2017-09-26 14:43:52 -04:00
|
|
|
package trust
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/docker/cli/cli"
|
|
|
|
"github.com/docker/cli/cli/command"
|
2017-10-23 05:23:39 -04:00
|
|
|
"github.com/docker/cli/cli/command/image"
|
2017-09-26 14:43:52 -04:00
|
|
|
"github.com/docker/cli/cli/trust"
|
2017-10-25 13:13:24 -04:00
|
|
|
"github.com/pkg/errors"
|
2017-09-26 14:43:52 -04:00
|
|
|
"github.com/spf13/cobra"
|
2017-10-30 12:21:41 -04:00
|
|
|
"github.com/theupdateframework/notary/client"
|
|
|
|
"github.com/theupdateframework/notary/tuf/data"
|
2017-09-26 14:43:52 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
type signerRemoveOptions struct {
|
2017-10-10 13:16:01 -04:00
|
|
|
signer string
|
2017-10-25 13:45:10 -04:00
|
|
|
repos []string
|
2017-09-26 14:43:52 -04:00
|
|
|
forceYes bool
|
|
|
|
}
|
|
|
|
|
|
|
|
func newSignerRemoveCommand(dockerCli command.Cli) *cobra.Command {
|
|
|
|
options := signerRemoveOptions{}
|
|
|
|
cmd := &cobra.Command{
|
2017-10-25 13:45:10 -04:00
|
|
|
Use: "remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]",
|
2017-09-26 14:43:52 -04:00
|
|
|
Short: "Remove a signer",
|
|
|
|
Args: cli.RequiresMinArgs(2),
|
|
|
|
RunE: func(cmd *cobra.Command, args []string) error {
|
2017-10-10 13:16:01 -04:00
|
|
|
options.signer = args[0]
|
2017-10-25 13:45:10 -04:00
|
|
|
options.repos = args[1:]
|
2023-09-09 18:27:44 -04:00
|
|
|
return removeSigner(cmd.Context(), dockerCli, options)
|
2017-09-26 14:43:52 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
flags := cmd.Flags()
|
2017-10-25 13:45:10 -04:00
|
|
|
flags.BoolVarP(&options.forceYes, "force", "f", false, "Do not prompt for confirmation before removing the most recent signer")
|
2017-09-26 14:43:52 -04:00
|
|
|
return cmd
|
|
|
|
}
|
|
|
|
|
2023-09-09 18:27:44 -04:00
|
|
|
func removeSigner(ctx context.Context, dockerCLI command.Cli, options signerRemoveOptions) error {
|
2017-10-25 13:45:10 -04:00
|
|
|
var errRepos []string
|
|
|
|
for _, repo := range options.repos {
|
2023-11-20 11:38:50 -05:00
|
|
|
fmt.Fprintf(dockerCLI.Out(), "Removing signer \"%s\" from %s...\n", options.signer, repo)
|
2023-09-09 18:27:44 -04:00
|
|
|
if _, err := removeSingleSigner(ctx, dockerCLI, repo, options.signer, options.forceYes); err != nil {
|
2023-11-20 11:38:50 -05:00
|
|
|
fmt.Fprintln(dockerCLI.Err(), err.Error()+"\n")
|
2017-10-25 13:45:10 -04:00
|
|
|
errRepos = append(errRepos, repo)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
}
|
2017-10-25 13:45:10 -04:00
|
|
|
if len(errRepos) > 0 {
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
return errors.Errorf("error removing signer from: %s", strings.Join(errRepos, ", "))
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSignatures) (bool, error) {
|
|
|
|
var releasesRoleWithSigs client.RoleWithSignatures
|
|
|
|
for _, role := range allRoles {
|
|
|
|
if role.Name == releasesRoleTUFName {
|
|
|
|
releasesRoleWithSigs = role
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
counter := len(releasesRoleWithSigs.Signatures)
|
|
|
|
if counter == 0 {
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
return false, errors.New("all signed tags are currently revoked, use docker trust sign to fix")
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
for _, signature := range releasesRoleWithSigs.Signatures {
|
|
|
|
for _, key := range roleWithSig.KeyIDs {
|
|
|
|
if signature.KeyID == key {
|
|
|
|
counter--
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return counter < releasesRoleWithSigs.Threshold, nil
|
|
|
|
}
|
|
|
|
|
2024-02-21 10:36:17 -05:00
|
|
|
func maybePromptForSignerRemoval(ctx context.Context, dockerCLI command.Cli, repoName, signerName string, isLastSigner, forceYes bool) (bool, error) {
|
|
|
|
if isLastSigner && !forceYes {
|
|
|
|
message := fmt.Sprintf("The signer \"%s\" signed the last released version of %s. "+
|
|
|
|
"Removing this signer will make %s unpullable. "+
|
|
|
|
"Are you sure you want to continue?",
|
|
|
|
signerName, repoName, repoName,
|
|
|
|
)
|
|
|
|
removeSigner, err := command.PromptForConfirmation(ctx, dockerCLI.In(), dockerCLI.Out(), message)
|
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return removeSigner, nil
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
2018-06-09 11:14:34 -04:00
|
|
|
// removeSingleSigner attempts to remove a single signer and returns whether signer removal happened.
