) bool {
stat, err := os.Stat(root)
if err != nil || !stat.IsDir() {
return false
}
hasMaterial := false
walkErr := filepath.WalkDir(root, func(_ string, d os.DirEntry, err error) error {
if err == nil && !d.IsDir() {
hasMaterial = true
}
return nil
})
if walkErr != nil {
return false
}
return hasMaterial
}
Reference in New Issue View Git Blame Copy Permalink