trust: define new commands and helpers
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>master
Riyaz Faizullabhoy
parent
f47b1a3c6d
commit
5ab3ae7aba
|
|
@ -18,6 +18,10 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
|
|||
newViewCommand(dockerCli),
|
||||
newRevokeCommand(dockerCli),
|
||||
newSignCommand(dockerCli),
|
||||
newKeyGenerateCommand(dockerCli),
|
||||
newKeyLoadCommand(dockerCli),
|
||||
newSignerAddCommand(dockerCli),
|
||||
newSignerRemoveCommand(dockerCli),
|
||||
)
|
||||
return cmd
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
)
|
||||
|
||||
const releasedRoleName = "Repo Admin"
|
||||
const releasesRoleTUFName = "targets/releases"
|
||||
|
||||
// check if a role name is "released": either targets/releases or targets TUF roles
|
||||
func isReleasedTarget(role data.RoleName) bool {
|
||||
|
|
@ -31,3 +32,13 @@ func clearChangeList(notaryRepo client.Repository) error {
|
|||
}
|
||||
return cl.Clear("")
|
||||
}
|
||||
|
||||
func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error {
|
||||
rootKey, err := getOrGenerateNotaryKey(notaryRepo, data.CanonicalRootRole)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Initialize the notary repository with a remotely managed snapshot
|
||||
// key
|
||||
return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,8 @@ var (
|
|||
ActionsPushAndPull = []string{"pull", "push"}
|
||||
)
|
||||
|
||||
func trustDirectory() string {
|
||||
// GetTrustDirectory returns the base trust directory name
|
||||
func GetTrustDirectory() string {
|
||||
return filepath.Join(cliconfig.Dir(), "trust")
|
||||
}
|
||||
|
||||
|
|
@ -172,15 +173,16 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
|
|||
tr := transport.NewTransport(base, modifiers...)
|
||||
|
||||
return client.NewFileCachedRepository(
|
||||
trustDirectory(),
|
||||
GetTrustDirectory(),
|
||||
data.GUN(repoInfo.Name.Name()),
|
||||
server,
|
||||
tr,
|
||||
getPassphraseRetriever(in, out),
|
||||
GetPassphraseRetriever(in, out),
|
||||
trustpinning.TrustPinConfig{})
|
||||
}
|
||||
|
||||
func getPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
|
||||
// GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars
|
||||
func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
|
||||
aliasMap := map[string]string{
|
||||
"root": "root",
|
||||
"snapshot": "repository",
|
||||
|
|
|
|||
Loading…
Reference in New Issue