2017-09-26 14:43:52 -04:00
package trust
import (
"context"
"fmt"
2017-10-25 13:45:10 -04:00
"io"
2017-09-26 14:43:52 -04:00
"os"
"path"
"regexp"
"strings"
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
2017-10-23 05:23:39 -04:00
"github.com/docker/cli/cli/command/image"
2017-09-26 14:43:52 -04:00
"github.com/docker/cli/cli/trust"
"github.com/docker/cli/opts"
2017-10-10 13:16:01 -04:00
"github.com/pkg/errors"
2017-09-26 14:43:52 -04:00
"github.com/spf13/cobra"
2017-10-30 12:21:41 -04:00
"github.com/theupdateframework/notary/client"
"github.com/theupdateframework/notary/tuf/data"
tufutils "github.com/theupdateframework/notary/tuf/utils"
2017-09-26 14:43:52 -04:00
)
type signerAddOptions struct {
keys opts . ListOpts
signer string
2017-10-25 13:45:10 -04:00
repos [ ] string
2017-09-26 14:43:52 -04:00
}
2023-11-20 11:38:50 -05:00
func newSignerAddCommand ( dockerCLI command . Cli ) * cobra . Command {
2017-09-26 14:43:52 -04:00
var options signerAddOptions
cmd := & cobra . Command {
2017-10-25 13:45:10 -04:00
Use : "add OPTIONS NAME REPOSITORY [REPOSITORY...] " ,
2017-09-26 14:43:52 -04:00
Short : "Add a signer" ,
Args : cli . RequiresMinArgs ( 2 ) ,
RunE : func ( cmd * cobra . Command , args [ ] string ) error {
options . signer = args [ 0 ]
2017-10-25 13:45:10 -04:00
options . repos = args [ 1 : ]
2023-09-09 18:27:44 -04:00
return addSigner ( cmd . Context ( ) , dockerCLI , options )
2017-09-26 14:43:52 -04:00
} ,
}
flags := cmd . Flags ( )
options . keys = opts . NewListOpts ( nil )
2017-10-25 13:45:10 -04:00
flags . Var ( & options . keys , "key" , "Path to the signer's public key file" )
2017-09-26 14:43:52 -04:00
return cmd
}
2017-10-25 13:45:10 -04:00
var validSignerName = regexp . MustCompile ( ` ^[a-z0-9][a-z0-9\_\-]*$ ` ) . MatchString
2017-09-26 14:43:52 -04:00
2023-09-09 18:27:44 -04:00
func addSigner ( ctx context . Context , dockerCLI command . Cli , options signerAddOptions ) error {
2017-09-26 14:43:52 -04:00
signerName := options . signer
if ! validSignerName ( signerName ) {
2017-10-25 13:45:10 -04:00
return fmt . Errorf ( "signer name \"%s\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character" , signerName )
2017-09-26 14:43:52 -04:00
}
if signerName == "releases" {
2024-04-26 14:16:51 -04:00
return errors . New ( "releases is a reserved keyword, use a different signer name" )
2017-09-26 14:43:52 -04:00
}
2017-10-25 13:45:10 -04:00
if options . keys . Len ( ) == 0 {
linting: fmt.Errorf can be replaced with errors.New (perfsprint)
internal/test/cli.go:175:14: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("no notary client available unless defined")
^
cli/command/cli.go:318:29: fmt.Errorf can be replaced with errors.New (perfsprint)
return docker.Endpoint{}, fmt.Errorf("no context store initialized")
^
cli/command/container/attach.go:161:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf(result.Error.Message)
^
cli/command/container/opts.go:577:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("--health-start-period cannot be negative")
^
cli/command/container/opts.go:580:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("--health-start-interval cannot be negative")
^
cli/command/container/stats.go:221:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("filtering is not supported when specifying a list of containers")
^
cli/command/container/attach_test.go:82:17: fmt.Errorf can be replaced with errors.New (perfsprint)
expectedErr = fmt.Errorf("unexpected error")
^
cli/command/container/create_test.go:234:40: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
^
cli/command/container/list_test.go:150:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("error listing containers")
^
cli/command/container/rm_test.go:40:31: fmt.Errorf can be replaced with errors.New (perfsprint)
return errdefs.NotFound(fmt.Errorf("Error: no such container: " + container))
^
cli/command/container/run_test.go:138:40: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.CreateResponse{}, fmt.Errorf("shouldn't try to pull image")
^
cli/command/image/pull_test.go:115:49: fmt.Errorf can be replaced with errors.New (perfsprint)
return io.NopCloser(strings.NewReader("")), fmt.Errorf("shouldn't try to pull image")
^
