2017-10-09 13:44:52 -04:00
|
|
|
# trust signer add
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2023-01-06 13:04:05 -05:00
|
|
|
<!---MARKER_GEN_START-->
|
2017-10-25 13:45:10 -04:00
|
|
|
Add a signer
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2023-01-06 13:04:05 -05:00
|
|
|
### Options
|
|
|
|
|
|
|
|
| Name | Type | Default | Description |
|
|
|
|
|:--------|:-------|:--------|:-------------------------------------|
|
|
|
|
| `--key` | `list` | | Path to the signer's public key file |
|
|
|
|
|
|
|
|
|
|
|
|
<!---MARKER_GEN_END-->
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
## Description
|
|
|
|
|
2017-10-09 13:44:52 -04:00
|
|
|
`docker trust signer add` adds signers to signed repositories.
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
2023-12-13 09:16:56 -05:00
|
|
|
### Add a signer to a repository
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2020-03-15 10:11:43 -04:00
|
|
|
To add a new signer, `alice`, to this repository:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
No signatures for example/trust-demo
|
|
|
|
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2017-10-09 13:44:52 -04:00
|
|
|
Add `alice` with `docker trust signer add`:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2017-10-09 13:44:52 -04:00
|
|
|
$ docker trust signer add alice example/trust-demo --key alice.crt
|
2017-09-26 14:46:38 -04:00
|
|
|
Adding signer "alice" to example/trust-demo...
|
2020-03-15 10:11:43 -04:00
|
|
|
Enter passphrase for repository key with ID 642692c:
|
|
|
|
Successfully added signer: alice to example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2020-04-19 09:43:08 -04:00
|
|
|
`docker trust inspect --pretty` now lists `alice` as a valid signer:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
No signatures for example/trust-demo
|
|
|
|
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
alice 05e87edcaecb
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2023-12-13 09:16:56 -05:00
|
|
|
## Initialize a new repository and add a signer
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2023-12-13 09:16:56 -05:00
|
|
|
When adding a signer on a repository for the first time, `docker trust signer add` sets up a new repository if it doesn't exist.
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
|
|
|
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
no signatures or cannot access example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2017-10-09 13:44:52 -04:00
|
|
|
$ docker trust signer add alice example/trust-demo --key alice.crt
|
2020-04-19 09:43:08 -04:00
|
|
|
|
|
|
|
Initializing signed repository for example/trust-demo...
|
|
|
|
Enter passphrase for root key with ID 748121c:
|
2020-03-15 10:11:43 -04:00
|
|
|
Enter passphrase for new repository key with ID 95b9e55:
|
|
|
|
Repeat passphrase for new repository key with ID 95b9e55:
|
|
|
|
Successfully initialized "example/trust-demo"
|
|
|
|
|
|
|
|
Adding signer "alice" to example/trust-demo...
|
2020-04-19 09:43:08 -04:00
|
|
|
Successfully added signer: alice to example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
No signatures for example/trust-demo
|
|
|
|
|
|
|
|
|
|
|
|
SIGNED TAG DIGEST SIGNERS
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
alice 6d52b29d940f
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
|
|
|
|
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2023-12-13 09:16:56 -05:00
|
|
|
## Add a signer to multiple repositories
|
|
|
|
|
2020-03-15 10:11:43 -04:00
|
|
|
To add a signer, `alice`, to multiple repositories:
|
2023-12-13 09:16:56 -05:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
SIGNED TAG DIGEST SIGNERS
|
|
|
|
v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
2021-08-21 08:54:14 -04:00
|
|
|
|
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo2
|
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
SIGNED TAG DIGEST SIGNERS
|
|
|
|
v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo2:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
2021-08-21 08:54:14 -04:00
|
|
|
|
2017-10-09 13:44:52 -04:00
|
|
|
Add `alice` to both repositories with a single `docker trust signer add` command:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2017-10-25 13:45:10 -04:00
|
|
|
$ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
|
2020-04-19 09:43:08 -04:00
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
Adding signer "alice" to example/trust-demo...
|
2020-03-15 10:11:43 -04:00
|
|
|
Enter passphrase for repository key with ID 95b9e55:
|
2017-09-26 14:46:38 -04:00
|
|
|
Successfully added signer: alice to example/trust-demo
|
|
|
|
|
|
|
|
Adding signer "alice" to example/trust-demo2...
|
2020-03-15 10:11:43 -04:00
|
|
|
Enter passphrase for repository key with ID ece554f:
|
2017-09-26 14:46:38 -04:00
|
|
|
Successfully added signer: alice to example/trust-demo2
|
|
|
|
```
|
2020-04-19 09:43:08 -04:00
|
|
|
|
|
|
|
`docker trust inspect --pretty` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo
|
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
SIGNED TAG DIGEST SIGNERS
|
|
|
|
v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
alice 05e87edcaecb
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
2020-04-19 09:43:08 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2020-04-19 09:43:08 -04:00
|
|
|
$ docker trust inspect --pretty example/trust-demo2
|
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
SIGNED TAG DIGEST SIGNERS
|
|
|
|
v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob
|
|
|
|
|
|
|
|
List of signers and their keys:
|
|
|
|
|
|
|
|
SIGNER KEYS
|
|
|
|
alice 05e87edcaecb
|
|
|
|
bob 5600f5ab76a2
|
|
|
|
|
|
|
|
Administrative keys for example/trust-demo2:
|
2020-03-15 10:11:43 -04:00
|
|
|
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
|
|
|
|
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|
|
|
|
|
2023-12-13 09:16:56 -05:00
|
|
|
`docker trust signer add` adds signers to repositories on a best effort basis.
|
|
|
|
It continues to add the signer to subsequent repositories if one attempt fails:
|
2017-09-26 14:46:38 -04:00
|
|
|
|
2021-08-21 08:54:14 -04:00
|
|
|
```console
|
2017-10-25 13:45:10 -04:00
|
|
|
$ docker trust signer add alice example/unauthorized example/authorized --key alice.crt
|
2020-04-19 09:43:08 -04:00
|
|
|
|
2017-09-26 14:46:38 -04:00
|
|
|
Adding signer "alice" to example/unauthorized...
|
|
|
|
you are not authorized to perform this operation: server returned 401.
|
|
|
|
|
|
|
|
Adding signer "alice" to example/authorized...
|
2020-03-15 10:11:43 -04:00
|
|
|
Enter passphrase for repository key with ID c6772a0:
|
2017-09-26 14:46:38 -04:00
|
|
|
Successfully added signer: alice to example/authorized
|
|
|
|
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
failed to add signer to: example/unauthorized
|
2017-09-26 14:46:38 -04:00
|
|
|
```
|