container: add support for uploading to registries
Add a new generic container registry client via a new `container` package. Use this to create a command line utility as well as a new upload target for container registries. The code uses the github.com/containers/* project and packages to interact with container registires that is also used by skopeo, podman et al. One if the dependencies is `proglottis/gpgme` that is using cgo to bind libgpgme, so we have to add the corresponding devel package to the BuildRequires as well as installing it on CI. Checks will follow later via an integration test.
This commit is contained in:
Christian Kellner
parent
d136a075bc
commit
986f076276
955 changed files with 164203 additions and 2549 deletions
68
vendor/github.com/miekg/pkcs11/README.md
generated
vendored
Normal file
68
vendor/github.com/miekg/pkcs11/README.md
generated
vendored
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
# PKCS#11
|
||||
|
||||
This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where
|
||||
it makes sense. It has been tested with SoftHSM.
|
||||
|
||||
## SoftHSM
|
||||
|
||||
* Make it use a custom configuration file `export SOFTHSM_CONF=$PWD/softhsm.conf`
|
||||
|
||||
* Then use `softhsm` to init it
|
||||
|
||||
~~~
|
||||
softhsm --init-token --slot 0 --label test --pin 1234
|
||||
~~~
|
||||
|
||||
* Then use `libsofthsm2.so` as the pkcs11 module:
|
||||
|
||||
~~~ go
|
||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
|
||||
~~~
|
||||
|
||||
## Examples
|
||||
|
||||
A skeleton program would look somewhat like this (yes, pkcs#11 is verbose):
|
||||
|
||||
~~~ go
|
||||
p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so")
|
||||
err := p.Initialize()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
defer p.Destroy()
|
||||
defer p.Finalize()
|
||||
|
||||
slots, err := p.GetSlotList(true)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
defer p.CloseSession(session)
|
||||
|
||||
err = p.Login(session, pkcs11.CKU_USER, "1234")
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
defer p.Logout(session)
|
||||
|
||||
p.DigestInit(session, []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA_1, nil)})
|
||||
hash, err := p.Digest(session, []byte("this is a string"))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
for _, d := range hash {
|
||||
fmt.Printf("%x", d)
|
||||
}
|
||||
fmt.Println()
|
||||
~~~
|
||||
|
||||
Further examples are included in the tests.
|
||||
|
||||
To expose PKCS#11 keys using the [crypto.Signer interface](https://golang.org/pkg/crypto/#Signer),
|
||||
please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11).
|
||||
Loading…
Add table
Add a link
Reference in a new issue