83e6221f3a
Signed-off-by: LiHui <andrewli@yunify.com> delete helm repo, release and app Signed-off-by: LiHui <andrewli@yunify.com> Fix Dockerfile Signed-off-by: LiHui <andrewli@yunify.com> add unit test for category controller Signed-off-by: LiHui <andrewli@yunify.com> resource api Signed-off-by: LiHui <andrewli@yunify.com> miscellaneous Signed-off-by: LiHui <andrewli@yunify.com> resource api Signed-off-by: LiHui <andrewli@yunify.com> add s3 repo indx Signed-off-by: LiHui <andrewli@yunify.com> attachment api Signed-off-by: LiHui <andrewli@yunify.com> repo controller test Signed-off-by: LiHui <andrewli@yunify.com> application controller test Signed-off-by: LiHui <andrewli@yunify.com> release metric Signed-off-by: LiHui <andrewli@yunify.com> helm release controller test Signed-off-by: LiHui <andrewli@yunify.com> move constants to /pkg/apis/application Signed-off-by: LiHui <andrewli@yunify.com> remove unused code Signed-off-by: LiHui <andrewli@yunify.com> add license header Signed-off-by: LiHui <andrewli@yunify.com> Fix bugs Signed-off-by: LiHui <andrewli@yunify.com> cluster cluent Signed-off-by: LiHui <andrewli@yunify.com> format code Signed-off-by: LiHui <andrewli@yunify.com> move workspace,cluster from spec to labels Signed-off-by: LiHui <andrewli@yunify.com> add license header Signed-off-by: LiHui <andrewli@yunify.com> openpitrix test Signed-off-by: LiHui <andrewli@yunify.com> add worksapce labels for app in appstore Signed-off-by: LiHui <andrewli@yunify.com>
38 lines
1.7 KiB
Go
38 lines
1.7 KiB
Go
/*
|
|
Copyright The Helm Authors.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
/*Package provenance provides tools for establishing the authenticity of a chart.
|
|
|
|
In Helm, provenance is established via several factors. The primary factor is the
|
|
cryptographic signature of a chart. Chart authors may sign charts, which in turn
|
|
provide the necessary metadata to ensure the integrity of the chart file, the
|
|
Chart.yaml, and the referenced Docker images.
|
|
|
|
A provenance file is clear-signed. This provides cryptographic verification that
|
|
a particular block of information (Chart.yaml, archive file, images) have not
|
|
been tampered with or altered. To learn more, read the GnuPG documentation on
|
|
clear signatures:
|
|
https://www.gnupg.org/gph/en/manual/x135.html
|
|
|
|
The cryptography used by Helm should be compatible with OpenGPG. For example,
|
|
you should be able to verify a signature by importing the desired public key
|
|
and using `gpg --verify`, `keybase pgp verify`, or similar:
|
|
|
|
$ gpg --verify some.sig
|
|
gpg: Signature made Mon Jul 25 17:23:44 2016 MDT using RSA key ID 1FC18762
|
|
gpg: Good signature from "Helm Testing (This key should only be used for testing. DO NOT TRUST.) <helm-testing@helm.sh>" [ultimate]
|
|
*/
|
|
package provenance // import "helm.sh/helm/v3/pkg/provenance"
|