|
|
|
|
// The signer not being removed doesn't necessarily raise an error e.g. user choosing "No" when prompted for confirmation.
|
2023-09-09 18:27:44 -04:00
|
|
|
func removeSingleSigner(ctx context.Context, dockerCLI command.Cli, repoName, signerName string, forceYes bool) (bool, error) {
|
2023-11-20 11:38:50 -05:00
|
|
|
imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, image.AuthResolver(dockerCLI), repoName)
|
2017-09-26 14:43:52 -04:00
|
|
|
if err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
signerDelegation := data.RoleName("targets/" + signerName)
|
|
|
|
if signerDelegation == releasesRoleTUFName {
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
return false, errors.Errorf("releases is a reserved keyword and cannot be removed")
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
2023-11-20 11:38:50 -05:00
|
|
|
notaryRepo, err := dockerCLI.NotaryClient(imgRefAndAuth, trust.ActionsPushAndPull)
|
2017-09-26 14:43:52 -04:00
|
|
|
if err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, trust.NotaryError(imgRefAndAuth.Reference().Name(), err)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
delegationRoles, err := notaryRepo.GetDelegationRoles()
|
|
|
|
if err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, errors.Wrapf(err, "error retrieving signers for %s", repoName)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
var role data.Role
|
|
|
|
for _, delRole := range delegationRoles {
|
|
|
|
if delRole.Name == signerDelegation {
|
|
|
|
role = delRole
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if role.Name == "" {
|
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
|
|
|
return false, errors.Errorf("no signer %s for repository %s", signerName, repoName)
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
allRoles, err := notaryRepo.ListRoles()
|
|
|
|
if err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
|
|
|
|
2024-02-21 10:36:17 -05:00
|
|
|
isLastSigner, err := isLastSignerForReleases(role, allRoles)
|
|
|
|
if err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
2024-02-21 10:36:17 -05:00
|
|
|
|
|
|
|
ok, err := maybePromptForSignerRemoval(ctx, dockerCLI, repoName, signerName, isLastSigner, forceYes)
|
|
|
|
if err != nil || !ok {
|
|
|
|
fmt.Fprintf(dockerCLI.Out(), "\nAborting action.\n")
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := notaryRepo.RemoveDelegationKeys(releasesRoleTUFName, role.KeyIDs); err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
2024-02-21 10:36:17 -05:00
|
|
|
if err := notaryRepo.RemoveDelegationRole(signerDelegation); err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
2024-02-21 10:36:17 -05:00
|
|
|
if err := notaryRepo.Publish(); err != nil {
|
2018-06-05 19:04:41 -04:00
|
|
|
return false, err
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|
2018-06-05 19:04:41 -04:00
|
|
|
|
2023-11-20 11:38:50 -05:00
|
|
|
fmt.Fprintf(dockerCLI.Out(), "Successfully removed %s from %s\n\n", signerName, repoName)
|
2018-06-08 12:21:36 -04:00
|
|
|
|
2018-06-05 19:04:41 -04:00
|
|
|
return true, nil
|
2017-09-26 14:43:52 -04:00
|
|
|
}
|