cli/command/network/connect.go:88:16: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("invalid key/value pair format in driver options")
^
cli/command/plugin/create_test.go:96:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error creating plugin")
^
cli/command/plugin/disable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error disabling plugin")
^
cli/command/plugin/enable_test.go:32:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("failed to enable plugin")
^
cli/command/plugin/inspect_test.go:55:22: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, nil, fmt.Errorf("error inspecting plugin")
^
cli/command/plugin/install_test.go:43:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("Error installing plugin")
^
cli/command/plugin/install_test.go:51:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("(image) when fetching")
^
cli/command/plugin/install_test.go:95:17: fmt.Errorf can be replaced with errors.New (perfsprint)
return nil, fmt.Errorf("should not try to install plugin")
^
cli/command/plugin/list_test.go:35:41: fmt.Errorf can be replaced with errors.New (perfsprint)
return types.PluginsListResponse{}, fmt.Errorf("error listing plugins")
^
cli/command/plugin/remove_test.go:27:12: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("Error removing plugin")
^
cli/command/registry/login_test.go:36:46: fmt.Errorf can be replaced with errors.New (perfsprint)
return registrytypes.AuthenticateOKBody{}, fmt.Errorf("Invalid Username or Password")
^
cli/command/registry/login_test.go:44:46: fmt.Errorf can be replaced with errors.New (perfsprint)
return registrytypes.AuthenticateOKBody{}, fmt.Errorf(errUnknownUser)
^
cli/command/system/info.go:190:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("errors pretty printing info")
^
cli/command/system/prune.go:77:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf(`ERROR: The "until" filter is not supported with "--volumes"`)
^
cli/command/system/version_test.go:19:28: fmt.Errorf can be replaced with errors.New (perfsprint)
return types.Version{}, fmt.Errorf("no server")
^
cli/command/trust/key_load.go:112:22: fmt.Errorf can be replaced with errors.New (perfsprint)
return []byte{}, fmt.Errorf("could not decrypt key")
^
cli/command/trust/revoke.go:44:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("cannot use a digest reference for IMAGE:TAG")
^
cli/command/trust/revoke.go:105:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("no signed tags to remove")
^
cli/command/trust/signer_add.go:56:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("releases is a reserved keyword, please use a different signer name")
^
cli/command/trust/signer_add.go:60:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("path to a public key must be provided using the `--key` flag")
^
opts/config.go:71:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("source is required")
^
opts/mount.go:168:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("type is required")
^
opts/mount.go:172:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("target is required")
^
opts/network.go:90:11: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("network name/id is not specified")
^
opts/network.go:129:18: fmt.Errorf can be replaced with errors.New (perfsprint)
return "", "", fmt.Errorf("invalid key value pair format in driver options")
^
opts/opts.go:404:13: fmt.Errorf can be replaced with errors.New (perfsprint)
return 0, fmt.Errorf("value is too precise")
^
opts/opts.go:412:18: fmt.Errorf can be replaced with errors.New (perfsprint)
return "", "", fmt.Errorf("empty string specified for links")
^
opts/parse.go:84:37: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: no policy provided before colon")
^
opts/parse.go:89:38: fmt.Errorf can be replaced with errors.New (perfsprint)
return container.RestartPolicy{}, fmt.Errorf("invalid restart policy format: maximum retry count must be an integer")
^
opts/port.go:105:13: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("hostip is not supported")
^
opts/secret.go:70:10: fmt.Errorf can be replaced with errors.New (perfsprint)
return fmt.Errorf("source is required")
^
opts/env_test.go:57:11: fmt.Errorf can be replaced with errors.New (perfsprint)
err: fmt.Errorf("invalid environment variable: =a"),
^
opts/env_test.go:93:11: fmt.Errorf can be replaced with errors.New (perfsprint)
