docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename to flags and environment variables to content trust 

Update help line to allow 90 characters instead of 80

The trust flag pushes out the help description column wider, requiring more room to display help messages.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2015-07-24 01:59:42 -07:00
parent 3e90b12d42
commit 259cadb0b1
12 changed files with 136 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/client/trust.go
View File

@ -37,7 +37,7 @@ var untrusted bool
func addTrustedFlags(fs *flag.FlagSet, verify bool) { func addTrustedFlags(fs *flag.FlagSet, verify bool) {
var trusted bool var trusted bool
if e := os.Getenv("DOCKER_TRUST"); e != "" { if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
if t, err := strconv.ParseBool(e); t || err != nil { if t, err := strconv.ParseBool(e); t || err != nil {
// treat any other value as true // treat any other value as true
trusted = true trusted = true
@ -47,7 +47,7 @@ func addTrustedFlags(fs *flag.FlagSet, verify bool) {
if verify { if verify {
message = "Skip image verification" message = "Skip image verification"
} }
fs.BoolVar(&untrusted, []string{"-untrusted"}, !trusted, message) fs.BoolVar(&untrusted, []string{"-disable-content-trust"}, !trusted, message)
} }
func isTrusted() bool { func isTrusted() bool {
@ -79,7 +79,7 @@ func (cli *DockerCli) certificateDirectory(server string) (string, error) {
} }
func trustServer(index *registry.IndexInfo) string { func trustServer(index *registry.IndexInfo) string {
if s := os.Getenv("DOCKER_TRUST_SERVER"); s != "" { if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
if !strings.HasPrefix(s, "https://") { if !strings.HasPrefix(s, "https://") {
return "https://" + s return "https://" + s
} }
@ -178,9 +178,9 @@ func convertTarget(t client.Target) (target, error) {
func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever { func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever {
baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out) baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out)
env := map[string]string{ env := map[string]string{
"root": os.Getenv("DOCKER_TRUST_ROOT_PASSPHRASE"), "root": os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
"targets": os.Getenv("DOCKER_TRUST_TARGET_PASSPHRASE"), "targets": os.Getenv("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE"),
"snapshot": os.Getenv("DOCKER_TRUST_SNAPSHOT_PASSPHRASE"), "snapshot": os.Getenv("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE"),
} }
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" { if v := env[alias]; v != "" {

4
docs/reference/commandline/cli.md
View File

@ -49,8 +49,8 @@ by the `docker` command line:
unsuitable for Docker. unsuitable for Docker.
* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. * `DOCKER_RAMDISK` If set this will disable 'pivot_root'.
* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote.
* `DOCKER_TRUST` When set Docker uses notary to sign and verify images. * `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images.
Equates to `--untrusted=false` for build, create, pull, push, run. Equates to `--disable-content-trust=false` for build, create, pull, push, run.
* `DOCKER_TMPDIR` Location for temporary Docker files. * `DOCKER_TMPDIR` Location for temporary Docker files.
Because Docker is developed using 'Go', you can also use any environment Because Docker is developed using 'Go', you can also use any environment

