docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename to flags and environment variables to content trust 

Update help line to allow 90 characters instead of 80

The trust flag pushes out the help description column wider, requiring more room to display help messages.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2015-07-24 01:59:42 -07:00
parent 3e90b12d42
commit 259cadb0b1
12 changed files with 136 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/client/trust.go
View File

@ -37,7 +37,7 @@ var untrusted bool
func addTrustedFlags(fs *flag.FlagSet, verify bool) { func addTrustedFlags(fs *flag.FlagSet, verify bool) {
var trusted bool var trusted bool
if e := os.Getenv("DOCKER_TRUST"); e != "" { if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
if t, err := strconv.ParseBool(e); t || err != nil { if t, err := strconv.ParseBool(e); t || err != nil {
// treat any other value as true // treat any other value as true
trusted = true trusted = true
@ -47,7 +47,7 @@ func addTrustedFlags(fs *flag.FlagSet, verify bool) {
if verify { if verify {
message = "Skip image verification" message = "Skip image verification"
} }
fs.BoolVar(&untrusted, []string{"-untrusted"}, !trusted, message) fs.BoolVar(&untrusted, []string{"-disable-content-trust"}, !trusted, message)
} }
func isTrusted() bool { func isTrusted() bool {
@ -79,7 +79,7 @@ func (cli *DockerCli) certificateDirectory(server string) (string, error) {
} }
func trustServer(index *registry.IndexInfo) string { func trustServer(index *registry.IndexInfo) string {
if s := os.Getenv("DOCKER_TRUST_SERVER"); s != "" { if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
if !strings.HasPrefix(s, "https://") { if !strings.HasPrefix(s, "https://") {
return "https://" + s return "https://" + s
} }
@ -178,9 +178,9 @@ func convertTarget(t client.Target) (target, error) {
func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever { func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever {
baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out) baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out)
env := map[string]string{ env := map[string]string{
"root": os.Getenv("DOCKER_TRUST_ROOT_PASSPHRASE"), "root": os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
"targets": os.Getenv("DOCKER_TRUST_TARGET_PASSPHRASE"), "targets": os.Getenv("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE"),
"snapshot": os.Getenv("DOCKER_TRUST_SNAPSHOT_PASSPHRASE"), "snapshot": os.Getenv("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE"),
} }
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" { if v := env[alias]; v != "" {

4
docs/reference/commandline/cli.md
View File

@ -49,8 +49,8 @@ by the `docker` command line:
unsuitable for Docker. unsuitable for Docker.
* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. * `DOCKER_RAMDISK` If set this will disable 'pivot_root'.
* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote.
* `DOCKER_TRUST` When set Docker uses notary to sign and verify images. * `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images.
Equates to `--untrusted=false` for build, create, pull, push, run. Equates to `--disable-content-trust=false` for build, create, pull, push, run.
* `DOCKER_TMPDIR` Location for temporary Docker files. * `DOCKER_TMPDIR` Location for temporary Docker files.
Because Docker is developed using 'Go', you can also use any environment Because Docker is developed using 'Go', you can also use any environment

2
docs/reference/commandline/create.md
View File

@ -61,7 +61,7 @@ Creates a new container.
--restart="no" Restart policy (no, on-failure[:max-retry], always) --restart="no" Restart policy (no, on-failure[:max-retry], always)
--security-opt=[] Security options --security-opt=[] Security options
-t, --tty=false Allocate a pseudo-TTY -t, --tty=false Allocate a pseudo-TTY
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
-u, --user="" Username or UID -u, --user="" Username or UID
--ulimit=[] Ulimit options --ulimit=[] Ulimit options
--uts="" UTS namespace to use --uts="" UTS namespace to use

2
docs/reference/commandline/pull.md
View File

@ -16,7 +16,7 @@ weight=1
Pull an image or a repository from the registry Pull an image or a repository from the registry
-a, --all-tags=false Download all tagged images in the repository -a, --all-tags=false Download all tagged images in the repository
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
Most of your images will be created on top of a base image from the Most of your images will be created on top of a base image from the
[Docker Hub](https://hub.docker.com) registry. [Docker Hub](https://hub.docker.com) registry.

2
docs/reference/commandline/push.md
View File

@ -15,7 +15,7 @@ weight=1
Push an image or a repository to the registry Push an image or a repository to the registry
--untrusted=true Skip image signing --disable-content-trust=true Skip image signing
Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
registry or to a self-hosted one. registry or to a self-hosted one.

