mirror of https://github.com/docker/docs.git
Message canonical key ids on error
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
parent
00cadc9734
commit
06ba32ea47
|
|
@ -577,6 +577,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
|
||||||
var (
|
var (
|
||||||
role data.BaseRole
|
role data.BaseRole
|
||||||
err error
|
err error
|
||||||
|
canonicalKeyIDs []string
|
||||||
)
|
)
|
||||||
// we only need the BaseRole part of a delegation because we're just
|
// we only need the BaseRole part of a delegation because we're just
|
||||||
// checking KeyIDs
|
// checking KeyIDs
|
||||||
|
|
@ -597,6 +598,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
|
||||||
check := []string{keyID}
|
check := []string{keyID}
|
||||||
if canonicalID, err := utils.CanonicalKeyID(k); err == nil {
|
if canonicalID, err := utils.CanonicalKeyID(k); err == nil {
|
||||||
check = append(check, canonicalID)
|
check = append(check, canonicalID)
|
||||||
|
canonicalKeyIDs = append(canonicalKeyIDs, canonicalID)
|
||||||
}
|
}
|
||||||
for _, id := range check {
|
for _, id := range check {
|
||||||
p, _, err := tr.cryptoService.GetPrivateKey(id)
|
p, _, err := tr.cryptoService.GetPrivateKey(id)
|
||||||
|
|
@ -605,7 +607,7 @@ func (tr *Repo) VerifyCanSign(roleName string) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return signed.ErrNoKeys{KeyIDs: role.ListKeyIDs()}
|
return signed.ErrNoKeys{KeyIDs: canonicalKeyIDs}
|
||||||
}
|
}
|
||||||
|
|
||||||
// used for walking the targets/delegations tree, potentially modifying the underlying SignedTargets for the repo
|
// used for walking the targets/delegations tree, potentially modifying the underlying SignedTargets for the repo
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue