moby--moby/cli/command/trust.go

package command

import (
	"os"
	"strconv"

	"github.com/spf13/pflag"
)

var (
	// TODO: make this not global
	untrusted bool
)

// AddTrustedFlags adds content trust flags to the current command flagset
func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
	trusted, message := setupTrustedFlag(verify)
	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
}

func setupTrustedFlag(verify bool) (bool, string) {
	var trusted bool
	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
		if t, err := strconv.ParseBool(e); t || err != nil {
			// treat any other value as true
			trusted = true
		}
	}
	message := "Skip image signing"
	if verify {
		message = "Skip image verification"
	}
	return trusted, message
}

// IsTrusted returns true if content trust is enabled
func IsTrusted() bool {
	return !untrusted
}
Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-09-08 13:11:39 -04:00			`package command`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00
			`import (`
			`"os"`
			`"strconv"`

Convert 'docker run' to a cobra command and to use pflags Move container options into a struct so that tests should pass. Remove unused FlagSet arg from Parse Disable interspersed args on docker run Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-05-31 19:49:32 -04:00			`"github.com/spf13/pflag"`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00			`)`

Notary delegation integration into docker Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2015-12-18 21:47:35 -05:00			`var (`
Move image trust related cli methods into the image package. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-08-29 14:45:29 -04:00			`// TODO: make this not global`
			`untrusted bool`
Notary delegation integration into docker Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com> 2015-12-18 21:47:35 -05:00			`)`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00
Migrate pull command to cobra Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2016-06-10 06:07:23 -04:00			`// AddTrustedFlags adds content trust flags to the current command flagset`
Convert 'docker run' to a cobra command and to use pflags Move container options into a struct so that tests should pass. Remove unused FlagSet arg from Parse Disable interspersed args on docker run Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-05-31 19:49:32 -04:00			`func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {`
			`trusted, message := setupTrustedFlag(verify)`
			`fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)`
			`}`

			`func setupTrustedFlag(verify bool) (bool, string) {`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00			`var trusted bool`
Rename to flags and environment variables to content trust Update help line to allow 90 characters instead of 80 The trust flag pushes out the help description column wider, requiring more room to display help messages. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-24 04:59:42 -04:00			`if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00			`if t, err := strconv.ParseBool(e); t \|\| err != nil {`
			`// treat any other value as true`
			`trusted = true`
			`}`
			`}`
			`message := "Skip image signing"`
			`if verify {`
			`message = "Skip image verification"`
			`}`
Convert 'docker run' to a cobra command and to use pflags Move container options into a struct so that tests should pass. Remove unused FlagSet arg from Parse Disable interspersed args on docker run Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-05-31 19:49:32 -04:00			`return trusted, message`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00			`}`

Convert 'docker create' to use cobra and pflag Return the correct status code on flag parsins errors. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-06-01 01:19:13 -04:00			`// IsTrusted returns true if content trust is enabled`
			`func IsTrusted() bool {`
Use notary library for trusted image fetch and signing Add a trusted flag to force the cli to resolve a tag into a digest via the notary trust library and pull by digest. On push the flag the trust flag will indicate the digest and size of a manifest should be signed and push to a notary server. If a tag is given, the cli will resolve the tag into a digest and pull by digest. After pulling, if a tag is given the cli makes a request to tag the image. Use certificate directory for notary requests Read certificates using same logic used by daemon for registry requests. Catch JSON syntax errors from Notary client When an uncaught error occurs in Notary it may show up in Docker as a JSON syntax error, causing a confusing error message to the user. Provide a generic error when a JSON syntax error occurs. Catch expiration errors and wrap in additional context. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-15 16:42:45 -04:00			`return !untrusted`
			`}`