core/go-scm
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
go-scm/manifest/sign.go

46 lines
1.2 KiB
Go
Raw Normal View History

chore(ax): normalize SPDX header identifier
2026-03-30 00:54:20 +00:00
// SPDX-License-Identifier: EUPL-1.2
refactor(ax): align code with AX principles
2026-03-29 23:59:48 +00:00
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
package manifest
import (
"crypto/ed25519"
"encoding/base64"
chore: migrate to dappco.re vanity import path Change module path from forge.lthn.ai/core/go-scm to dappco.re/go/core/scm. Update all Go source imports for migrated packages: - go-log -> dappco.re/go/core/log - go-io -> dappco.re/go/core/io - go-i18n -> dappco.re/go/core/i18n - go-ws -> dappco.re/go/core/ws - api -> dappco.re/go/core/api Non-migrated packages (cli, config) left on forge.lthn.ai paths. Replace directives use local paths (../go, ../go-io, etc.) until the dappco.re vanity URL server resolves these modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 23:54:23 +00:00
coreerr "dappco.re/go/core/log"
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
"gopkg.in/yaml.v3"
)
// signable returns the canonical bytes to sign (manifest without sign field).
func signable(m *Manifest) ([]byte, error) {
tmp := *m
tmp.Sign = ""
return yaml.Marshal(&tmp)
}
// Sign computes the ed25519 signature and stores it in m.Sign (base64).
func Sign(m *Manifest, priv ed25519.PrivateKey) error {
msg, err := signable(m)
if err != nil {
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-16 20:37:25 +00:00
return coreerr.E("manifest.Sign", "marshal failed", err)
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
}
sig := ed25519.Sign(priv, msg)
m.Sign = base64.StdEncoding.EncodeToString(sig)
return nil
}
// Verify checks the ed25519 signature in m.Sign against the public key.
func Verify(m *Manifest, pub ed25519.PublicKey) (bool, error) {
if m.Sign == "" {
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-16 20:37:25 +00:00
return false, coreerr.E("manifest.Verify", "no signature present", nil)
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
}
sig, err := base64.StdEncoding.DecodeString(m.Sign)
if err != nil {
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-16 20:37:25 +00:00
return false, coreerr.E("manifest.Verify", "decode failed", err)
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
}
msg, err := signable(m)
if err != nil {
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-16 20:37:25 +00:00
return false, coreerr.E("manifest.Verify", "marshal failed", err)
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-06 13:20:12 +00:00
}
return ed25519.Verify(pub, msg, sig), nil
}
Reference in a new issue Copy permalink