mirrors/image-factory
1
0
Fork 0
mirror of https://github.com/siderolabs/image-factory.git synced 2026-05-06 04:46:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
image-factory/internal/artifacts/artifacts.go
Mateusz Urbanek ba2a46de49
feat(enterprise): implement VEX endpoint 
This feature is Enterprise only (requires BUSL).

Serves GET/HEAD /vex/:version/vex.json for Talos ≥ 1.13.0.
Pulls exploitability data from an OCI registry, generates a VEX
document via go-vex, and caches it in-memory with configurable TTL.

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
2026-05-05 16:28:55 +02:00

77 lines
2.3 KiB
Go
Raw Permalink Blame History

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Package artifacts handles acquiring and caching source Talos artifacts.
package artifacts
import (
"time"
"github.com/blang/semver/v4"
"github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/siderolabs/image-factory/internal/image/verify"
)
// Options are the options for the artifacts manager.
type Options struct { //nolint:govet
// ImageRegistry is the registry which stores imager, extensions, etc..
//
// For official images, this is "ghcr.io".
ImageRegistry string
// Option to allow using an image registry without TLS.
InsecureImageRegistry bool
// MinVersion is the minimum version of Talos to use.
MinVersion semver.Version
// ImageVerifyOptions are the options for verifying the image signature.
ImageVerifyOptions ImageVerifyOptions
// TalosVersionRecheckInterval is the interval for rechecking Talos versions.
TalosVersionRecheckInterval time.Duration
// RemoteOptions is the list of remote options for the puller.
RemoteOptions []remote.Option
// RegistryRefreshInterval is the interval for refreshing the image registry connections.
RegistryRefreshInterval time.Duration
// Images used by the artifacts manager.
InstallerBaseImage string
InstallerImage string
ImagerImage string
ExtensionManifestImage string
OverlayManifestImage string
TalosctlImage string
// External identification.
ExternalURL string
}
// ImageVerifyOptions are the options for verifying the image signature.
type ImageVerifyOptions = verify.VerifyOptions
// Kind is the artifact kind.
type Kind string
// Supported artifact kinds.
const (
KindKernel Kind = "vmlinuz"
KindInitramfs Kind = "initramfs.xz"
KindSystemdBoot Kind = "systemd-boot.efi"
KindSystemdStub Kind = "systemd-stub.efi"
)
// OverlayKind if the kind of overlay artifacts.
type OverlayKind string
// Supported overlay kinds.
const (
OverlayKindProfiles OverlayKind = "profiles"
)
// FetchTimeout controls overall timeout for fetching artifacts for a release.
const FetchTimeout = 20 * time.Minute
const tmpSuffix = "-tmp"
// ErrNotFoundTag tags the errors when the artifact is not found.
type ErrNotFoundTag struct{}
Reference in New Issue View Git Blame Copy Permalink