2017-09-26 14:43:52 -04:00
package trust
import (
"context"
"fmt"
2017-10-25 13:45:10 -04:00
"io"
2017-09-26 14:43:52 -04:00
"os"
"path"
"regexp"
"strings"
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
2017-10-23 05:23:39 -04:00
"github.com/docker/cli/cli/command/image"
2017-09-26 14:43:52 -04:00
"github.com/docker/cli/cli/trust"
"github.com/docker/cli/opts"
2017-10-10 13:16:01 -04:00
"github.com/pkg/errors"
2017-09-26 14:43:52 -04:00
"github.com/spf13/cobra"
2017-10-30 12:21:41 -04:00
"github.com/theupdateframework/notary/client"
"github.com/theupdateframework/notary/tuf/data"
tufutils "github.com/theupdateframework/notary/tuf/utils"
2017-09-26 14:43:52 -04:00
)
type signerAddOptions struct {
keys opts . ListOpts
signer string
2017-10-25 13:45:10 -04:00
repos [ ] string
2017-09-26 14:43:52 -04:00
}
2023-11-20 11:38:50 -05:00
func newSignerAddCommand ( dockerCLI command . Cli ) * cobra . Command {
2017-09-26 14:43:52 -04:00
var options signerAddOptions
cmd := & cobra . Command {
2017-10-25 13:45:10 -04:00
Use : "add OPTIONS NAME REPOSITORY [REPOSITORY...] " ,
2017-09-26 14:43:52 -04:00
Short : "Add a signer" ,
Args : cli . RequiresMinArgs ( 2 ) ,
RunE : func ( cmd * cobra . Command , args [ ] string ) error {
options . signer = args [ 0 ]
2017-10-25 13:45:10 -04:00
options . repos = args [ 1 : ]
2023-11-20 11:38:50 -05:00
return addSigner ( dockerCLI , options )
2017-09-26 14:43:52 -04:00
} ,
}
flags := cmd . Flags ( )
options . keys = opts . NewListOpts ( nil )
2017-10-25 13:45:10 -04:00
flags . Var ( & options . keys , "key" , "Path to the signer's public key file" )
2017-09-26 14:43:52 -04:00
return cmd
}
2017-10-25 13:45:10 -04:00
var validSignerName = regexp . MustCompile ( ` ^[a-z0-9][a-z0-9\_\-]*$ ` ) . MatchString
2017-09-26 14:43:52 -04:00
2023-11-20 11:38:50 -05:00
func addSigner ( dockerCLI command . Cli , options signerAddOptions ) error {
2017-09-26 14:43:52 -04:00
signerName := options . signer
if ! validSignerName ( signerName ) {
2017-10-25 13:45:10 -04:00
return fmt . Errorf ( "signer name \"%s\" must start with lowercase alphanumeric characters and can include \"-\" or \"_\" after the first character" , signerName )
2017-09-26 14:43:52 -04:00
}
if signerName == "releases" {
return fmt . Errorf ( "releases is a reserved keyword, please use a different signer name" )
}
2017-10-25 13:45:10 -04:00
if options . keys . Len ( ) == 0 {
return fmt . Errorf ( "path to a public key must be provided using the `--key` flag" )
2017-09-26 14:43:52 -04:00
}
2017-10-25 13:45:10 -04:00
signerPubKeys , err := ingestPublicKeys ( options . keys . GetAll ( ) )
if err != nil {
return err
}
var errRepos [ ] string
for _ , repoName := range options . repos {
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Adding signer \"%s\" to %s...\n" , signerName , repoName )
if err := addSignerToRepo ( dockerCLI , signerName , repoName , signerPubKeys ) ; err != nil {
fmt . Fprintln ( dockerCLI . Err ( ) , err . Error ( ) + "\n" )
2017-10-25 13:45:10 -04:00
errRepos = append ( errRepos , repoName )
2017-09-26 14:43:52 -04:00
} else {
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Successfully added signer: %s to %s\n\n" , signerName , repoName )
2017-09-26 14:43:52 -04:00
}
}
2017-10-25 13:45:10 -04:00
if len ( errRepos ) > 0 {
linting: ST1005: error strings should not be capitalized (stylecheck)
While fixing, also updated errors without placeholders to `errors.New()`, and
updated some code to use pkg/errors if it was already in use in the file.