102
docs/reference/commandline/create.md
View File

@ -17,57 +17,57 @@ Creates a new container.
Create a new container Create a new container
-a, --attach=[] Attach to STDIN, STDOUT or STDERR -a, --attach=[] Attach to STDIN, STDOUT or STDERR
--add-host=[] Add a custom host-to-IP mapping (host:ip) --add-host=[] Add a custom host-to-IP mapping (host:ip)
--blkio-weight=0 Block IO weight (relative weight) --blkio-weight=0 Block IO weight (relative weight)
-c, --cpu-shares=0 CPU shares (relative weight) -c, --cpu-shares=0 CPU shares (relative weight)
--cap-add=[] Add Linux capabilities --cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities --cap-drop=[] Drop Linux capabilities
--cgroup-parent="" Optional parent cgroup for the container --cgroup-parent="" Optional parent cgroup for the container
--cidfile="" Write the container ID to the file --cidfile="" Write the container ID to the file
--cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota
--cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1)
--device=[] Add a host device to the container --device=[] Add a host device to the container
--dns=[] Set custom DNS servers --dns=[] Set custom DNS servers
--dns-search=[] Set custom DNS search domains --dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables -e, --env=[] Set environment variables
--entrypoint="" Overwrite the default ENTRYPOINT of the image --entrypoint="" Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a file of environment variables --env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports --expose=[] Expose a port or a range of ports
-h, --hostname="" Container host name -h, --hostname="" Container host name
--help=false Print usage --help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached -i, --interactive=false Keep STDIN open even if not attached
--ipc="" IPC namespace to use --ipc="" IPC namespace to use
-l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value)
--label-file=[] Read in a line delimited file of labels --label-file=[] Read in a line delimited file of labels
--link=[] Add link to another container --link=[] Add link to another container
--log-driver="" Logging driver for container --log-driver="" Logging driver for container
--log-opt=[] Log driver specific options --log-opt=[] Log driver specific options
--lxc-conf=[] Add custom lxc options --lxc-conf=[] Add custom lxc options
-m, --memory="" Memory limit -m, --memory="" Memory limit
--mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swap="" Total memory (memory + swap), '-1' to disable swap
--memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
--name="" Assign a name to the container --name="" Assign a name to the container
--net="bridge" Set the Network mode for the container --net="bridge" Set the Network mode for the container
--oom-kill-disable=false Whether to disable OOM Killer for the container or not --oom-kill-disable=false Whether to disable OOM Killer for the container or not
-P, --publish-all=false Publish all exposed ports to random ports -P, --publish-all=false Publish all exposed ports to random ports
-p, --publish=[] Publish a container's port(s) to the host -p, --publish=[] Publish a container's port(s) to the host
--pid="" PID namespace to use --pid="" PID namespace to use
--privileged=false Give extended privileges to this container --privileged=false Give extended privileges to this container
--read-only=false Mount the container's root filesystem as read only --read-only=false Mount the container's root filesystem as read only
--restart="no" Restart policy (no, on-failure[:max-retry], always) --restart="no" Restart policy (no, on-failure[:max-retry], always)
--security-opt=[] Security options --security-opt=[] Security options
-t, --tty=false Allocate a pseudo-TTY -t, --tty=false Allocate a pseudo-TTY
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
-u, --user="" Username or UID -u, --user="" Username or UID
--ulimit=[] Ulimit options --ulimit=[] Ulimit options
--uts="" UTS namespace to use --uts="" UTS namespace to use
-v, --volume=[] Bind mount a volume -v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s) --volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir="" Working directory inside the container -w, --workdir="" Working directory inside the container
The `docker create` command creates a writeable container layer over the The `docker create` command creates a writeable container layer over the
specified image and prepares it for running the specified command. The specified image and prepares it for running the specified command. The

4
docs/reference/commandline/pull.md
View File

@ -15,8 +15,8 @@ weight=1
Pull an image or a repository from the registry Pull an image or a repository from the registry
-a, --all-tags=false Download all tagged images in the repository -a, --all-tags=false Download all tagged images in the repository
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
Most of your images will be created on top of a base image from the Most of your images will be created on top of a base image from the
[Docker Hub](https://hub.docker.com) registry. [Docker Hub](https://hub.docker.com) registry.

2
docs/reference/commandline/push.md
View File

@ -15,7 +15,7 @@ weight=1
Push an image or a repository to the registry Push an image or a repository to the registry
--untrusted=true Skip image signing --disable-content-trust=true Skip image signing
Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)
registry or to a self-hosted one. registry or to a self-hosted one.

