mirror of
https://github.com/fleetdm/fleet
synced 2026-05-21 16:08:47 +00:00
c25fed2492
For #30473 This change adds a vendored `httpsig-go` library to our repo. We cannot use the upstream library because it has not merged the change we need: https://github.com/remitly-oss/httpsig-go/pull/25 Thus, we need our own copy at this point. The instructions for keeping this library up to date (if needed) are in `UPDATE_INSTRUCTIONS`. None of the coderabbitai review comments are relevant to the code/features we are going to use for HTTP message signatures. We will use this library in subsequent PRs for the TPM-backed HTTP message signature feature. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a Go library for HTTP message signing and verification, supporting multiple cryptographic algorithms (RSA, ECDSA, Ed25519, HMAC). * Added utilities for key management, including JWK and PEM key handling. * Provided HTTP client and server helpers for automatic request signing and signature verification. * Implemented structured error handling and metadata extraction for signatures. * **Documentation** * Added comprehensive README, usage examples, and update instructions. * Included license and configuration files for third-party and testing tools. * **Tests** * Added extensive unit, integration, and fuzz tests covering signing, verification, and key handling. * Included official RFC test vectors and various test data files for robust validation. * **Chores** * Integrated continuous integration workflows and ignore files for code quality and security analysis. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
49 lines
No EOL
1,003 B
Text
49 lines
No EOL
1,003 B
Text
# To avoid giving your LLM irrelevant context, this .sideignore file can be used
|
|
# to exclude any code that isn't part of what is normally edited. The format is
|
|
# the same as .gitignore. Note that any patterns listed here are ignored *in
|
|
# addition* to to what is ignored via .sideignore.
|
|
#
|
|
# The following is a list of common vendored dependencies or known paths that
|
|
# should not be edited, in case they are not already in a .gitignore file.
|
|
# Adjust by:
|
|
#
|
|
# 1. Removing paths for languages/frameworks not relevant to you
|
|
# 2. Add any paths specific to your project that get auto-generated but not
|
|
# normally imported, such as mocks etc.
|
|
|
|
# General vendored dependencies
|
|
vendor/
|
|
third_party/
|
|
extern/
|
|
deps/
|
|
|
|
# Node
|
|
node_modules/
|
|
|
|
# Python virtual environments (less common names)
|
|
.venv/
|
|
env/
|
|
|
|
# Go vendored dependencies
|
|
vendor/
|
|
|
|
# Ruby
|
|
.bundle/
|
|
vendor/bundle/
|
|
|
|
# PHP
|
|
vendor/
|
|
|
|
# Java / Kotlin
|
|
.gradle/
|
|
|
|
# C / C++
|
|
deps/
|
|
|
|
# Swift / Dart / Flutter
|
|
.dart_tool/
|
|
Carthage/
|
|
|
|
# Elixir / Erlang
|
|
_build/
|
|
deps/ |