cli/command/config/inspect.go:59:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/node/inspect.go:61:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/secret/inspect.go:57:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Cannot supply extra formatting options to the pretty template")
^
cli/command/trust/common.go:77:74: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote)
^
cli/command/trust/common.go:85:73: ST1005: error strings should not be capitalized (stylecheck)
return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote)
^
cli/command/trust/sign.go:137:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name())
^
cli/command/trust/sign.go:151:19: ST1005: error strings should not be capitalized (stylecheck)
return *target, fmt.Errorf("No tag specified")
^
cli/command/trust/signer_add.go:77:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:52:10: ST1005: error strings should not be capitalized (stylecheck)
return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", "))
^
cli/command/trust/signer_remove.go:67:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix")
^
cli/command/trust/signer_remove.go:108:17: ST1005: error strings should not be capitalized (stylecheck)
return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName)
^
opts/hosts.go:89:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", addr)
^
opts/hosts.go:100:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr)
^
opts/hosts.go:119:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr)
^
opts/hosts.go:144:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
opts/hosts.go:155:14: ST1005: error strings should not be capitalized (stylecheck)
return "", fmt.Errorf("Invalid bind address format: %s", tryAddr)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-02 18:04:53 -04:00
return fmt . Errorf ( "failed to add signer to: %s" , strings . Join ( errRepos , ", " ) )
2017-09-26 14:43:52 -04:00
}
return nil
}
2023-11-20 11:38:50 -05:00
func addSignerToRepo ( dockerCLI command . Cli , signerName string , repoName string , signerPubKeys [ ] data . PublicKey ) error {
2017-09-26 14:43:52 -04:00
ctx := context . Background ( )
2023-11-20 11:38:50 -05:00
imgRefAndAuth , err := trust . GetImageReferencesAndAuth ( ctx , image . AuthResolver ( dockerCLI ) , repoName )
2017-09-26 14:43:52 -04:00
if err != nil {
return err
}
2023-11-20 11:38:50 -05:00
notaryRepo , err := dockerCLI . NotaryClient ( imgRefAndAuth , trust . ActionsPushAndPull )
2017-09-26 14:43:52 -04:00
if err != nil {
return trust . NotaryError ( imgRefAndAuth . Reference ( ) . Name ( ) , err )
}
if _ , err = notaryRepo . ListTargets ( ) ; err != nil {
switch err . ( type ) {
case client . ErrRepoNotInitialized , client . ErrRepositoryNotExist :
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Initializing signed repository for %s...\n" , repoName )
2017-09-26 14:43:52 -04:00
if err := getOrGenerateRootKeyAndInitRepo ( notaryRepo ) ; err != nil {
2017-10-25 13:45:10 -04:00
return trust . NotaryError ( repoName , err )
2017-09-26 14:43:52 -04:00
}
2023-11-20 11:38:50 -05:00
fmt . Fprintf ( dockerCLI . Out ( ) , "Successfully initialized %q\n" , repoName )
2017-09-26 14:43:52 -04:00
default :
2017-10-25 13:45:10 -04:00
return trust . NotaryError ( repoName , err )
2017-09-26 14:43:52 -04:00
}
}
newSignerRoleName := data . RoleName ( path . Join ( data . CanonicalTargetsRole . String ( ) , signerName ) )
2017-10-10 13:16:01 -04:00
if err := addStagedSigner ( notaryRepo , newSignerRoleName , signerPubKeys ) ; err != nil {
return errors . Wrapf ( err , "could not add signer to repo: %s" , strings . TrimPrefix ( newSignerRoleName . String ( ) , "targets/" ) )
}
2017-09-26 14:43:52 -04:00
return notaryRepo . Publish ( )
}
func ingestPublicKeys ( pubKeyPaths [ ] string ) ( [ ] data . PublicKey , error ) {
pubKeys := [ ] data . PublicKey { }
for _ , pubKeyPath := range pubKeyPaths {
2017-10-25 13:45:10 -04:00
// Read public key bytes from PEM file, limit to 1 KiB
2022-09-30 13:13:22 -04:00
pubKeyFile , err := os . OpenFile ( pubKeyPath , os . O_RDONLY , 0 o666 )
2017-09-26 14:43:52 -04:00
if err != nil {
2017-10-25 13:45:10 -04:00
return nil , errors . Wrap ( err , "unable to read public key from file" )
}
defer pubKeyFile . Close ( )
// limit to
l := io . LimitReader ( pubKeyFile , 1 << 20 )
2022-02-25 08:33:57 -05:00
pubKeyBytes , err := io . ReadAll ( l )
2017-10-25 13:45:10 -04:00
if err != nil {
return nil , errors . Wrap ( err , "unable to read public key from file" )
2017-09-26 14:43:52 -04:00
}
// Parse PEM bytes into type PublicKey
pubKey , err := tufutils . ParsePEMPublicKey ( pubKeyBytes )
if err != nil {
2017-10-25 13:45:10 -04:00
return nil , errors . Wrapf ( err , "could not parse public key from file: %s" , pubKeyPath )
2017-09-26 14:43:52 -04:00
}
pubKeys = append ( pubKeys , pubKey )
}
return pubKeys , nil
}