Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix API incompatibilities between notary v0.3.0 and v0.4.2: 

- some function signatures have changed - use the new ones
- re-generate the notary delegation key certs, since notary doesn't allow SHA1
- fix some error message mapping because now if a root rotation fails to validate trusted operations will fail

Signed-off-by: cyli <cyli@twistedmatrix.com>
This commit is contained in:
cyli 2016-09-28 12:49:47 -07:00
parent b2de6e55bd
commit 43d7c0ed9a
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
command/image/trust.go
View File

@ -30,13 +30,14 @@ import (
"github.com/docker/docker/reference" "github.com/docker/docker/reference"
"github.com/docker/docker/registry" "github.com/docker/docker/registry"
"github.com/docker/go-connections/tlsconfig" "github.com/docker/go-connections/tlsconfig"
"github.com/docker/notary"
"github.com/docker/notary/client" "github.com/docker/notary/client"
"github.com/docker/notary/passphrase" "github.com/docker/notary/passphrase"
"github.com/docker/notary/storage"
"github.com/docker/notary/trustmanager" "github.com/docker/notary/trustmanager"
"github.com/docker/notary/trustpinning" "github.com/docker/notary/trustpinning"
"github.com/docker/notary/tuf/data" "github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/signed" "github.com/docker/notary/tuf/signed"
"github.com/docker/notary/tuf/store"
) )
var ( var (
@ -144,7 +145,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry
} }
// Initialize the notary repository with a remotely managed snapshot key // Initialize the notary repository with a remotely managed snapshot key
if err := repo.Initialize(rootKeyID, data.CanonicalSnapshotRole); err != nil { if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil {
return notaryError(repoInfo.FullName(), err) return notaryError(repoInfo.FullName(), err)
} }
fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName()) fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName())
@ -464,7 +465,7 @@ func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryI
trustpinning.TrustPinConfig{}) trustpinning.TrustPinConfig{})
} }
func getPassphraseRetriever(streams command.Streams) passphrase.Retriever { func getPassphraseRetriever(streams command.Streams) notary.PassRetriever {
aliasMap := map[string]string{ aliasMap := map[string]string{
"root": "root", "root": "root",
"snapshot": "repository", "snapshot": "repository",
@ -554,11 +555,11 @@ func notaryError(repoName string, err error) error {
return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err) return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err)
case trustmanager.ErrKeyNotFound: case trustmanager.ErrKeyNotFound:
return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err) return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err)
case *net.OpError: case storage.NetworkError:
return fmt.Errorf("Error: error contacting notary server: %v", err) return fmt.Errorf("Error: error contacting notary server: %v", err)
case store.ErrMetaNotFound: case storage.ErrMetaNotFound:
return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err) return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err)
case signed.ErrInvalidKeyType: case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType:
return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err) return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err)
case signed.ErrNoKeys: case signed.ErrNoKeys:
return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err) return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)