From 43d7c0ed9af3a1ecf13c09544d664fb4ca154bc8 Mon Sep 17 00:00:00 2001 From: cyli Date: Wed, 28 Sep 2016 12:49:47 -0700 Subject: [PATCH] Fix API incompatibilities between notary v0.3.0 and v0.4.2: - some function signatures have changed - use the new ones - re-generate the notary delegation key certs, since notary doesn't allow SHA1 - fix some error message mapping because now if a root rotation fails to validate trusted operations will fail Signed-off-by: cyli --- command/image/trust.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/command/image/trust.go b/command/image/trust.go index b08bd490cb..b8de6a5245 100644 --- a/command/image/trust.go +++ b/command/image/trust.go @@ -30,13 +30,14 @@ import ( "github.com/docker/docker/reference" "github.com/docker/docker/registry" "github.com/docker/go-connections/tlsconfig" + "github.com/docker/notary" "github.com/docker/notary/client" "github.com/docker/notary/passphrase" + "github.com/docker/notary/storage" "github.com/docker/notary/trustmanager" "github.com/docker/notary/trustpinning" "github.com/docker/notary/tuf/data" "github.com/docker/notary/tuf/signed" - "github.com/docker/notary/tuf/store" ) var ( @@ -144,7 +145,7 @@ func trustedPush(ctx context.Context, cli *command.DockerCli, repoInfo *registry } // Initialize the notary repository with a remotely managed snapshot key - if err := repo.Initialize(rootKeyID, data.CanonicalSnapshotRole); err != nil { + if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil { return notaryError(repoInfo.FullName(), err) } fmt.Fprintf(cli.Out(), "Finished initializing %q\n", repoInfo.FullName()) @@ -464,7 +465,7 @@ func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryI trustpinning.TrustPinConfig{}) } -func getPassphraseRetriever(streams command.Streams) passphrase.Retriever { +func getPassphraseRetriever(streams command.Streams) notary.PassRetriever { aliasMap := map[string]string{ "root": "root", "snapshot": "repository", @@ -554,11 +555,11 @@ func notaryError(repoName string, err error) error { return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err) case trustmanager.ErrKeyNotFound: return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err) - case *net.OpError: + case storage.NetworkError: return fmt.Errorf("Error: error contacting notary server: %v", err) - case store.ErrMetaNotFound: + case storage.ErrMetaNotFound: return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err) - case signed.ErrInvalidKeyType: + case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType: return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err) case signed.ErrNoKeys: return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)