2
docs/reference/commandline/run.md
View File

@ -65,7 +65,7 @@ weight=1
-t, --tty=false Allocate a pseudo-TTY -t, --tty=false Allocate a pseudo-TTY
-u, --user="" Username or UID (format: <name|uid>[:<group|gid>]) -u, --user="" Username or UID (format: <name|uid>[:<group|gid>])
--ulimit=[] Ulimit options --ulimit=[] Ulimit options
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
--uts="" UTS namespace to use --uts="" UTS namespace to use
-v, --volume=[] Bind mount a volume -v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s) --volumes-from=[] Mount volumes from the specified container(s)

6
integration-cli/docker_cli_create_test.go
View File

@ -294,7 +294,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted create to ensure we pushed the tag to the registry // Try untrusted create to ensure we pushed the tag to the registry
createCmd = exec.Command(dockerBinary, "create", "--untrusted=true", repoName) createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)
s.trustedCmd(createCmd) s.trustedCmd(createCmd)
out, _, err = runCommandWithOutput(createCmd) out, _, err = runCommandWithOutput(createCmd)
if err != nil { if err != nil {
@ -302,7 +302,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted create with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted create with --disable-content-trust:\n%s", out)
} }
} }
@ -366,7 +366,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try create // Try create
createCmd := exec.Command(dockerBinary, "create", "--untrusted", repoName) createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)
s.trustedCmd(createCmd) s.trustedCmd(createCmd)
out, _, err := runCommandWithOutput(createCmd) out, _, err := runCommandWithOutput(createCmd)
if err != nil { if err != nil {

2
integration-cli/docker_cli_help_test.go
View File

@ -132,7 +132,7 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
// Check each line for lots of stuff // Check each line for lots of stuff
lines := strings.Split(out, "\n") lines := strings.Split(out, "\n")
for _, line := range lines { for _, line := range lines {
if len(line) > 80 { if len(line) > 90 {
c.Fatalf("Help for %q is too long(%d chars):\n%s", cmd, c.Fatalf("Help for %q is too long(%d chars):\n%s", cmd,
len(line), line) len(line), line)
} }

6
integration-cli/docker_cli_pull_test.go
View File

@ -174,7 +174,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted pull to ensure we pushed the tag to the registry // Try untrusted pull to ensure we pushed the tag to the registry
pullCmd = exec.Command(dockerBinary, "pull", "--untrusted=true", repoName) pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)
s.trustedCmd(pullCmd) s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd) out, _, err = runCommandWithOutput(pullCmd)
if err != nil { if err != nil {
@ -182,7 +182,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)
} }
} }
@ -246,7 +246,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try pull // Try pull
pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName) pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)
s.trustedCmd(pullCmd) s.trustedCmd(pullCmd)
out, _, err := runCommandWithOutput(pullCmd) out, _, err := runCommandWithOutput(pullCmd)
if err != nil { if err != nil {

8
integration-cli/docker_cli_push_test.go
View File

@ -182,15 +182,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C)
// tag the image and upload it to the private registry // tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName) dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", "--untrusted", repoName) pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
s.trustedCmdWithServer(pushCmd, "example/") s.trustedCmdWithServer(pushCmd, "example/")
out, _, err := runCommandWithOutput(pushCmd) out, _, err := runCommandWithOutput(pushCmd)
if err != nil { if err != nil {
c.Fatalf("trusted push with no server and --untrusted failed: %s\n%s", err, out) c.Fatalf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out)
} }
if strings.Contains(string(out), "Error establishing connection to notary repository") { if strings.Contains(string(out), "Error establishing connection to notary repository") {
c.Fatalf("Missing expected output on trusted push with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted push with --disable-content-trust:\n%s", out)
} }
} }
@ -252,7 +252,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)
} }
} }

6
integration-cli/docker_cli_run_test.go
View File

@ -2566,7 +2566,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted run to ensure we pushed the tag to the registry // Try untrusted run to ensure we pushed the tag to the registry
runCmd = exec.Command(dockerBinary, "run", "--untrusted=true", repoName) runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)
s.trustedCmd(runCmd) s.trustedCmd(runCmd)
out, _, err = runCommandWithOutput(runCmd) out, _, err = runCommandWithOutput(runCmd)
if err != nil { if err != nil {
@ -2574,7 +2574,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted run with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
} }
} }
@ -2620,7 +2620,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try run // Try run
runCmd := exec.Command(dockerBinary, "run", "--untrusted", repoName) runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)
s.trustedCmd(runCmd) s.trustedCmd(runCmd)
out, _, err := runCommandWithOutput(runCmd) out, _, err := runCommandWithOutput(runCmd)
if err != nil { if err != nil {

10
integration-cli/trust_server.go
View File

@ -130,11 +130,11 @@ func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, sna
func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) { func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) {
env := []string{ env := []string{
"DOCKER_TRUST=1", "DOCKER_CONTENT_TRUST=1",
fmt.Sprintf("DOCKER_TRUST_SERVER=%s", server), fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
fmt.Sprintf("DOCKER_TRUST_ROOT_PASSPHRASE=%s", rootPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
fmt.Sprintf("DOCKER_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd),
fmt.Sprintf("DOCKER_TRUST_TARGET_PASSPHRASE=%s", targetPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd),
} }
cmd.Env = append(os.Environ(), env...) cmd.Env = append(os.Environ(), env...)
} }