110
docs/reference/commandline/run.md
View File

@ -15,61 +15,61 @@ weight=1
Run a command in a new container Run a command in a new container
-a, --attach=[] Attach to STDIN, STDOUT or STDERR -a, --attach=[] Attach to STDIN, STDOUT or STDERR
--add-host=[] Add a custom host-to-IP mapping (host:ip) --add-host=[] Add a custom host-to-IP mapping (host:ip)
--blkio-weight=0 Block IO weight (relative weight) --blkio-weight=0 Block IO weight (relative weight)
-c, --cpu-shares=0 CPU shares (relative weight) -c, --cpu-shares=0 CPU shares (relative weight)
--cap-add=[] Add Linux capabilities --cap-add=[] Add Linux capabilities
--cap-drop=[] Drop Linux capabilities --cap-drop=[] Drop Linux capabilities
--cgroup-parent="" Optional parent cgroup for the container --cgroup-parent="" Optional parent cgroup for the container
--cidfile="" Write the container ID to the file --cidfile="" Write the container ID to the file
--cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota
--cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1)
-d, --detach=false Run container in background and print container ID -d, --detach=false Run container in background and print container ID
--device=[] Add a host device to the container --device=[] Add a host device to the container
--dns=[] Set custom DNS servers --dns=[] Set custom DNS servers
--dns-search=[] Set custom DNS search domains --dns-search=[] Set custom DNS search domains
-e, --env=[] Set environment variables -e, --env=[] Set environment variables
--entrypoint="" Overwrite the default ENTRYPOINT of the image --entrypoint="" Overwrite the default ENTRYPOINT of the image
--env-file=[] Read in a file of environment variables --env-file=[] Read in a file of environment variables
--expose=[] Expose a port or a range of ports --expose=[] Expose a port or a range of ports
--group-add=[] Add additional groups to run as --group-add=[] Add additional groups to run as
-h, --hostname="" Container host name -h, --hostname="" Container host name
--help=false Print usage --help=false Print usage
-i, --interactive=false Keep STDIN open even if not attached -i, --interactive=false Keep STDIN open even if not attached
--ipc="" IPC namespace to use --ipc="" IPC namespace to use
-l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value)
--label-file=[] Read in a file of labels (EOL delimited) --label-file=[] Read in a file of labels (EOL delimited)
--link=[] Add link to another container --link=[] Add link to another container
--log-driver="" Logging driver for container --log-driver="" Logging driver for container
--log-opt=[] Log driver specific options --log-opt=[] Log driver specific options
--lxc-conf=[] Add custom lxc options --lxc-conf=[] Add custom lxc options
-m, --memory="" Memory limit -m, --memory="" Memory limit
--mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33)
--memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swap="" Total memory (memory + swap), '-1' to disable swap
--memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.
--name="" Assign a name to the container --name="" Assign a name to the container
--net="bridge" Set the Network mode for the container --net="bridge" Set the Network mode for the container
--oom-kill-disable=false Whether to disable OOM Killer for the container or not --oom-kill-disable=false Whether to disable OOM Killer for the container or not
-P, --publish-all=false Publish all exposed ports to random ports -P, --publish-all=false Publish all exposed ports to random ports
-p, --publish=[] Publish a container's port(s) to the host -p, --publish=[] Publish a container's port(s) to the host
--pid="" PID namespace to use --pid="" PID namespace to use
--privileged=false Give extended privileges to this container --privileged=false Give extended privileges to this container
--read-only=false Mount the container's root filesystem as read only --read-only=false Mount the container's root filesystem as read only
--restart="no" Restart policy (no, on-failure[:max-retry], always) --restart="no" Restart policy (no, on-failure[:max-retry], always)
--rm=false Automatically remove the container when it exits --rm=false Automatically remove the container when it exits
--security-opt=[] Security Options --security-opt=[] Security Options
--sig-proxy=true Proxy received signals to the process --sig-proxy=true Proxy received signals to the process
-t, --tty=false Allocate a pseudo-TTY -t, --tty=false Allocate a pseudo-TTY
-u, --user="" Username or UID (format: <name|uid>[:<group|gid>]) -u, --user="" Username or UID (format: <name|uid>[:<group|gid>])
--ulimit=[] Ulimit options --ulimit=[] Ulimit options
--untrusted=true Skip image verification --disable-content-trust=true Skip image verification
--uts="" UTS namespace to use --uts="" UTS namespace to use
-v, --volume=[] Bind mount a volume -v, --volume=[] Bind mount a volume
--volumes-from=[] Mount volumes from the specified container(s) --volumes-from=[] Mount volumes from the specified container(s)
-w, --workdir="" Working directory inside the container -w, --workdir="" Working directory inside the container
The `docker run` command first `creates` a writeable container layer over the The `docker run` command first `creates` a writeable container layer over the
specified image, and then `starts` it using the specified command. That is, specified image, and then `starts` it using the specified command. That is,

6
integration-cli/docker_cli_create_test.go
View File

@ -294,7 +294,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted create to ensure we pushed the tag to the registry // Try untrusted create to ensure we pushed the tag to the registry
createCmd = exec.Command(dockerBinary, "create", "--untrusted=true", repoName) createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)
s.trustedCmd(createCmd) s.trustedCmd(createCmd)
out, _, err = runCommandWithOutput(createCmd) out, _, err = runCommandWithOutput(createCmd)
if err != nil { if err != nil {
@ -302,7 +302,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted create with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted create with --disable-content-trust:\n%s", out)
} }
} }
@ -366,7 +366,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try create // Try create
createCmd := exec.Command(dockerBinary, "create", "--untrusted", repoName) createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)
s.trustedCmd(createCmd) s.trustedCmd(createCmd)
out, _, err := runCommandWithOutput(createCmd) out, _, err := runCommandWithOutput(createCmd)
if err != nil { if err != nil {

