AddKeys encrypts the symmetric key for every receiver and attaches them to the envelope.

BytesToTar adds a file to a writer using a filename and a byte slice with contents to be written.

CleanupFileWriter cleans up temporary files and performs post-finish operations.

CleanupImages removes the temp folder where container images are stored.

CreateArchiveWriter opens a stream of writers (tar to gzip to buffer) and funnel to a csutom writer.

CreatePKISigner uses the private key to create a signature.Signer instance.

CreatePKIVerifier builds a verifier based on a public key.

CreateSigner cheese the correct signature.Signer depending on the private key string.

Encrypt the contents of an os.File with a random key and retrieve the results as []byte The asymmetrically encrypted encryption key is attached als the last [ KeySizeBit ] bytes.

GetCompressionAlgoIndex gets the index of an algo name or defaults to 0 (gzip).

GetCompressionAlgoName gets the name of an algo index or defaults to gzip (0).

GetContainerDSocket searched for a containerD socket in the /run folder.

GetHashAlgorithm retrieves a crypto.Hash for a name.

ImportImage imports one OCI image into a local containerd storage or a provided registry.

LoadPrivateKey reads and parses a private key from a file.

LoadPublicKey reads and parses a public key from a file.

NewOutputFile creates a new output file depending on the type of output target.

NewSignatureList creates a new signature list.

NewVerifier Creates a new sealpack integrity verifier structure.

OpenArchive opens a compressed tar archive for reading.

OpenArchiveReader opens a compressed tar archive for reading from a reader.

ParseContainerImage takes a string describing an image and parses the registry, name and tag out of it.

ParseEnvelope tries to extract the information for an Envelope from a byte slice.

ReadConfiguration searches for the latest configuration file and reads the contents.

RemoveAll multiple images from a registry or containerD instance defined by slice.

SaveImage with from a registry to a local OCI file.

TryUnsealKey loads a key from JSON without configstore.

WriteFileBytes allows for writing a byte slice to a regular file, S3 bucket or stdout.

Delimiter delimits the file name from its hash.

EnvelopeMagicBytes is set to ASCII sum of "ECS" = 333(octal) or DB(hex).

ArchiveContents describes all contents for an archive to provide them as a single file.

ContainerImage describes a container image uniquely.

Descriptor is a standard OCI descriptor.

Envelope is the package with headers and so on.

ImageContent represents one component to be included in the upgrade package.

Manifest represents an OCI image manifest, typically provided as json.

OutManifest is the manifest in docker (moby) image format.

Verifier contains all data necessary to verify the archive's integrity.

A FileSignatures is represented by its path and the hash of the file.