docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated to use latest version of notary 

Update UX to use aliases for root, snapshot, and target key

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2015-07-31 15:01:50 -07:00
parent d594c6fcd8
commit 6ce76cd9ed
3 changed files with 38 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
api/client/trust.go
View File

@ -13,6 +13,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"regexp" "regexp"
"sort"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -176,11 +177,16 @@ func convertTarget(t client.Target) (target, error) {
} }
func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever { func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever {
baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out) aliasMap := map[string]string{
"root": "offline",
"snapshot": "tagging",
"targets": "tagging",
}
baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out, aliasMap)
env := map[string]string{ env := map[string]string{
"root": os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"), "root": os.Getenv("DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE"),
"targets": os.Getenv("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE"), "snapshot": os.Getenv("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE"),
"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE"), "targets": os.Getenv("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE"),
} }
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" { if v := env[alias]; v != "" {
@ -311,6 +317,22 @@ func (cli *DockerCli) trustedPull(repoInfo *registry.RepositoryInfo, ref registr
return nil return nil
} }
func selectKey(keys map[string]string) string {
if len(keys) == 0 {
return ""
}
keyIDs := []string{}
for k := range keys {
keyIDs = append(keyIDs, k)
}
// TODO(dmcgowan): let user choose if multiple keys, now pick consistently
sort.Strings(keyIDs)
return keyIDs[0]
}
func targetStream(in io.Writer) (io.WriteCloser, <-chan []target) { func targetStream(in io.Writer) (io.WriteCloser, <-chan []target) {
r, w := io.Pipe() r, w := io.Pipe()
out := io.MultiWriter(in, w) out := io.MultiWriter(in, w)
@ -409,16 +431,13 @@ func (cli *DockerCli) trustedPush(repoInfo *registry.RepositoryInfo, tag string,
ks := repo.KeyStoreManager ks := repo.KeyStoreManager
keys := ks.RootKeyStore().ListKeys() keys := ks.RootKeyStore().ListKeys()
var rootKey string
if len(keys) == 0 { rootKey := selectKey(keys)
if rootKey == "" {
rootKey, err = ks.GenRootKey("ecdsa") rootKey, err = ks.GenRootKey("ecdsa")
if err != nil { if err != nil {
return err return err
} }
} else {
// TODO(dmcgowan): let user choose
rootKey = keys[0]
} }
cryptoService, err := ks.GetRootCryptoService(rootKey) cryptoService, err := ks.GetRootCryptoService(rootKey)

2
integration-cli/docker_cli_push_test.go
View File

@ -275,7 +275,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithIncorrectPassphraseForNonRoot(c *c
// Push with wrong passphrases // Push with wrong passphrases
pushCmd = exec.Command(dockerBinary, "push", repoName) pushCmd = exec.Command(dockerBinary, "push", repoName)
s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321", "87654321") s.trustedCmdWithPassphrases(pushCmd, "12345678", "87654321")
out, _, err = runCommandWithOutput(pushCmd) out, _, err = runCommandWithOutput(pushCmd)
if err == nil { if err == nil {
c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out) c.Fatalf("Error missing from trusted push with short targets passphrase: \n%s", out)

18
integration-cli/trust_server.go
View File

@ -32,7 +32,8 @@ func newTestNotary(c *check.C) (*testNotary, error) {
"trust_service": { "trust_service": {
"type": "local", "type": "local",
"hostname": "", "hostname": "",
"port": "" "port": "",
"key_algorithm": "ed25519"
}, },
"logging": { "logging": {
"level": 5 "level": 5
@ -116,25 +117,24 @@ func (t *testNotary) Close() {
func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) { func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) {
pwd := "12345678" pwd := "12345678"
trustCmdEnv(cmd, s.not.address(), pwd, pwd, pwd) trustCmdEnv(cmd, s.not.address(), pwd, pwd)
} }
func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) { func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) {
pwd := "12345678" pwd := "12345678"
trustCmdEnv(cmd, server, pwd, pwd, pwd) trustCmdEnv(cmd, server, pwd, pwd)
} }
func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, snapshotPwd, targetPwd string) { func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, offlinePwd, taggingPwd string) {
trustCmdEnv(cmd, s.not.address(), rootPwd, snapshotPwd, targetPwd) trustCmdEnv(cmd, s.not.address(), offlinePwd, taggingPwd)
} }
func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) { func trustCmdEnv(cmd *exec.Cmd, server, offlinePwd, taggingPwd string) {
env := []string{ env := []string{
"DOCKER_CONTENT_TRUST=1", "DOCKER_CONTENT_TRUST=1",
fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server), fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),
fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE=%s", offlinePwd),
fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd), fmt.Sprintf("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE=%s", taggingPwd),
fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd),
} }
cmd.Env = append(os.Environ(), env...) cmd.Env = append(os.Environ(), env...)
} }