2
integration-cli/docker_cli_help_test.go
View File

@ -132,7 +132,7 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) {
// Check each line for lots of stuff // Check each line for lots of stuff
lines := strings.Split(out, "\n") lines := strings.Split(out, "\n")
for _, line := range lines { for _, line := range lines {
if len(line) > 80 { if len(line) > 90 {
c.Fatalf("Help for %q is too long(%d chars):\n%s", cmd, c.Fatalf("Help for %q is too long(%d chars):\n%s", cmd,
len(line), line) len(line), line)
} }

6
integration-cli/docker_cli_pull_test.go
View File

@ -174,7 +174,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted pull to ensure we pushed the tag to the registry // Try untrusted pull to ensure we pushed the tag to the registry
pullCmd = exec.Command(dockerBinary, "pull", "--untrusted=true", repoName) pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)
s.trustedCmd(pullCmd) s.trustedCmd(pullCmd)
out, _, err = runCommandWithOutput(pullCmd) out, _, err = runCommandWithOutput(pullCmd)
if err != nil { if err != nil {
@ -182,7 +182,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)
} }
} }
@ -246,7 +246,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try pull // Try pull
pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName) pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)
s.trustedCmd(pullCmd) s.trustedCmd(pullCmd)
out, _, err := runCommandWithOutput(pullCmd) out, _, err := runCommandWithOutput(pullCmd)
if err != nil { if err != nil {

8
integration-cli/docker_cli_push_test.go
View File

@ -182,15 +182,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C)
// tag the image and upload it to the private registry // tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName) dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", "--untrusted", repoName) pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)
s.trustedCmdWithServer(pushCmd, "example/") s.trustedCmdWithServer(pushCmd, "example/")
out, _, err := runCommandWithOutput(pushCmd) out, _, err := runCommandWithOutput(pushCmd)
if err != nil { if err != nil {
c.Fatalf("trusted push with no server and --untrusted failed: %s\n%s", err, out) c.Fatalf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out)
} }
if strings.Contains(string(out), "Error establishing connection to notary repository") { if strings.Contains(string(out), "Error establishing connection to notary repository") {
c.Fatalf("Missing expected output on trusted push with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted push with --disable-content-trust:\n%s", out)
} }
} }
@ -252,7 +252,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)
} }
} }

6
integration-cli/docker_cli_run_test.go
View File

@ -2566,7 +2566,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
dockerCmd(c, "rmi", repoName) dockerCmd(c, "rmi", repoName)
// Try untrusted run to ensure we pushed the tag to the registry // Try untrusted run to ensure we pushed the tag to the registry
runCmd = exec.Command(dockerBinary, "run", "--untrusted=true", repoName) runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)
s.trustedCmd(runCmd) s.trustedCmd(runCmd)
out, _, err = runCommandWithOutput(runCmd) out, _, err = runCommandWithOutput(runCmd)
if err != nil { if err != nil {
@ -2574,7 +2574,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {
} }
if !strings.Contains(string(out), "Status: Downloaded") { if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on trusted run with --untrusted:\n%s", out) c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)
} }
} }
@ -2620,7 +2620,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {
runAtDifferentDate(elevenYearsFromNow, func() { runAtDifferentDate(elevenYearsFromNow, func() {
// Try run // Try run
runCmd := exec.Command(dockerBinary, "run", "--untrusted", repoName) runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)
s.trustedCmd(runCmd) s.trustedCmd(runCmd)
out, _, err := runCommandWithOutput(runCmd) out, _, err := runCommandWithOutput(runCmd)
if err != nil { if err != nil {

10
integration-cli/trust_server.go
View File

@ -130,11 +130,11 @@ func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, sna
func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) { func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) {
env := []string{ env := []string{
"DOCKER_TRUST=1", "DOCKER_CONTENT_TRUST=1",
fmt.Sprintf("DOCKER_TRUST_SERVER=%s", server), fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
fmt.Sprintf("DOCKER_TRUST_ROOT_PASSPHRASE=%s", rootPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),
fmt.Sprintf("DOCKER_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd),
fmt.Sprintf("DOCKER_TRUST_TARGET_PASSPHRASE=%s", targetPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd),
} }
cmd.Env = append(os.Environ(), env...) cmd.Env = append(os.Environ(), env...)
} }