err: fmt.Errorf("invalid environment variable: ="),
^
cli-plugins/manager/error_test.go:16:11: fmt.Errorf can be replaced with errors.New (perfsprint)
inner := fmt.Errorf("testing")
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-10 14:47:07 -04:00
return errors . New ( "path to a public key must be provided using the `--key` flag" )
2017-09-26 14:43:52 -04:00
}
2017-10-25 13:45:10 -04:00
signerPubKeys , err := ingestPublicKeys ( options . keys . GetAll ( ) )
if err != nil {
return err
}
var errRepos [ ] string
for _ , repoName := range options . repos {
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Adding signer \"%s\" to %s...\n" , signerName , repoName )
2023-09-09 18:27:44 -04:00
if err := addSignerToRepo ( ctx , dockerCLI , signerName , repoName , signerPubKeys ) ; err != nil {
2023-11-20 11:38:50 -05:00
fmt . Fprintln ( dockerCLI . Err ( ) , err . Error ( ) + "\n" )
2017-10-25 13:45:10 -04:00
errRepos = append ( errRepos , repoName )
2017-09-26 14:43:52 -04:00
} else {
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Successfully added signer: %s to %s\n\n" , signerName , repoName )
2017-09-26 14:43:52 -04:00
}
}
2017-10-25 13:45:10 -04:00
if len ( errRepos ) > 0 {
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
return fmt . Errorf ( "failed to add signer to: %s" , strings . Join ( errRepos , ", " ) )
2017-09-26 14:43:52 -04:00
}
return nil
}
2023-09-09 18:27:44 -04:00
func addSignerToRepo ( ctx context . Context , dockerCLI command . Cli , signerName string , repoName string , signerPubKeys [ ] data . PublicKey ) error {
2023-11-20 11:38:50 -05:00
imgRefAndAuth , err := trust . GetImageReferencesAndAuth ( ctx , image . AuthResolver ( dockerCLI ) , repoName )
2017-09-26 14:43:52 -04:00
if err != nil {
return err
}
2023-11-20 11:38:50 -05:00
notaryRepo , err := dockerCLI . NotaryClient ( imgRefAndAuth , trust . ActionsPushAndPull )
2017-09-26 14:43:52 -04:00
if err != nil {
return trust . NotaryError ( imgRefAndAuth . Reference ( ) . Name ( ) , err )
}
if _ , err = notaryRepo . ListTargets ( ) ; err != nil {
switch err . ( type ) {
case client . ErrRepoNotInitialized , client . ErrRepositoryNotExist :
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Initializing signed repository for %s...\n" , repoName )
2017-09-26 14:43:52 -04:00
if err := getOrGenerateRootKeyAndInitRepo ( notaryRepo ) ; err != nil {
2017-10-25 13:45:10 -04:00
return trust . NotaryError ( repoName , err )
2017-09-26 14:43:52 -04:00
}
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Successfully initialized %q\n" , repoName )
2017-09-26 14:43:52 -04:00
default :
2017-10-25 13:45:10 -04:00
return trust . NotaryError ( repoName , err )
2017-09-26 14:43:52 -04:00
}
}
newSignerRoleName := data . RoleName ( path . Join ( data . CanonicalTargetsRole . String ( ) , signerName ) )
2017-10-10 13:16:01 -04:00
if err := addStagedSigner ( notaryRepo , newSignerRoleName , signerPubKeys ) ; err != nil {
return errors . Wrapf ( err , "could not add signer to repo: %s" , strings . TrimPrefix ( newSignerRoleName . String ( ) , "targets/" ) )
}
2017-09-26 14:43:52 -04:00
return notaryRepo . Publish ( )
}
func ingestPublicKeys ( pubKeyPaths [ ] string ) ( [ ] data . PublicKey , error ) {
pubKeys := [ ] data . PublicKey { }
for _ , pubKeyPath := range pubKeyPaths {
2017-10-25 13:45:10 -04:00
// Read public key bytes from PEM file, limit to 1 KiB
2022-09-30 13:13:22 -04:00
pubKeyFile , err := os . OpenFile ( pubKeyPath , os . O_RDONLY , 0 o666 )
2017-09-26 14:43:52 -04:00
if err != nil {
2017-10-25 13:45:10 -04:00
return nil , errors . Wrap ( err , "unable to read public key from file" )
}
defer pubKeyFile . Close ( )
// limit to
l := io . LimitReader ( pubKeyFile , 1 << 20 )
2022-02-25 08:33:57 -05:00
pubKeyBytes , err := io . ReadAll ( l )
2017-10-25 13:45:10 -04:00
if err != nil {
return nil , errors . Wrap ( err , "unable to read public key from file" )
2017-09-26 14:43:52 -04:00
}
// Parse PEM bytes into type PublicKey
pubKey , err := tufutils . ParsePEMPublicKey ( pubKeyBytes )
if err != nil {
2017-10-25 13:45:10 -04:00
return nil , errors . Wrapf ( err , "could not parse public key from file: %s" , pubKeyPath )
2017-09-26 14:43:52 -04:00
}
pubKeys = append ( pubKeys , pubKey )
}
return pubKeys , nil
}
