10 Artifacts
(require denxi/artifact) | package: denxi |
struct
(struct $artifact:integrity $artifact (status chf-symbol) #:prefab) status : symbol? chf-symbol : (or/c #f symbol?)
status is a value returned from check-integrity.
chf-symbol is the symbolic name of the CHF used in the integrity check, or #f if the CHF was missing.
struct
(struct $artifact:signature $artifact (status public-key) #:prefab) status : symbol? public-key : (or/c #f bytes?)
status is a value returned from check-signature.
public-key is the unencoded bytes of the public key used to verify the signature, or #f if the public key was missing.
struct
source : source-variant? integrity : (or/c #f well-formed-integrity?) signature : (or/c #f well-formed-signature?)
procedure
(make-artifact source [int sig]) → artifact?
source : source-variant? int : (or/c #f well-formed-integrity?) = #f sig : (or/c #f well-formed-signature?) = #f
procedure
(install-artifact arti link-path)
→ (subprogram/c (cons/c path-record? path-record?)) arti : artifact? link-path : path-string?
procedure
(verify-artifact arti pathrec) → (subprogram/c void?)
arti : artifact? pathrec : path-record?
The computed value of the subprogram is (void) because the value is not important. verify-artifact is used for its ability to halt subprograms when an artifact fails verification.
procedure
(fetch-artifact name arti) → (subprogram/c path-record?)
name : string? arti : artifact?
procedure
(lock-artifact arti [ exhaust #:content? content? #:integrity? integrity? #:signature? signature? #:content-budget content-budget #:digest-budget digest-budget #:public-key-budget public-key-budget #:signature-budget signature-budget]) → artifact? arti : artifact? exhaust : exhaust/c = raise content? : any/c = #t integrity? : any/c = #t signature? : any/c = #t content-budget : budget/c = (* 1024 50) digest-budget : budget/c = +inf.0 public-key-budget : budget/c = +inf.0 signature-budget : budget/c = +inf.0
When content? is a true value, then the artifact-source field C is replaced by
(lock-source C content-budget exhaust)
When integrity? is a true value, then the artifact-integrity field I is replaced by
(lock-integrity #:digest-budget digest-budget exhaust)
When signature? is a true value, then the artifact-signature field S is replaced by
(lock-signature #:public-key-budget public-key-budget #:signature-budget signature-budget S exhaust)